strela | ab99f9d1373ce28cbd2330dd1fac6afc986bbd0bd016c5c3ef231f256406041b

Analysis

max time kernel
229s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 22:09

Target

22393316943847.dll
Size

475KB
MD5

bf3cc194691c3e7e28bcf1886032bb05
SHA1

8bac633b95f09d52c738e41720bd5ff1103024d5
SHA256

ab99f9d1373ce28cbd2330dd1fac6afc986bbd0bd016c5c3ef231f256406041b
SHA512

b6389aa180e4b47803844e8887b10ec07f9325c7b11041a0bdaae8a4d8f84edfb032520bba16992559aa2a865b354260b3a5e5d04f220c41827f05d90169ccca
SSDEEP

12288:EYTHeVj1TEt3/yAUKZ9EfE3wIgm3zHfmn+OQYGQIf9TQe:pO5T5AdZ6+gmbfTYGQYv

Score

10^/10

strela stealer

Detects Strela Stealer payload 5 IoCs

resource	yara_rule
behavioral2/memory/1276-0-0x0000000002130000-0x0000000002193000-memory.dmp	family_strela
behavioral2/memory/1276-1-0x0000000002130000-0x0000000002193000-memory.dmp	family_strela
behavioral2/memory/1276-3-0x0000000002130000-0x0000000002193000-memory.dmp	family_strela
behavioral2/memory/4604-4-0x0000000001E30000-0x0000000001E93000-memory.dmp	family_strela
behavioral2/memory/4604-5-0x0000000001E30000-0x0000000001E93000-memory.dmp	family_strela

Strela family
strela
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2316	1932	cmd.exe	116
PID 1932 wrote to memory of 2316	1932	cmd.exe	116
PID 1932 wrote to memory of 4604	1932	cmd.exe	117
PID 1932 wrote to memory of 4604	1932	cmd.exe	117

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\22393316943847.dll
1⤵
PID:1276

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\system32\regsvr32.exe
  regsvr32
  2⤵
  PID:2316
- C:\Windows\system32\regsvr32.exe
  regsvr32 22393316943847.dll
  2⤵
  PID:4604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2152

memory/1276-0-0x0000000002130000-0x0000000002193000-memory.dmp

Filesize
396KB

Download
memory/1276-1-0x0000000002130000-0x0000000002193000-memory.dmp

Filesize
396KB

Download
memory/1276-3-0x0000000002130000-0x0000000002193000-memory.dmp

Filesize
396KB

Download
memory/4604-4-0x0000000001E30000-0x0000000001E93000-memory.dmp

Filesize
396KB

Download
memory/4604-5-0x0000000001E30000-0x0000000001E93000-memory.dmp

Filesize
396KB

Download