stealc | 960a43b21bdcaf277263b9c6538a176fb3d7d47cf2d7219095614d5c88fed5c5 | Triage

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 18:54

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

306KB
MD5

f570c6c7954daa0427491d1b9c1acf7a
SHA1

a60a240037de1af62d266ee7ad4eb30fb8292238
SHA256

960a43b21bdcaf277263b9c6538a176fb3d7d47cf2d7219095614d5c88fed5c5
SHA512

694bfa4a3faaeeebe4f990d0f9142bab330943f8573c63c7372c0d0186bf2e4cb3ed9ea3c51de801d9cae4954a3f18ac9185a03ca62cc75ae6d6cd2b0444656b
SSDEEP

3072:kQCYQcG3RtdQ0d5svepECYn+APxaGo90t8KH+jQ7JS6vPHFlAy41Fe8wTgzdZx0L:kskdhebn60NH+jQ7o4tFtI0I

Score

10^/10

stealc stealer

Malware Config

Signatures

Stealc
Stealc is an infostealer written in C++.
stealer stealc

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2100	4512	WerFault.exe	85

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
PID:4512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 1296
  2⤵
  - Program crash
  PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4512 -ip 4512
1⤵
PID:3572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4512-2-0x0000000002ED0000-0x0000000002EF7000-memory.dmp

Filesize
156KB

Download
memory/4512-1-0x0000000002F90000-0x0000000003090000-memory.dmp

Filesize
1024KB

Download
memory/4512-3-0x0000000000400000-0x0000000002D2B000-memory.dmp

Filesize
41.2MB

Download
memory/4512-4-0x0000000000400000-0x0000000002D2B000-memory.dmp

Filesize
41.2MB

Download