Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

MarsSteale...PC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    19s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 17:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MarsStealer6_cracked_by_LLCPPC.exe

  • Size

    107KB

  • MD5

    41c1fb2f4bd3c65cb0030b1f47a46084

  • SHA1

    199420219f0096cfb156945a54933a03144da70d

  • SHA256

    f335705b83540e68ddd17c68232c2f5ca67b0479cdc3ad8ff11931db6c134764

  • SHA512

    93d4778a35b766b17824c62817421ac224027d6b699afde1281aaaedff7443d3d2c29d1ded98dc1dc318a67d51c2ad3f3b6df83b1c247da9e534f27ae7b0abfe

  • SSDEEP

    1536:+YMNChaEb9Y3R1OK8jqfu/b4A48GFBoagvHxMaBYRSyOHm9RNKQFGo:bMNCha6O8jhb4AKDoaSkRS8RMr

Score
10/10
arkeidefaultstealer

Malware Config

Extracted

Family

arkei

Botnet

Default

Signatures

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MarsStealer6_cracked_by_LLCPPC.exe
    "C:\Users\Admin\AppData\Local\Temp\MarsStealer6_cracked_by_LLCPPC.exe"
    1⤵
      PID:2368
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 252
        2⤵
        • Program crash
        PID:2372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2368 -ip 2368
      1⤵
        PID:380
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4196

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2368-0-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2368-1-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/4196-4-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-3-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-2-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-9-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-8-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-14-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-13-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-12-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-11-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4196-10-0x0000024092670000-0x0000024092671000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.