Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 23:53

General

  • Target

    cstealer.exe

  • Size

    22.7MB

  • MD5

    d9582d999888fda00ae92762f37cf926

  • SHA1

    dd8d52866fed89653e7f536c6cd02eca469c0047

  • SHA256

    9a564b50b493166a82ec2c75bf907b62ba08b81136be2e8fc2c57c8b094d9f8b

  • SHA512

    2ee0967579bd4bf116b6aa35a3973f2d14d178c99f180c98f28b6832a283dfd5c37e594e81c351b3792017fd6c37a2ed339481093376a6efab9b0cc1af178b9c

  • SSDEEP

    393216:8AEkZQtstQdqRpJWQsUcR4NzHdQnDmblywF3MnG3oTl/N6PJBTeZWg89F59DHTy:xhQtstqaYQFfdQnDK3MGYZg7sKPDz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cstealer.exe
    "C:\Users\Admin\AppData\Local\Temp\cstealer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\cstealer.exe
      "C:\Users\Admin\AppData\Local\Temp\cstealer.exe"
      2⤵
      • Loads dropped DLL
      PID:240

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-file-l1-2-0.dll

          Filesize

          22KB

          MD5

          852904535068e569e2b157f3bca0c08f

          SHA1

          c79b4d109178f4ab8c19ab549286eee4edf6eddb

          SHA256

          202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

          SHA512

          3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

        • C:\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-file-l2-1-0.dll

          Filesize

          22KB

          MD5

          cdfc83e189bda0ac9eab447671754e87

          SHA1

          cf597ee626366738d0ea1a1d8be245f26abbea72

          SHA256

          f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

          SHA512

          659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

        • C:\Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-localization-l1-2-0.dll

          Filesize

          22KB

          MD5

          f1d0595773886d101e684e772118d1ef

          SHA1

          290276053a75cbeb794441965284b18311ab355d

          SHA256

          040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

          SHA512

          db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

        • C:\Users\Admin\AppData\Local\Temp\_MEI22162\python311.dll

          Filesize

          5.5MB

          MD5

          9a24c8c35e4ac4b1597124c1dcbebe0f

          SHA1

          f59782a4923a30118b97e01a7f8db69b92d8382a

          SHA256

          a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

          SHA512

          9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

        • C:\Users\Admin\AppData\Local\Temp\_MEI22162\ucrtbase.dll

          Filesize

          1.1MB

          MD5

          a9f5b06fae677c9eb5be8b37d5fb1cb9

          SHA1

          5c37b880a1479445dd583f85c58a8790584f595d

          SHA256

          4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

          SHA512

          5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

        • \Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-processthreads-l1-1-1.dll

          Filesize

          22KB

          MD5

          e26a5e364a76bf00feaab920c535adbb

          SHA1

          411eaf1ca1d8f1aebcd816d93933561c927f2754

          SHA256

          b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

          SHA512

          333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

        • \Users\Admin\AppData\Local\Temp\_MEI22162\api-ms-win-core-timezone-l1-1-0.dll

          Filesize

          22KB

          MD5

          566232dabd645dcd37961d7ec8fde687

          SHA1

          88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

          SHA256

          1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

          SHA512

          e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220