330443e86efd23fd22c62a1fb09b86e1caa94e017bab089a92fb41e28ae9ceac | Triage

Analysis

max time kernel
85s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 20:42

Sharing

Report Analysis Logs

General

Target

Creal-Stealer-main/builder.bat
Size

57B
MD5

c856a1995fa86d5bf3dde2a2de732d93
SHA1

21de21d0ea29ffb9f3061b5d81116408dd228cb8
SHA256

23fb3df8dca77c02ab3d76013b6e12a2a1fda1a93ef675211c77df9ec6ce39bd
SHA512

793fb9e4d8b146a4e8d6e0dfa2d756ade17143420215f6b10646758bff39df964f6fa29761b4c6755dac7d1f8aea81152ac615d5b91bcea6018f997d0ecb5715

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 764	3120	cmd.exe	80
PID 3120 wrote to memory of 764	3120	cmd.exe	80
PID 3120 wrote to memory of 764	3120	cmd.exe	80

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Creal-Stealer-main\builder.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python builder.pyw
  2⤵
  PID:764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads