Analysis

  • max time kernel
    95s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2024, 12:14

General

  • Target

    2320-0-0x0000000000A50000-0x0000000000F62000-memory.exe

  • Size

    5.1MB

  • MD5

    9166467287e1548baeddfbcd67bb6236

  • SHA1

    d4c8576686e4297ec7bdd0fd55ae07c153375462

  • SHA256

    afb5b32ed2b0a22ea5cb5683f4460493fd96ba385c8ec11bac255e0ae3033e4e

  • SHA512

    0d219cbf1b160da06b85f15691dd4f444c33fcfd98b406d914fc0857182147a11c9f2dfb74bd1a7cd88e18ce3627ac69d092bf09a6c7a6838168acb19bc1e927

  • SSDEEP

    98304:DOrmI6FP4LgJl+y9QV6/NqYMJ6rZPAuj:hb9QQFqYvZPAuj

Malware Config

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2320-0-0x0000000000A50000-0x0000000000F62000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2320-0-0x0000000000A50000-0x0000000000F62000-memory.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 228
      2⤵
      • Program crash
      PID:3528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3672 -ip 3672
    1⤵
      PID:4100

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3672-0-0x0000000000240000-0x0000000000752000-memory.dmp

      Filesize

      5.1MB