Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-03-2024 13:11
General
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
23563d0708832f0ee177f36f2c1b610e
-
SHA1
4641b6ce3af6d9ca8c89848b3aa3e6a505cf9959
-
SHA256
02f2a7c06f214fc99f2591185645edab1fde2b7930b1a997b98b0dc397728051
-
SHA512
f9a1712a0fee47fecfc22013b0094f14fde9f861230bdf8f91c6587ad4e753b209a6e2736e3c1c756362b28d80f697fd858130de7c39cf2cbddc9b89d2b9455e
-
SSDEEP
1536:l0xqOg+xpqBJlMstbo88jLQQcXf9qS0VL+LRheB:lqr/+bo88PiXX0L+LRc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\cstealer.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cstealer.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cstealer.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53bd527bf8d42db1cb384fda61205317d
SHA172fb0649b6c198862c778fcdb72439e487d12a03
SHA2566a7322698c7e685e92a0086c4f4359c2d842ab9f9da23c76545700c3626b74e1
SHA5121ad57c63a37a832e72ff9ba6fc17718f9d454be8119a099c0e170b63fefa85ca1eb928473627c5a24c473751d612b0caa3ac3d0130b232cc3674b4327db7b6ed