Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10-12-2024 18:47
General
-
Target
3036-45-0x0000000000540000-0x0000000000BD7000-memory.exe
-
Size
6.6MB
-
MD5
10d7e9cdc51ddbe617b8b6636d480b1b
-
SHA1
cb05331fc9edf761a4a5db93dfe121daa909656f
-
SHA256
ccdaa7ab08debe2ca2af232be238f0903630882f93681cd83a25753d18988deb
-
SHA512
380efa247c455900ce26b977435db1ced7a53dc330f3951ecc9c9bbd0f3c6b728400a3d29ad0f333332cb01c1d2134e9e1c98196601864dc9323bebecdbf0bfa
-
SSDEEP
98304:Z7AA2aWSV9MZ5QkdkzCcqHARhivtav2aMjYepn+1QP++:ZqLSgchUbaQYgmo++
Score
10/10
Malware Config
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\3036-45-0x0000000000540000-0x0000000000BD7000-memory.exe"C:\Users\Admin\AppData\Local\Temp\3036-45-0x0000000000540000-0x0000000000BD7000-memory.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 2162⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3484 -ip 34841⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB