mystic | eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3

Analysis

max time kernel
124s
max time network
167s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe
Size

700KB
MD5

d02b17eb49530ae5d5c0382033d4e7fc
SHA1

3f4e8983c9aa9b94f6cb36d2cc4ac4037a61d0eb
SHA256

eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3
SHA512

6ffdcab58dc049b20fd6949000696409cf67054baa92428ed763992b0bf64505a029fb986b96141c448cca71e3507b36f27cc8d09f31c69631c49a5946fae04a
SSDEEP

6144:P6vGALXgBEIy8wluzNcq/PVucQpsc5F6hFkHQQYvmhYG0FWGrKvfr:iHXgFysVucQpsmFJzYG0For

Score

10^/10

mystic stealer

Malware Config

Extracted

Family

mystic

http://5.42.92.211/loghub/master

Signatures

Mystic
Mystic is an infostealer written in C++.
stealer mystic

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2252 set thread context of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	2252	WerFault.exe	23

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2648	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	28
PID 2252 wrote to memory of 2896	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	29
PID 2252 wrote to memory of 2896	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	29
PID 2252 wrote to memory of 2896	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	29
PID 2252 wrote to memory of 2896	2252	eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe	29

C:\Users\Admin\AppData\Local\Temp\eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe
"C:\Users\Admin\AppData\Local\Temp\eaf619dd91b9e35cf1c4b72e4a2e83433ca887cbe9978f5da0f0dd47cfa731c3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 92
  2⤵
  - Program crash
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-8-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2648-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-14-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2648-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads