growtopia | 68698ea23df40912c2a58b909e440f235b30a11a638c3489c54b0e7499ce9f05

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdff58dd01e04e8717c84790a704048e.exe
Size

28.0MB
MD5

cdff58dd01e04e8717c84790a704048e
SHA1

e3982a7a9c68bc3c1b065c6c285944b9870b8f0d
SHA256

68698ea23df40912c2a58b909e440f235b30a11a638c3489c54b0e7499ce9f05
SHA512

b2165a389e40dcb613dcc447d58cbe1c4c24f0db7d9824dea2b48feda006d10b65a9f4a9c3b289d6af641453bc91e2dfd8b048e277245d48c2827eb4677427ad
SSDEEP

786432:7pPP4FMWcNEqcYQkvvprmHgfMjqUe7bgjUME:dPP4ejNN7pnpruuMjqPbgE

Score

10^/10

growtopia stealer

Malware Config

Signatures

Growtopia
Growtopa is an opensource modular stealer written in C#.
stealer growtopia

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
1056	2960	WerFault.exe	89

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description	pid	Process
Token: SeManageVolumePrivilege	5024	svchost.exe

C:\Users\Admin\AppData\Local\Temp\cdff58dd01e04e8717c84790a704048e.exe
"C:\Users\Admin\AppData\Local\Temp\cdff58dd01e04e8717c84790a704048e.exe"
1⤵
PID:2960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 1324
  2⤵
  - Program crash
  PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2960 -ip 2960
1⤵
PID:520

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2960-0-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/2960-1-0x00000000000A0000-0x0000000003A40000-memory.dmp

Filesize
57.6MB

Download
memory/2960-2-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

Filesize
64KB

Download
memory/2960-3-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

Filesize
64KB

Download
memory/2960-4-0x000000000A6C0000-0x000000000A6D0000-memory.dmp

Filesize
64KB

Download
memory/2960-5-0x00000000085E0000-0x000000000946C000-memory.dmp

Filesize
14.5MB

Download
memory/2960-6-0x00000000749C0000-0x0000000075170000-memory.dmp

Filesize
7.7MB

Download
memory/5024-7-0x0000023C7B040000-0x0000023C7B050000-memory.dmp

Filesize
64KB

Download
memory/5024-23-0x0000023C7B140000-0x0000023C7B150000-memory.dmp

Filesize
64KB

Download
memory/5024-39-0x0000023C7F6D0000-0x0000023C7F6D1000-memory.dmp

Filesize
4KB

Download
memory/5024-40-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-41-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-42-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-43-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-44-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-45-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-46-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-47-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-48-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-49-0x0000023C7F700000-0x0000023C7F701000-memory.dmp

Filesize
4KB

Download
memory/5024-50-0x0000023C7F320000-0x0000023C7F321000-memory.dmp

Filesize
4KB

Download
memory/5024-51-0x0000023C7F310000-0x0000023C7F311000-memory.dmp

Filesize
4KB

Download
memory/5024-53-0x0000023C7F320000-0x0000023C7F321000-memory.dmp

Filesize
4KB

Download
memory/5024-56-0x0000023C7F310000-0x0000023C7F311000-memory.dmp

Filesize
4KB

Download
memory/5024-59-0x0000023C7F250000-0x0000023C7F251000-memory.dmp

Filesize
4KB

Download
memory/5024-71-0x0000023C7F450000-0x0000023C7F451000-memory.dmp

Filesize
4KB

Download
memory/5024-73-0x0000023C7F460000-0x0000023C7F461000-memory.dmp

Filesize
4KB

Download
memory/5024-74-0x0000023C7F460000-0x0000023C7F461000-memory.dmp

Filesize
4KB

Download
memory/5024-75-0x0000023C7F570000-0x0000023C7F571000-memory.dmp

Filesize
4KB

Download