Analysis
-
max time kernel
21s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05-01-2024 11:48
General
-
Target
84a16ccb9b0cff86bff0a06ba7744e53a83f4fbbc01ddd9794ffbdbd0245b4a1.exe
-
Size
581KB
-
MD5
bb46f2dd084d029704de8dafd0176bf8
-
SHA1
01a35a217226e27feecdbc16119293a8b37176b8
-
SHA256
84a16ccb9b0cff86bff0a06ba7744e53a83f4fbbc01ddd9794ffbdbd0245b4a1
-
SHA512
5b5d28919835e0ad24ae06bfff5455c0d94903ef6d12b92e2a6ab8082f70a2553464db03df2905608099c63814a32b56a246864938b90f0126a3db6844df2bfd
-
SSDEEP
12288:8CRW8/ulZLJLUf9snBS4csPYae6qfzwAA:u8WlhhUF54clNf7wB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84a16ccb9b0cff86bff0a06ba7744e53a83f4fbbc01ddd9794ffbdbd0245b4a1.exe"C:\Users\Admin\AppData\Local\Temp\84a16ccb9b0cff86bff0a06ba7744e53a83f4fbbc01ddd9794ffbdbd0245b4a1.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4764-0-0x00000216B2240000-0x00000216B22D8000-memory.dmpFilesize
608KB
-
memory/4764-1-0x00007FFEE7340000-0x00007FFEE7E01000-memory.dmpFilesize
10.8MB
-
memory/4764-2-0x00000216CCA00000-0x00000216CCA10000-memory.dmpFilesize
64KB
-
memory/4764-3-0x00000216CC790000-0x00000216CC806000-memory.dmpFilesize
472KB
-
memory/4764-22-0x00007FFEE7340000-0x00007FFEE7E01000-memory.dmpFilesize
10.8MB
-
memory/4764-29-0x00000216CCA00000-0x00000216CCA10000-memory.dmpFilesize
64KB
-
memory/4764-33-0x00007FFEE7340000-0x00007FFEE7E01000-memory.dmpFilesize
10.8MB