Overview

overview

10

Static

static

3

9f7be9bf91...b4.exe

windows7-x64

10

9f7be9bf91...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe

  • Size

    10.7MB

  • MD5

    c8cf26425a6ce325035e6da8dfb16c4e

  • SHA1

    31c2b3a26c05b4bf8dea8718d1df13a0c2be22ee

  • SHA256

    9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4

  • SHA512

    0321e48e185c22165ac6429e08afac1ccfdf393249436c8eac8a6d64794b3b399740aa5b2be23d568f57495d17e9220280ed1c2ea8f012b2c4021beb02cbc646

  • SSDEEP

    196608:SnvxO+j9q6y7PuZANMCgvUF+j6yrO5H+KB4kj6vgC51U7BlUdinrDRQF6f1:WvxPBly7Pumdgv9RrOF+LkGvgMGBa4n7

Score
10/10
monsterstealer

Malware Config

Signatures

  • Detects Monster Stealer. 2 IoCs
  • Monster

    Monster is a Golang stealer that was discovered in 2024.

    stealermonster
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe
    "C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\stub.exe
      "C:\Users\Admin\AppData\Local\Temp\9f7be9bf913d8378f094b3f6416db9aa4c80c380000202f7cfaddadb6efc41b4.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\python310.dll
    Filesize

    4.3MB

    MD5

    c80b5cb43e5fe7948c3562c1fff1254e

    SHA1

    f73cb1fb9445c96ecd56b984a1822e502e71ab9d

    SHA256

    058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

    SHA512

    faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2624_133663568225878000\stub.exe
    Filesize

    18.0MB

    MD5

    1cf17408048317fc82265ed6a1c7893d

    SHA1

    9bfec40d6eb339c5a6c2ad6e5fa7cebc147654c5

    SHA256

    1352ad9860a42137b096d9675a7b8d578fbc596d965de3cb352619cbe6aaf4e9

    SHA512

    66322d7cb5931017acaa29970da48642d03ce35007f130511b2848b67169c1dd4167f1e5a31e5e1dfe5f7122846482bdb878b5cd695ac58009033fd620813a0f

    Download Submit

  • memory/2624-75-0x000000013F440000-0x000000013FF18000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2744-40-0x000000013F140000-0x000000014037E000-memory.dmp

    Filesize

    18.2MB

    Download