Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 06:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    294KB

  • MD5

    84f5cf1328977d37c0277589dd92921a

  • SHA1

    38b95eb98a6f6a7cb8950aac01861e924def0bb4

  • SHA256

    4696940104e0afb7e75830241457db1b6f2c9e54b498afb2d3c5f3b0eb0d564b

  • SHA512

    b09a1518f75767440ebfd0bf77079cc6c63288c8230f4398a6b0b850b9c6c60b22c317c9dc9bdedb6a272b1648b6524cc733aa7a74475c7e7a100d1d760dd3dc

  • SSDEEP

    3072:SKCXgprSm/dJnNxHEDKl24dAxZ56gzGVvuPr47iMP+udjVlg87dB:7CgBS2fxHS6246xZ56YQuDJi+utng8Z

Score
10/10
stealcstealer

Malware Config

Extracted

Family

stealc

C2

http://bryanzachary.top

Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
      PID:3868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 340
        2⤵
        • Program crash
        PID:4048
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3868 -ip 3868
      1⤵
        PID:1284

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3868-1-0x0000000000A00000-0x0000000000B00000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/3868-2-0x0000000000980000-0x000000000099B000-memory.dmp

              Filesize

              108KB

              Download

            • memory/3868-3-0x0000000000400000-0x0000000000717000-memory.dmp

              Filesize

              3.1MB

              Download

            • memory/3868-4-0x0000000000400000-0x0000000000717000-memory.dmp

              Filesize

              3.1MB

              Download

            • memory/3868-5-0x0000000000980000-0x000000000099B000-memory.dmp

              Filesize

              108KB

              Download