Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-12-2024 11:02
General
-
Target
2348-0-0x0000000000520000-0x0000000000A1C000-memory.exe
-
Size
5.0MB
-
MD5
16f0ad3beca2fa16a658beb09a739962
-
SHA1
8e9ac9337daa706ed85866ce97bf75e4bab9e9c5
-
SHA256
a615300ac987c22057f52d63b229cb5563b9919f7d1c3edc4027f97773608b9c
-
SHA512
48155cfdfc9d68f8772d379a2f5d28fef6edbf2461f1d6c082293afffcbe15fb7476cc645bde89e9e534a0bcb5994f5d8dee8331802ffff6bac48bc98475868d
-
SSDEEP
49152:uM432Mmi4CKgHrtF59gua0u8Xts7dXgb3Gvb:g2Mmi4CKktnaIXSFoU
Score
10/10
Malware Config
Signatures
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2348-0-0x0000000000520000-0x0000000000A1C000-memory.exe"C:\Users\Admin\AppData\Local\Temp\2348-0-0x0000000000520000-0x0000000000A1C000-memory.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 2242⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4680 -ip 46801⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.0MB