Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f50039adbb8ce6d7d634f6cd6d2c11ced94ede886907a48eafa0be520cda0743.exe

  • Size

    300KB

  • MD5

    543c85c3c3e7b820edf671f3979863b4

  • SHA1

    7b297dd70156c148021f4d43a46d0e49a66e7d52

  • SHA256

    f50039adbb8ce6d7d634f6cd6d2c11ced94ede886907a48eafa0be520cda0743

  • SHA512

    02db560a5fdb9e86609e91b995aedc4e6a41196758d42d931dd575cbca05c0d8404938f474e754c00e98eeed65a473303db5c8dd95cdc1ad602ad96142f602fe

  • SSDEEP

    3072:jdzC70cv07kb++PuNmoZh61tn2b+bWmeV7xtkPs+M9159xZGr050wHTHxegpG:KFTbYoIhM2b+bsWE+M9XHZGrW0wHTH

Score
10/10
stealcstealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.23

Attributes
  • url_path

    /f993692117a3fda2.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f50039adbb8ce6d7d634f6cd6d2c11ced94ede886907a48eafa0be520cda0743.exe
    "C:\Users\Admin\AppData\Local\Temp\f50039adbb8ce6d7d634f6cd6d2c11ced94ede886907a48eafa0be520cda0743.exe"
    1⤵
      PID:1312
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 1032
        2⤵
        • Program crash
        PID:2216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1312 -ip 1312
      1⤵
        PID:4044

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1312-1-0x0000000001C90000-0x0000000001D90000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1312-2-0x0000000003770000-0x0000000003797000-memory.dmp

        Filesize

        156KB

        Download

      • memory/1312-3-0x0000000000400000-0x0000000001A16000-memory.dmp

        Filesize

        22.1MB

        Download

      • memory/1312-4-0x0000000000400000-0x0000000001A16000-memory.dmp

        Filesize

        22.1MB

        Download

      • memory/1312-5-0x0000000003770000-0x0000000003797000-memory.dmp

        Filesize

        156KB

        Download