stealc | de01413f03f6d36b4869bf9fc14276d1fb50de291d3ca22f5922696bc57e9f47

Analysis

max time kernel
122s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16-10-2023 06:19

Target

jpg.exe
Size

15.9MB
MD5

0b5c5dc081a7e01b760181c5b1ae3547
SHA1

54621ef8e008778cb9cd71558ee4c5352c1a18f6
SHA256

de01413f03f6d36b4869bf9fc14276d1fb50de291d3ca22f5922696bc57e9f47
SHA512

45240b65e27bc151aaa53e8d6d708a350d05090cd42b061d463a05ca2c82204f56bb4c8a2e7e753c8b863d2275de282e74e8ca556f3d4df8512d69303aa4775a
SSDEEP

393216:IthzQ0/bbd5zOAiIpXT1vQylqq9eWTwFLPqQ7Rc3gE9sdMC:u7/bbd5CgpXTtTVeL7RBa

Score

10^/10

stealc stealer

Family

stealc

http://91.212.166.95

Attributes

rc4.plain

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 2264	2220	jpg.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2708	2264	WerFault.exe	28

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2220 wrote to memory of 2264	2220	jpg.exe	28
PID 2264 wrote to memory of 2708	2264	jpg.exe	29
PID 2264 wrote to memory of 2708	2264	jpg.exe	29
PID 2264 wrote to memory of 2708	2264	jpg.exe	29
PID 2264 wrote to memory of 2708	2264	jpg.exe	29

memory/2220-11-0x0000000074600000-0x0000000074CEE000-memory.dmp

Filesize
6.9MB

Download
memory/2220-1-0x0000000000320000-0x0000000001312000-memory.dmp

Filesize
15.9MB

Download
memory/2220-2-0x0000000005240000-0x0000000005280000-memory.dmp

Filesize
256KB

Download
memory/2220-3-0x00000000090C0000-0x000000000A01A000-memory.dmp

Filesize
15.4MB

Download
memory/2220-0-0x0000000074600000-0x0000000074CEE000-memory.dmp

Filesize
6.9MB

Download
memory/2264-4-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-5-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-6-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-7-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2264-10-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-13-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download
memory/2264-15-0x00000000000F0000-0x000000000031D000-memory.dmp

Filesize
2.2MB

Download