mystic | e5144b44582feaade16daf9358b2ac4425168c60c3c28c3bba34b5ede694855e

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2023 07:08

Target

NEAS.b2e919a07e50d36e772d63feb905a130.exe
Size

319KB
MD5

b2e919a07e50d36e772d63feb905a130
SHA1

981a38f534f399bb71afc5ab86952a3ba85fffd6
SHA256

e5144b44582feaade16daf9358b2ac4425168c60c3c28c3bba34b5ede694855e
SHA512

18039854bc2bf10b9d6e58de5acee38c32aedf07bb683a96c5a1fe3d706625b147afe202b10f79061e324d89d94c30c02f5293783790a2b297d3fe90243e2949
SSDEEP

6144:x9PgXtnEpBXYKEjf5FaZwHjptYGsv7fxbXa8/DSPr/4L:x9PgXtnGY5FaULYhrSPr/i

Score

10^/10

mystic stealer

Detect Mystic stealer payload 5 IoCs

resource	yara_rule
behavioral2/memory/3536-0-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/3536-2-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/3536-1-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/3536-3-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/3536-4-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 432 set thread context of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88
PID 432 wrote to memory of 3536	432	NEAS.b2e919a07e50d36e772d63feb905a130.exe	88

C:\Users\Admin\AppData\Local\Temp\NEAS.b2e919a07e50d36e772d63feb905a130.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b2e919a07e50d36e772d63feb905a130.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3536

memory/3536-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3536-2-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3536-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3536-3-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3536-4-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download