Analysis

  • max time kernel
    94s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 11:38

General

  • Target

    4168-57-0x0000000000E70000-0x0000000001363000-memory.exe

  • Size

    4.9MB

  • MD5

    cced69296f8096e2ee61c657186baf6d

  • SHA1

    151db07c0e30cb245eb0319060d5fa09d5f38b0c

  • SHA256

    f85cdaccb0dd86b741cf17bc23e7cfacb6671e7ccb757e9daeef59b6b84c297f

  • SHA512

    8215e9eb971e0a709eb17b473c651a0bf0e6ebf12b8eb304caf54e8e0e838025cebe1278ce4b01d22124c05dc43f3ce4a3e7d554f92343767ec724cdbd334c1d

  • SSDEEP

    49152:JKGpiylyln4/Q/8H2FGVUQHPVmfUYb2+up:3iylyln4/88H2FGVUQHYfnb2

Malware Config

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4168-57-0x0000000000E70000-0x0000000001363000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\4168-57-0x0000000000E70000-0x0000000001363000-memory.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:220
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 224
      2⤵
      • Program crash
      PID:1456
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 220 -ip 220
    1⤵
      PID:4256

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/220-0-0x00000000007B0000-0x0000000000CA3000-memory.dmp

      Filesize

      4.9MB