mystic | ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3

Analysis

max time kernel
128s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 12:08

Target

ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe
Size

371KB
MD5

224cbb0963881845b9b4efda3c0d1fd0
SHA1

ea372b91f87048d901826655fd79f318ddaa5aca
SHA256

ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3
SHA512

ed02982ed94185f157d5078d40239a599ffb755a36e42b67e127ec52ef518514f135b24b73f4d8ebc31810dd943746b676e2338d33e8476ddc21c1ef6d6e0536
SSDEEP

6144:8avJm09zORs+z/TMify9DAO8gQcR2eoCoqB8hPGCuTyW87vXDv2yr38/:8qw09CK5NHzG5bhPGCuTyW87vXDt8/

Score

10^/10

mystic stealer

Detect Mystic stealer payload 5 IoCs

resource	yara_rule
behavioral2/memory/2920-0-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/2920-1-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/2920-2-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/2920-3-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/2920-4-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3780 set thread context of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 844	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	83
PID 3780 wrote to memory of 844	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	83
PID 3780 wrote to memory of 844	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	83
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86
PID 3780 wrote to memory of 2920	3780	ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe
"C:\Users\Admin\AppData\Local\Temp\ee6f1087dbb4b3989628a64deab685d2f18f90d63dea2ab78b8d0132543c4cd3_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:844
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2920

memory/2920-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2920-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2920-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2920-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2920-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download