Overview

overview

10

Static

static

7329298d04...2d.exe

windows7_x64

7

7329298d04...2d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    89s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-05-2022 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7329298d04ba59f19b05b47b4dc3f8f2fcbbd92ae7208e3280aba5e3ee36b12d.exe

  • Size

    240KB

  • MD5

    4e6ee051c1524c9cc4080149660c52bf

  • SHA1

    09dbdeb821d3217d8bcdd52ce575d3887283f30b

  • SHA256

    7329298d04ba59f19b05b47b4dc3f8f2fcbbd92ae7208e3280aba5e3ee36b12d

  • SHA512

    f70d981e829b5189029b65f275ee4fbf7ec15dbf08cf0fc957050cc1218f9dbb0ef94132d5f480ca039148c0089691676b9a6b166f5232585d7e90fc8e760d08

Score
10/10
elysiumstealerdiscoveryspywarestealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7329298d04ba59f19b05b47b4dc3f8f2fcbbd92ae7208e3280aba5e3ee36b12d.exe
    "C:\Users\Admin\AppData\Local\Temp\7329298d04ba59f19b05b47b4dc3f8f2fcbbd92ae7208e3280aba5e3ee36b12d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 1984
      2⤵
      • Program crash
      PID:4964
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2764 -ip 2764
    1⤵
      PID:1812

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2764-130-0x0000000000270000-0x00000000002B4000-memory.dmp
      Filesize

      272KB

      Download
    • memory/2764-131-0x000000000E050000-0x000000000E0B6000-memory.dmp
      Filesize

      408KB

      Download
    • memory/2764-132-0x000000000E390000-0x000000000E422000-memory.dmp
      Filesize

      584KB

      Download
    • memory/2764-133-0x000000000E9E0000-0x000000000EF84000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/2764-134-0x000000000E4D0000-0x000000000E520000-memory.dmp
      Filesize

      320KB

      Download
    • memory/2764-135-0x000000000E810000-0x000000000E8AC000-memory.dmp
      Filesize

      624KB

      Download