Analysis
-
max time kernel
131s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
01-03-2024 18:39
General
-
Target
Mars_Stealer_cracked_by_LLCPPC.exe
-
Size
93KB
-
MD5
ad4e2f3c8410aa7408fe3dda19a5db67
-
SHA1
0cefc167932d7d037889923536f061d4c64ee38b
-
SHA256
0d4c0d403392a31a1a2ab7b9b478ea3a89cdb14c862990a290ef20adec03437b
-
SHA512
0a191d63b7a40e4c8cf94a34ec2dceec55ca259837a31106fc6f44885a7992fd0ccab019e7122f9ed95efe7f05460354895be0a22c74230949ad874787a78ba1
-
SSDEEP
1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUQ3jy0:gWTHVn8TXvc4O3CFvlaSED1P7j/
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mars_Stealer_cracked_by_LLCPPC.exe"C:\Users\Admin\AppData\Local\Temp\Mars_Stealer_cracked_by_LLCPPC.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 13442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1548 -ip 15481⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4084-1-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-2-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-3-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-7-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-8-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-9-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-10-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-11-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-12-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB
-
memory/4084-13-0x0000028C034F0000-0x0000028C034F1000-memory.dmpFilesize
4KB