Overview

overview

10

Static

static

10

dc68c56376...c6.exe

windows7_x64

10

dc68c56376...c6.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    07-03-2022 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc68c56376057b68b1d9339e321e30cb35824772dd0eba0714ca8d1a0697fcc6.exe

  • Size

    2.5MB

  • MD5

    e72c5e8bef42ca93d84809c6f7d1b47e

  • SHA1

    8009768ac1472a6b73ba77db882f1cc621ca53d5

  • SHA256

    dc68c56376057b68b1d9339e321e30cb35824772dd0eba0714ca8d1a0697fcc6

  • SHA512

    28f3f1eef5bfedda2484b6768f5e086d05803574e514296466b9c9e6e262f87bbcda7cdcfec7ebe72954bf10a7bc9a74e347eff1ffeb6ecd7b9e08f29b2a79bb

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Payload 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc68c56376057b68b1d9339e321e30cb35824772dd0eba0714ca8d1a0697fcc6.exe
    "C:\Users\Admin\AppData\Local\Temp\dc68c56376057b68b1d9339e321e30cb35824772dd0eba0714ca8d1a0697fcc6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\SysWOW64\arp.exe
      "C:\Windows\System32\arp.exe" -a
      2⤵
        PID:112
      • C:\Windows\SysWOW64\arp.exe
        "C:\Windows\System32\arp.exe" -a
        2⤵
          PID:668

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll
        MD5

        4fa23d4e3390b324b06fe8d71a2a3d89

        SHA1

        35466bba9f46aa1c52ae48c2166b01d8b61073b7

        SHA256

        143d6d42556ab0d79703c0a05a545a03bda5842e71a926fa4311150350d30052

        SHA512

        fd842ef1e6f8beebc452a5b79d195473e780906d3c927d6dca11ed4477caf05bff15818c9dc5a87e6217009b1fed3257eb04e4cb46f01b10063fe778619543e3

        Download Submit

      • memory/1648-55-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1648-56-0x0000000000400000-0x0000000000402000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1648-57-0x0000000077D00000-0x0000000077E80000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1648-58-0x0000000074D70000-0x000000007545E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/1648-59-0x0000000000400000-0x000000000062C000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1648-60-0x00000000051D0000-0x00000000051D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1648-61-0x0000000002770000-0x000000000277C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/1648-62-0x0000000076EB0000-0x0000000076FC0000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/1648-64-0x0000000002790000-0x00000000027AC000-memory.dmp

        Filesize

        112KB

        Download

      • memory/1648-65-0x0000000004E00000-0x0000000004E0C000-memory.dmp

        Filesize

        48KB

        Download