964b7d642b7667a3d50eb760e9a282208a65166144e7c0920f184ed6bfedeab0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 12:06

Target

cstealer.exe
Size

10.4MB
MD5

cb7686d42c73db709fa92a14a04e5046
SHA1

dc1b2e856048befe63030881b4edd1ad749b1c31
SHA256

964b7d642b7667a3d50eb760e9a282208a65166144e7c0920f184ed6bfedeab0
SHA512

ba195668a859a2a35ac23bd1abc55a7512728c37688775230035c1a397c07b2e790ca18bea4c092892d7a5e6ad19f77cbc2c65752f69941e7457f56a3c3b4243
SSDEEP

196608:AH4Ek1CtNm+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lmGPFQwWBHlACy:1Ek1Ct32XMCHWUjAjx5WsqWxT9lQw8le

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2736	cstealer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2736	2240	cstealer.exe	31
PID 2240 wrote to memory of 2736	2240	cstealer.exe	31
PID 2240 wrote to memory of 2736	2240	cstealer.exe	31

C:\Users\Admin\AppData\Local\Temp\cstealer.exe
"C:\Users\Admin\AppData\Local\Temp\cstealer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\cstealer.exe
  "C:\Users\Admin\AppData\Local\Temp\cstealer.exe"
  2⤵
  - Loads dropped DLL
  PID:2736

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit