fce4891d0ca542d32448ba0d79fe853654cbd7eeb81768ac36cb0316609ea8a0 | Triage

Analysis

max time kernel
140s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20231128-en
resource tags

arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system
submitted
11/12/2023, 23:48

Sharing

Report Analysis Logs

General

Target

Creal-Stealer-main/builder.bat
Size

56B
MD5

001b0fde2e65ae4f8fa280ccdb746c93
SHA1

6f3ad8b217f090c0a37ae21ee6f0065e58635771
SHA256

06c326475f195707960159fd70e759bbba1f8b638fb4f749bad68fbb0b728aa2
SHA512

de065f3c04647f572bc8436c5aacd400956954bec23dcad8db2ddfe2689c37bb2ba0221e84ce11e826c9f9efc43d1782ccd28e76c9c25fba3e277f1b694c781a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 1180	4488	cmd.exe	78
PID 4488 wrote to memory of 1180	4488	cmd.exe	78
PID 4488 wrote to memory of 1180	4488	cmd.exe	78

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Creal-Stealer-main\builder.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python builder.py
  2⤵
  PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
490B

MD5
5f767a82adbd66019d2208b761e950a6

SHA1
6e8a554d5648f3c75c442b5326b016294734b612

SHA256
3e4be22b7e9586a84df408ff2eeda43e169506805aaaadaa96cb22e26899501c

SHA512
1873e0bdf3a54add247e7e59c75f136d35e86be5587c0e8c6a31598c4289b80af150c8e13fbd2c3b660d828e08336453db2259918e2b4f7140a858d6a9cfabbd

Download Submit