stealc | 716b19201a3109a3fb15b0401cb86a9be6df726c8b3a1a1c88cefb445457966b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 20:12

Target

file.exe
Size

359KB
MD5

b898ced2e152060f5770f1c6337006f6
SHA1

b607705b76412adecc350bd38994d94ca3870f5a
SHA256

716b19201a3109a3fb15b0401cb86a9be6df726c8b3a1a1c88cefb445457966b
SHA512

4abd4a0c23f8d92c722246cab49797a840ebfd3cd4b900ba310ff243c529149b887620cfee3241c1605e1ae5dab501ee17a8d4de0634c8c52792677b107029a7
SSDEEP

6144:YSgQdkTUGJXOjv5o1SDQadvOKfj7RG77sxEPqwt4vg51O+CNkvtPUavkb3eXr:1gSkTUGRODeaMKLtGfWLwCvRk1PJoeXr

Score

10^/10

Detect Vidar Stealer 1 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000EF0000-0x0000000000F4E000-memory.dmp	family_vidar_v7

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2320 3028 WerFault.exe file.exe

pid	pid_target	process	target process
2320	3028	WerFault.exe	file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 3028 wrote to memory of 2320	3028	file.exe	WerFault.exe
PID 3028 wrote to memory of 2320	3028	file.exe	WerFault.exe
PID 3028 wrote to memory of 2320	3028	file.exe	WerFault.exe
PID 3028 wrote to memory of 2320	3028	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 48
2⤵
- Program crash
PID:2320

memory/3028-0-0x0000000000EF0000-0x0000000000F4E000-memory.dmp

Filesize
376KB

Download