Overview

overview

10

Static

static

3

The Summer Waifu.exe

windows7-x64

10

The Summer Waifu.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    72s
  • max time network
    76s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The Summer Waifu.exe

  • Size

    5.7MB

  • MD5

    efe42e097392ba07bdbc1b30ed12f46f

  • SHA1

    6e67c0ce64661b8f12c453d182fadcf9b81225b8

  • SHA256

    9d15283240ff79899aeb0f2866c51b75d953e5c04a8069397734a3cb6aef87af

  • SHA512

    87147c5b0a5016d5a6f36e980cf294880a78ca3b3491ca1e90bd5664f3d6405da4259ae486544f7b355cf6e29eeb80273336b9f2fbb5928730eda3584b8a1005

  • SSDEEP

    12288:MPZV/cS4H8+Gc8DWKwJa8JdrBoyvCRH96m2iii2Tc:MRV2iWih

Score
10/10
marsstealerdefaultstealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Signatures

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\The Summer Waifu.exe
    "C:\Users\Admin\AppData\Local\Temp\The Summer Waifu.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Admin\AppData\Roaming\Identities\CKTI.exe
      "C:\Users\Admin\AppData\Roaming\Identities\CKTI.exe"
      2⤵
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Identities\CKTI.exe
    Filesize

    159KB

    MD5

    ccbede8d2869535347316a479f0b8095

    SHA1

    1dd0e7574972260c77ca90638950d83c7b00d8f2

    SHA256

    afae663cab910a67e7fb519797ff385926b77ee59fa0e96e1853318146d2e179

    SHA512

    9a0de846ced51215948a16300aec8aeb7cf0ef5c0005a3cb661fc27e85b5d25b3b3278e7c91fbedc9d0a1ec686fdcd8ff07f35b39931a7c28c8b2139dabf4456

    Download Submit
  • memory/2172-13-0x0000000000400000-0x000000000043D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2456-0-0x0000000001190000-0x0000000001204000-memory.dmp
    Filesize

    464KB

    Download
  • memory/2456-1-0x0000000074D00000-0x00000000753EE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2456-2-0x0000000004EA0000-0x0000000004EE0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2456-14-0x0000000000C50000-0x0000000000C8D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2456-15-0x0000000074D00000-0x00000000753EE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2456-12-0x0000000000C50000-0x0000000000C8D000-memory.dmp
    Filesize

    244KB

    Download