Overview

overview

10

Static

static

3

0a7a53ccfc...4d.exe

windows10-2004-x64

10

15fd14ba21...b7.exe

windows10-2004-x64

10

1ded3ef8a6...eb.exe

windows10-2004-x64

10

211c4e6a11...13.exe

windows10-2004-x64

10

2143b79ffb...90.exe

windows10-2004-x64

10

262bcbb295...79.exe

windows10-2004-x64

10

2db3eb661b...10.exe

windows10-2004-x64

10

38f672e7cb...04.exe

windows10-2004-x64

10

3a8f22ea92...1f.exe

windows10-2004-x64

10

4ad2507250...50.exe

windows10-2004-x64

10

4d264f872f...4d.exe

windows10-2004-x64

10

5dcad04e9c...98.exe

windows10-2004-x64

10

838e53197e...9e.exe

windows10-2004-x64

10

9fb3613b82...eb.exe

windows10-2004-x64

10

ada5308889...6d.exe

windows10-2004-x64

10

b7edb218fe...67.exe

windows10-2004-x64

10

c7a8b128f1...e0.exe

windows7-x64

10

c7a8b128f1...e0.exe

windows10-2004-x64

10

d0c2f16d85...04.exe

windows10-2004-x64

10

d686e13696...c7.exe

windows10-2004-x64

10

f2cce909ec...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9fb3613b8287cadb1f1a45c550f5b98f012dcc95bb947f3b8b3d68303b6bc3eb.exe

  • Size

    599KB

  • MD5

    197e867035f6a1eee8b6b2a0d3c19804

  • SHA1

    f981fb4379333ba6c95ab8cc689c502a7c285ce8

  • SHA256

    9fb3613b8287cadb1f1a45c550f5b98f012dcc95bb947f3b8b3d68303b6bc3eb

  • SHA512

    379eeb4d090b0bbd013c231cfae16ba78ae3f0d2941e48158178865f8ca637a2f5948b3b18cb8519470fb398a93b4830e7531328bcef14d1ca62c3a792b07ab9

  • SSDEEP

    12288:bMrby90Uun5B6oTMSX5u3QnPsRGFQO1WqeeNJ5yil2iyDlArWhhiTX:QyqB6oTM6U3hREYqBNx/yDlsES

Score
10/10
mysticevasionpersistencestealertrojan

Malware Config

Signatures

  • Detect Mystic stealer payload 4 IoCs
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9fb3613b8287cadb1f1a45c550f5b98f012dcc95bb947f3b8b3d68303b6bc3eb.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb3613b8287cadb1f1a45c550f5b98f012dcc95bb947f3b8b3d68303b6bc3eb.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q1893835.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q1893835.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4816
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r7232574.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r7232574.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3976
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        3⤵
          PID:1996
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 592
          3⤵
          • Program crash
          PID:456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4672,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
      1⤵
        PID:4460
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3976 -ip 3976
        1⤵
          PID:4292
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe start wuauserv
          1⤵
          • Launches sc.exe
          PID:1944

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\q1893835.exe
          Filesize

          192KB

          MD5

          4e96c616a4b87e9f9b473d201fcbc7a2

          SHA1

          517f14f4b569fa4151c4486ee623a041aaab896d

          SHA256

          8345c3d52c960db3bedad59199edab9991c4be3caad45f969ff9638e88a481c6

          SHA512

          25effea644bfccd3406ac24b19247e32aa45e3d24918706b513d5ae8c69150bfc2c720882bf351d96e8af5419ace67eb044752323cd1e353c9b983e930b6a073

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\r7232574.exe
          Filesize

          1.4MB

          MD5

          7518415a722d4df208536a1c8c742b2e

          SHA1

          04e8e99a7efd74c7338636194b276e6906738ce7

          SHA256

          8723656c749074f97599acab27d9f46b4cb57a993911a11bb789ac61065f79d3

          SHA512

          b886c23241eedd8ab93a0e8fec45e101f61a5db7015062c15a215b2a23725aa3a0c2c76f7860b78400e600f7053aa5677e01bc77645572b0e416b035a8fa5c80

          Download Submit

        • memory/1996-48-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1996-49-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1996-51-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1996-47-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/4816-24-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-16-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-40-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-41-0x0000000074430000-0x0000000074BE0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4816-39-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-30-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-28-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-26-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-12-0x0000000004990000-0x00000000049AC000-memory.dmp

          Filesize

          112KB

          Download

        • memory/4816-22-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-18-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-20-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-14-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-13-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-36-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-34-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-32-0x0000000004990000-0x00000000049A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4816-43-0x0000000074430000-0x0000000074BE0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4816-11-0x0000000074430000-0x0000000074BE0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4816-10-0x0000000004B00000-0x00000000050A4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4816-9-0x0000000074430000-0x0000000074BE0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4816-8-0x00000000006F0000-0x000000000070E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4816-7-0x000000007443E000-0x000000007443F000-memory.dmp

          Filesize

          4KB

          Download