Overview

overview

10

Static

static

ea073da8a4...e3.exe

windows7_x64

10

ea073da8a4...e3.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    03-05-2022 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea073da8a4bb2e317f717a2d43a7aee76a92c42f568f724ea70beb2794938ee3.exe

  • Size

    405KB

  • MD5

    4328a8e91296320c208b5ac9f7634bf9

  • SHA1

    a173f1352345d9e5aa1aa8b37d288dcd953dad48

  • SHA256

    ea073da8a4bb2e317f717a2d43a7aee76a92c42f568f724ea70beb2794938ee3

  • SHA512

    8463c544199c85d96124dfac3d92229b3a29d0002b79328554c00b6af74309059c163f0ea70c378ca80bf0360fc728c1f2ed7f3bd71a8f47ba82c9f679227428

Score
10/10
elysiumstealerdiscoveryspywarestealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea073da8a4bb2e317f717a2d43a7aee76a92c42f568f724ea70beb2794938ee3.exe
    "C:\Users\Admin\AppData\Local\Temp\ea073da8a4bb2e317f717a2d43a7aee76a92c42f568f724ea70beb2794938ee3.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:548
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 1772
      2⤵
      • Program crash
      PID:4308
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 548 -ip 548
    1⤵
      PID:3540

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/548-130-0x0000000000E40000-0x0000000000EAC000-memory.dmp

      Filesize

      432KB

      Download

    • memory/548-131-0x000000000B8B0000-0x000000000B916000-memory.dmp

      Filesize

      408KB

      Download

    • memory/548-132-0x000000000BC10000-0x000000000BCA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/548-133-0x000000000C260000-0x000000000C804000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/548-134-0x000000000BFC0000-0x000000000C05C000-memory.dmp

      Filesize

      624KB

      Download