mystic | a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534

Analysis

max time kernel
58s
max time network
92s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 07:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe
Size

700KB
MD5

28950b7c159b4ea07c7ec14fed6e5d78
SHA1

b28b9d7b2205416e629dcc505cde9a489cb3ec14
SHA256

a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534
SHA512

b8fa04d5395003668554d3f88d981fcf80ffcd85d8e90666b2532fdfc852e03e638569ed5fffd9f91a372c803a0c8c7be24408e226e7176550c37b9d3e9754a9
SSDEEP

12288:ntmg6iqVucQ5HFLcKMvOF+k0fWU/nZMBf7b25z:ogwcLDlOfWU/mW

Score

10^/10

mystic stealer

Malware Config

Extracted

Family

mystic

http://5.42.92.211/loghub/master

Signatures

Mystic
Mystic is an infostealer written in C++.
stealer mystic

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2644 set thread context of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	2644	WerFault.exe	2

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2780	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	30
PID 2644 wrote to memory of 2312	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	31
PID 2644 wrote to memory of 2312	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	31
PID 2644 wrote to memory of 2312	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	31
PID 2644 wrote to memory of 2312	2644	a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe	31

C:\Users\Admin\AppData\Local\Temp\a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe
"C:\Users\Admin\AppData\Local\Temp\a4f30b5c953098f0357d6405f1b620b45acc2a4fb7ca4c86921f890390fbc534.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 92
  2⤵
  - Program crash
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2780-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-9-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-8-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2780-11-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-14-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads