Overview

overview

10

Static

static

3

2ae72cafa8...de.exe

windows10-2004-x64

10

2d225565e0...be.exe

windows10-2004-x64

10

5f94dabf69...6d.exe

windows10-2004-x64

10

65296f4680...95.exe

windows7-x64

3

65296f4680...95.exe

windows10-2004-x64

10

7618ddb9e4...07.exe

windows10-2004-x64

10

8865ec3f94...5a.exe

windows10-2004-x64

10

8d796a364d...e4.exe

windows10-2004-x64

10

aabdc92d30...96.exe

windows10-2004-x64

10

bae99364dc...55.exe

windows10-2004-x64

10

cc35c0b2bc...24.exe

windows10-2004-x64

10

d63c4114c3...86.exe

windows10-2004-x64

10

d65bb810cc...a7.exe

windows10-2004-x64

10

d764830962...c8.exe

windows10-2004-x64

10

d9124df1a4...d1.exe

windows10-2004-x64

10

e1564be8f1...ad.exe

windows10-2004-x64

10

e7ee230707...d5.exe

windows10-2004-x64

10

e8a7f5f2b3...4b.exe

windows10-2004-x64

10

e8bf7b5c22...96.exe

windows10-2004-x64

10

eb214d5f58...c6.exe

windows10-2004-x64

10

edacb614f4...95.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b.exe

  • Size

    598KB

  • MD5

    f9305f8c01feede28b3af484efc7e885

  • SHA1

    c7c26d98b578f15ec3456bd76e5ba11ce8c9b5fc

  • SHA256

    e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b

  • SHA512

    e6344b60223e82bcd52ae1635281e4494ff9fd1a7f95da0fd6bcc93463d7cd5c8bb9dfcabfde585906e26e401b1a76be00d799f5e21ce5281b988b5f6922cf35

  • SSDEEP

    12288:oMruy905un5B6oTfvVlCHP43ZdnjvNlPSKgZdv85uhzfjA:2ybB6oTfNlfpBjvNYjUuhg

Score
10/10
mysticevasionpersistencestealertrojan

Malware Config

Signatures

  • Detect Mystic stealer payload 4 IoCs
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b.exe
    "C:\Users\Admin\AppData\Local\Temp\e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q6182467.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q6182467.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4204
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r5347789.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r5347789.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3⤵
          PID:1292
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 596
          3⤵
          • Program crash
          PID:2260
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2276 -ip 2276
      1⤵
        PID:4092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3564

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q6182467.exe
          Filesize

          192KB

          MD5

          718f491ab0172ca1277f521481f8f4a1

          SHA1

          4d5a86a2c1f019a0f99044f46c526d50493e32e4

          SHA256

          2c6cbecf38724ffdb2957260693e0575a94f9835b35846824510aebea7b3ac0e

          SHA512

          03fa33c6005ee0d38b4a38941d8a1f4fb1087d1ae07463574e739a01c633f00a893d7998699c90b4d8fa58720cc41f81caaaf49ac533a101d96e01fee99b88cb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r5347789.exe
          Filesize

          1.4MB

          MD5

          c601017d4f107cc2e978a4ba8db282e8

          SHA1

          b4b2f1bceec7e911044c1e6bef0abe48b731a75a

          SHA256

          5ac975131171e765efcd284d6d50ef029703817f3055cc565832d1c55ba93b86

          SHA512

          5d188953298053aa79ee3479f48102450ab4780e7c37da1bcd1109f4638a899899d196883fb534c1adf98758d166465a9329398cf2fcf1a50af297cf87083462

          Download Submit

        • memory/1292-51-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1292-48-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1292-49-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1292-47-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/4204-33-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-27-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-15-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-17-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-41-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-39-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-37-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-36-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-12-0x0000000004A00000-0x0000000004FA4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4204-31-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-29-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-13-0x0000000004990000-0x00000000049AC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4204-25-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-23-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-21-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-19-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-14-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4204-43-0x0000000074670000-0x0000000074E20000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4204-11-0x0000000074670000-0x0000000074E20000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4204-10-0x0000000074670000-0x0000000074E20000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4204-9-0x0000000002280000-0x000000000229E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4204-8-0x0000000074670000-0x0000000074E20000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4204-7-0x000000007467E000-0x000000007467F000-memory.dmp

          Filesize

          4KB

          Download