Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 13:16

General

  • Target

    2720-16-0x0000000000400000-0x0000000000711000-memory.exe

  • Size

    3.1MB

  • MD5

    77d11816d68bf38de4de2d98ecfa1673

  • SHA1

    bd60da4f91cd73b1c713b9c58d5fe7a0ad49ba1d

  • SHA256

    d10851170a9478522aa307d4e4a004cee2b56578ba8a439175dc0e10635babdf

  • SHA512

    53af5af0ba633fa010a85f70775b3422a99ea2802e98c48dd1ba92a1979140d494d9c7df12ab613f997813ca5bcc8c1a9f31c6a2ab8ce139e4919bf9e8e50cf2

  • SSDEEP

    3072:KwZx7tPwbpTK8Q5Uzf4JElJvIT4DZeeRqTNJ4:bZ1xwbJKAzAElJA8M064

Score
10/10

Malware Config

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2720-16-0x0000000000400000-0x0000000000711000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2720-16-0x0000000000400000-0x0000000000711000-memory.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 36
      2⤵
      • Program crash
      PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2020-0-0x0000000000400000-0x000000000062D000-memory.dmp

    Filesize

    2.2MB