Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 07:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    908KB

  • MD5

    a39e40963c6dd0f0731c447d98a4b67f

  • SHA1

    e6b5980deea1d36f91b7d9863cc562c9fa843051

  • SHA256

    676ec587aca9ddec64b732ac7f1b36938ff6eabd06cde4e5828836211391198d

  • SHA512

    87f51ef2a658b7629420f4376e6fc076431187f2fe31aacecb0ceb6b7e1f25dced884816cb73af617d09f22332512ead8b05b610267e5846c2cf053e7767544f

  • SSDEEP

    12288:AKWO/f+XtZqyMok4Dd1iga/fOYwewK8ZHkKMSubove3tuzv4Q:5f+XtZqyMokQiN7wew0iesr

Score
10/10
povertystealerstealer

Malware Config

Signatures

  • Detect Poverty Stealer Payload 9 IoCs
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

    stealerpovertystealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3696
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:1068
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
          2⤵
          • Program crash
          PID:4996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3152 -ip 3152
        1⤵
          PID:3052

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1068-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-2-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-3-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-4-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-6-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-9-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1068-7-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-10-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-12-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1068-13-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1068-14-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download