Overview

overview

10

Static

static

40f4d634e7...34.exe

windows7-x64

10

40f4d634e7...34.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2023, 20:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40f4d634e769a01da66f81c447317c937515f8dc83e07c5db62694a178db3534.exe

  • Size

    5.7MB

  • MD5

    f999d4f9e308dcea84bbc6d875bb331e

  • SHA1

    1150a776f2e2fb4108980106f2c88802c8b8861a

  • SHA256

    40f4d634e769a01da66f81c447317c937515f8dc83e07c5db62694a178db3534

  • SHA512

    65ca1d32df4af8167916a39d4303f219869e440ba5eb6a81ef869d97b8c2f6c5bf788cb3735f53dc6a8ba1a87c67fbc3331dc081f6358cd1e65aa7625e2cb19e

  • SSDEEP

    98304:dZfnpf4tg85C0oNW3MoYe2AFVQYf6zM5ary7f:DfnpQ1oDu7VFas6z

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Support DLL 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40f4d634e769a01da66f81c447317c937515f8dc83e07c5db62694a178db3534.exe
    "C:\Users\Admin\AppData\Local\Temp\40f4d634e769a01da66f81c447317c937515f8dc83e07c5db62694a178db3534.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 1432
      2⤵
      • Program crash
      PID:216
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1536 -ip 1536
    1⤵
      PID:4484

    Network

    • flag-unknown
      DNS
      151.122.125.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      151.122.125.40.in-addr.arpa
      IN PTR
      Response
    • 104.80.225.205:443
      322 B
       7
    • 104.208.16.89:443
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      151.122.125.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      151.122.125.40.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll
      Filesize

      40KB

      MD5

      94173de2e35aa8d621fc1c4f54b2a082

      SHA1

      fbb2266ee47f88462560f0370edb329554cd5869

      SHA256

      7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

      SHA512

      cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

      Download Submit

    • memory/1536-132-0x0000000000570000-0x0000000000B24000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1536-134-0x0000000006150000-0x00000000066F4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1536-135-0x0000000005AA0000-0x0000000005B32000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1536-136-0x0000000005A80000-0x0000000005A8A000-memory.dmp

      Filesize

      40KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.