Overview

overview

10

Static

static

10

956a768208...92.exe

windows7-x64

10

956a768208...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-02-2024 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    956a768208ff48981465018d86d3c592.exe

  • Size

    15KB

  • MD5

    956a768208ff48981465018d86d3c592

  • SHA1

    a4ec75f3ae2ab4c5880faefcd3b7c78bb906aa2f

  • SHA256

    8d9f9bd5bfebfd5ca156a898cc21240d767aea11c8943d34760b05bdff586387

  • SHA512

    9f69e1eeed79687e14ca674ff2dc7d82e08648e6e726ad3779fc9f0d576ba4bb4eec05803f3fe377b5e71705178aa5c191430ff56239f60499ddda88eeb33656

  • SSDEEP

    192:IGVSJrJf+Bm72P4WOnefWRjyShQSPDSFa/rtKI89Wo7rFysFMIT:pYdh+BeSON2ShQSPDSUzth8957rFviI

Score
10/10
growtopiastealer

Malware Config

Extracted

Family

growtopia

C2

https://discord.com/api/webhooks/874247640320204820/3B1X1K91RjBXiE1hDnhrKls4Ih9fE6Ge_n0uYQTa2cOY8SZ1MifX9KsVxzk4U4MVBNnJ

Attributes
  • payload_url

    https://cdn.discordapp.com/attachments/858108963778199552/872458910047559681/savedecoder.exe

Signatures

  • Growtopia

    Growtopa is an opensource modular stealer written in C#.

    stealergrowtopia
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\956a768208ff48981465018d86d3c592.exe
    "C:\Users\Admin\AppData\Local\Temp\956a768208ff48981465018d86d3c592.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 640
      2⤵
      • Program crash
      PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2084-0-0x0000000001290000-0x000000000129A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2084-1-0x0000000074910000-0x0000000074FFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2084-2-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2084-3-0x0000000074910000-0x0000000074FFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2084-4-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB

    Download