Behavioral task
behavioral1
Sample
2432-0-0x0000000001210000-0x0000000001879000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2432-0-0x0000000001210000-0x0000000001879000-memory.exe
Resource
win10v2004-20240802-en
General
-
Target
2432-0-0x0000000001210000-0x0000000001879000-memory.dmp
-
Size
6.4MB
-
MD5
07a6abc57cc64e484efee7eb3ee69f04
-
SHA1
d4a1f59a678e71215443abcd56a4f30fed251575
-
SHA256
02a0358a166b3175820f741909f80f30b7b3cf8739e2181889e23fbf8eff848f
-
SHA512
27def5deb6b2bbd350dcecd5cd2c0cba7f89e713c894fadbd38f9c6cd4504760d659d57e34367d088ab2d0170d851f125df8bc215b4882ee49d686f100f03444
-
SSDEEP
3072:zeofrV1zjH88YY/ItLU4pxNnGtrsR8Erjnk8dPyin2IFu:zeoHzDUYwt/xNGpE9jnktgXFu
Malware Config
Signatures
-
Stealc family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2432-0-0x0000000001210000-0x0000000001879000-memory.dmp
Files
-
2432-0-0x0000000001210000-0x0000000001879000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 79KB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dnbdzjvd Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hwzrywcd Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE