Overview

overview

10

Static

static

3

dcda132b62...JC.exe

windows7-x64

10

dcda132b62...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 12:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcda132b6230809b65aa53fc7ac3b5ea6b0b706c4ce1cc2f303821fbd348e964_JC.exe

  • Size

    365KB

  • MD5

    0ee869d07fbe3dcd00790b0009f84427

  • SHA1

    ae7479eaeff8a938afb6376b2c8e4e2af807a3ad

  • SHA256

    dcda132b6230809b65aa53fc7ac3b5ea6b0b706c4ce1cc2f303821fbd348e964

  • SHA512

    f52b66fe92b3960e08935128183f986c0439f76d263718c23bce456f9f55b83c884e0cb364e273adc9756fbbf9e48ccf875b1e16e84ef9376ad9ba4b6662ea75

  • SSDEEP

    6144:zbtjEY2jicP5iOo2T8VrSd/sUAOhUlNOt/DliduKb4FCpBn9xo1Sa:zbt1qiG59ouLUirMdumHp/+1Sa

Score
10/10
mysticstealer

Malware Config

Signatures

  • Detect Mystic stealer payload 5 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcda132b6230809b65aa53fc7ac3b5ea6b0b706c4ce1cc2f303821fbd348e964_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\dcda132b6230809b65aa53fc7ac3b5ea6b0b706c4ce1cc2f303821fbd348e964_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:4356
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:4664

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4664-0-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4664-1-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4664-2-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4664-3-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download

      • memory/4664-4-0x0000000000400000-0x0000000000428000-memory.dmp

        Filesize

        160KB

        Download