mystic | 8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14-10-2023 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe
Size

342KB
MD5

fc27175b8ed423703eed6bcc9366e31a
SHA1

a16c2a64d10756d9d8f5f717182ca9052ef5bd77
SHA256

8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389
SHA512

c2e36a33c0f7fc7d93c2c834155cbba74317e7d65c8810413fe68f0fff04b03f09df76132ab1edbde6c5a4d1fe442f06719eefdf588184ef1c4f63844cc713db
SSDEEP

6144:jl+iKL/yfYb5B+BO99c0s0ZVtAOFgNtSE1vICRupZF7GHsIJQsFE9:Z+//yfYb5BIQZVtTgS6ICwWsIJK9

Score

10^/10

mystic stealer

Malware Config

Signatures

Detect Mystic stealer payload 8 IoCs

resource	yara_rule
behavioral1/memory/2748-13-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-10-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-8-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-6-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-15-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-17-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-18-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2748-19-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic

Mystic
Mystic is an infostealer written in C++.
stealer mystic

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2972 set thread context of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 3020	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	29
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2388	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	30
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2608	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	31
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2720	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	32
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33
PID 2972 wrote to memory of 2748	2972	8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe	33

C:\Users\Admin\AppData\Local\Temp\8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe
"C:\Users\Admin\AppData\Local\Temp\8eaeac2b9031cf0999340bae87dd872be22b71363e1345d7810f069219b5c389.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3020
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2388
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2608
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2720
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2748-13-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-12-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2748-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-8-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-15-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-17-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-18-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2748-19-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads