growtopia | c2b88dcf9ac7f6dc3d41e1e4c2f2376886ae60c456d5e4ff51049edc39046dd4

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 03:35

Target

5a2b1ad3d3c828f03da52e4b0749c341.exe
Size

28.0MB
MD5

5a2b1ad3d3c828f03da52e4b0749c341
SHA1

9b658b5595b547a488208aceed71726a25e9e1e5
SHA256

c2b88dcf9ac7f6dc3d41e1e4c2f2376886ae60c456d5e4ff51049edc39046dd4
SHA512

8bab42d5597ba0a17f479e203265b19e85b948851611a4734dd1ea7498934c1908a6f04d427e15e9e22d6f24db98772e9d3d68809e8cfa9f039a0f5fde5084fa
SSDEEP

393216:IjazfFNKd6Q1m3ihIHi2xKAJUz2O6y94ruE3t1c8cTNjcy0Zh275H3P6I43ZpBWK:IubFK2q2xzxZpVdExoaVSI4rBF

Score

10^/10

growtopia stealer

Growtopia
Growtopa is an opensource modular stealer written in C#.
stealer growtopia

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2740	2176	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2740	2176	5a2b1ad3d3c828f03da52e4b0749c341.exe	28
PID 2176 wrote to memory of 2740	2176	5a2b1ad3d3c828f03da52e4b0749c341.exe	28
PID 2176 wrote to memory of 2740	2176	5a2b1ad3d3c828f03da52e4b0749c341.exe	28
PID 2176 wrote to memory of 2740	2176	5a2b1ad3d3c828f03da52e4b0749c341.exe	28

C:\Users\Admin\AppData\Local\Temp\5a2b1ad3d3c828f03da52e4b0749c341.exe
"C:\Users\Admin\AppData\Local\Temp\5a2b1ad3d3c828f03da52e4b0749c341.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 800
  2⤵
  - Program crash
  PID:2740

memory/2176-0-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/2176-1-0x0000000000D20000-0x00000000046BC000-memory.dmp

Filesize
57.6MB

Download
memory/2176-2-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download
memory/2176-3-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download
memory/2176-4-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download
memory/2176-5-0x000000000CFE0000-0x000000000DE6C000-memory.dmp

Filesize
14.5MB

Download
memory/2176-6-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/2176-7-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download
memory/2176-8-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download
memory/2176-9-0x000000000CB00000-0x000000000CB40000-memory.dmp

Filesize
256KB

Download