Overview

overview

10

Static

static

3

95861518ef...5a.exe

windows7-x64

10

95861518ef...5a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95861518ef095e5ffd16260e0a5ba1b2917fa9efaeaac75e7f5a20816a4fe35a.exe

  • Size

    1000KB

  • MD5

    f71a4c25dbdc3fd5ee21b0ab15328cc5

  • SHA1

    78eb0c54ce0127a93fc6007baeee980ff0562b45

  • SHA256

    95861518ef095e5ffd16260e0a5ba1b2917fa9efaeaac75e7f5a20816a4fe35a

  • SHA512

    61bc151952cacfdc99af9cbe450625aa2e23e498dea7b8327571a55e20a27060992b1cd7beb9bff71ded2edffc4fe73764c83220790d53a8af6274052a06eed0

  • SSDEEP

    24576:qxLsMs8WdUS8KMcXK0QVQoU/TXJBdSnIernu:usldslc9Ci/TXp

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95861518ef095e5ffd16260e0a5ba1b2917fa9efaeaac75e7f5a20816a4fe35a.exe
    "C:\Users\Admin\AppData\Local\Temp\95861518ef095e5ffd16260e0a5ba1b2917fa9efaeaac75e7f5a20816a4fe35a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echelon.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echelon.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Echelon.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96eadf25e8062db466580e7dd7c5effc

    SHA1

    9c78d5760dfeb880539a9520e05eca288390d9df

    SHA256

    ccf6037cce4a9e46edd7cbad470d68d0a2541022eca9f7b5574be5e448e6df50

    SHA512

    7a84f7e2c352956cd7ec302f134aeec69c6b59d57321302a606945708272abaeb624569ce0702a1654bff1c11b216bc77a9cc91de726f93d7be2f74d780e0785

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a0dd147978d482a2d62600c585ec8e6

    SHA1

    8ddfcc820f835857839e21142f3ce1906112aff6

    SHA256

    ac27c079c73c2490566f3e3363f3b2839e5fbcff604b1736b0c0068aadade980

    SHA512

    63511d98c01a2d62ff7a83ba1fc7244c604cda3f42ec0fd5a1266a62655944dd9de6b96a0d5713d8d6fe004c6a2514d64b706366d31fe43082a8e2a17ee93f14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c1376d5730a225c4657de9372bd302c

    SHA1

    de2d1271b9c09a1b10de8993d1e6db95e8ff82f1

    SHA256

    cfbc512b1247d4621a7e67cfa5d76a1dbe1d7cf4397313b35283e0a2ca6b8d47

    SHA512

    3c07ebe6d5b8be7590d95a8d2f159bf7f9152ade0161fc3857e03aae64c4dc67c832fe2230bf2b7acf1f243ac8f19a75f2b00b0e494c7183e055afae1db4823a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f014f012aa129877dbdf9327796e6631

    SHA1

    553d7fd53f29604ee90073be1e3cd24b96ce37ed

    SHA256

    2cad195608be08b835da4b66f2916136b77e46927a5bea9eeb588ffb9a528156

    SHA512

    80d82308337936aba7e257f967fc6190ca2e59d68f5d3dac205570fa4a8e6fed9eb6564810d031f05a29cf841a5b586019939c891f3e6d8c07f87772dbaaaeb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e2e46bdd8fc5c10222339bdc0b87e93

    SHA1

    f192f45917f1206e93423e303cd55438763635be

    SHA256

    38b3830086d57fda6c0335a529f326577cf6967275e3b8a395d6d340c235a2e9

    SHA512

    d0765e4568e85321f85036350671bd477a08831d7a05873c4096ca3b84976f9f4bca02b079b1718d5b42bf8f9be42203f9de43628a5604d4da9b0928bb57669c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc49aa8b11d7ecf26174d07c718eb2db

    SHA1

    b6e08d9222eefab202cd338138861cd6a3c1a303

    SHA256

    2d69288791825e776168aa46b16cfa7d5a04678c0609ac94098a422d116a7338

    SHA512

    2c000580305088cac41c7d6405615e0d16f6c65a99ad7cae3553dedcbe20383cebd9fa92a9f29ec9df6d6afa9b89b14b771d340d189f2c05ff8f58a80effcb8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08e4b6bd2f38a1dafdf1fe0e35f47d21

    SHA1

    2d234d4dc71b6db2da248d481f3ecbee1a4b3d63

    SHA256

    53f3f972bd7099cd319b6cddb7d7b432b079236651447aeafd0c8f520a111764

    SHA512

    d4e7df1f032509315044a540a135f29415e7279adcc199fa46bf65e50d0924b5a1cd74aee8d8653375c7b0d76d911f221200f9bf5aa84f8dc3456ac34cde1fd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c49e69628c03f6f4fdd9a3dfd687a18

    SHA1

    d80173677acb3f2321062464ff55f16d540493ac

    SHA256

    7e0c51e54b20f89e8de46b766bd074ff865f786724a7509f933cab747f700b9c

    SHA512

    5f6e34856c78f24638f497222217d7bece8b1500e04a755e2b2ad814db7a5349cb825dc59618e0c99461a7d41c5ec6b1afa38489e37aa8e309c8868ff43a3eb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    206c6ea9dfe82e933fbcbd932b544a29

    SHA1

    08d8d0030af3efe602f18a714bed1f7f926d4f76

    SHA256

    8cbcd3d4e2c25221037a04e8dfddba92e876511cff3b0badc125cb7baeedd7bd

    SHA512

    591dc3153ab0fd9c79f6ac8ce2c136f5c7ca144eb65fb43b92be1fc0e3c4dae43ed10eaacfb91e704eb43f79440b3170fe67655db1f68b16fc9a9214fb6e5bca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5fb92693bd1a4065af7ae07ed0c20b0

    SHA1

    c99d7367c8dfb917cc62beef1d12cab7eaad1f64

    SHA256

    c670742ece31bfa3d839145885d5a07de2ce46da3831e2b00063d0f67dbc9448

    SHA512

    7f251f99af3fe1cab4e1a55ba31a57d0469db5e71b43ecb786aae18c1a2f0b4dafc1d70f545cff94a6d45f3cf8dd9cce669e8bd6c6a88c9e8e6788cb2b070af5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c48354c7e9df6aa619c55f2ff260c53

    SHA1

    55a8db5d1f61be385e91c37f7dd41da9f675eb76

    SHA256

    7166708c8c01672a54ccba14fed7bc27972d51bba4b3676e468243c076c992b7

    SHA512

    6b223696cdda33ee952e3c7d29b4dd1ad950fb2f77c7f7b09abb492701f6055669a5c6079b92aadda59fcc8347aba24db5db45ce7af0de3cf4a0838460d64564

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    887f06169eb97da995b5095fad971e34

    SHA1

    6b4396e34f5b8ab07968f3993b28a01a9358d353

    SHA256

    1cfe50173ec0d159375333d7a73203b6ea50d01b892eba5c7b5271603e311b30

    SHA512

    cd96afba68fb1f8034ec28553c3f5f89b37242ae3c5847ea93dee7426f81b0ef461bf06d83f4be00d776430d5514df3e97fb3ebdeb405b0974a9fe1122a3ebc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3263cff24d990f2cad781907a8e3684

    SHA1

    dacea88a8c77833a5e04004d027dc96a3edc4d92

    SHA256

    d8bedbd5f5720c6541bf23a64324731b44cefbfeecd350413e451a5d20dec1b4

    SHA512

    4adccd0898c233ad20d893a2375efb44879c2832cbf6763c092cd81f9f2f2f82bf9dad14fddaca85c41557c4f3f32e1d510876051f39de3d0c85fd68834c1163

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf3f5c8b28b0e22bc92d661ae7ba1af2

    SHA1

    30ccd09d65db683852c1322b9718f60257885aba

    SHA256

    1ae1c402946a715a6274513c0099cfd41564c11084e9c1352495bba4d845a8c9

    SHA512

    a55eb20230e877badd1848db364f8232a3ea291cd398578b1aa7672a219bd391b655f21178d18ebd716426c44cd1d93ff7f26e271cf083050536404b1a32bfd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7d8fa6ce6d92aba4ae6446d1c3013b1

    SHA1

    5b67bb9f4954d22b6e44220f1b1d44bd303150b2

    SHA256

    5ff696609b7a666517e489ea7a1ccae4883c7b4db711b7a5e44873d817006b4a

    SHA512

    adae6a1386d121b188383904abd3078a30e8086b7ef36dcd037131bb463a89595a09df59038c86b34760a98d8ed9269c828b21a82c63bcd2543bf20d9208cd02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    99b8c28e77beffc9f987eaac6e4e1412

    SHA1

    ac21e432ab6ee9363b0f76b3464bc01f804d9825

    SHA256

    02064f3afa9b0f56b630041eaf192e5d07dd32ce3a2df658270df539a0ec6ebc

    SHA512

    b3bfe8f618189ca03f16604d734b07bf6a9c807543fae1090742fc7352bb81b893b19639b8691edebe2fb7a40d4c92009f41fcf53399df3a5fac0d2bf0c538be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8bcdd0f640087eaf9453ab4f92b1cf8b

    SHA1

    809953d01a1a24d6b41319a958b434b831c5fcc1

    SHA256

    e1e0bc0d9446ec2d713ebdd4694657917d2055eca9adcef0d9c28c8fca7eb73f

    SHA512

    fe662e7e98be9d7fea00212f85f9633442526f7545e5dee135ca185638738fcb00535e5e20c5cf61a928e57e2ce3dea32da29100c1ca85024b154ef244764b0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76d09b3f9c804096f5587db2a0052932

    SHA1

    352ad4b46655d8606186b16784618e993a2e671f

    SHA256

    18fa59664c1a823f8444873d7bd7b7b8c7a30c14bb2829674c3683bc328fa2d4

    SHA512

    c6cddbbc70e47d3112e68dd8ab52e39a1e183988ec4fe3fe2fd7ade9ce0225de684b9ff465b8f9abbd38f38936bd2c086c848de5ac02e6d793aed959e88a3614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28fc023c620736e46f642c608fd0a0e0

    SHA1

    990cf9f09eb1d0c6f7fe7f3de2eca380a2528674

    SHA256

    8650601c9dfb1380374b18485cbec8e500276157fe671c926c124e58ed422b2a

    SHA512

    1d49d19c5de1e64f474b3dd2a5e9676fdd57ab3780e71d85b3661fa3ba08976dc7f77bd828bcc1eb8727e6bca1003bd2e661796301669532d0173eef9fac522b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    930a0e03084fb07398b1fd77e3c9fb42

    SHA1

    81eb6932832bc86a200f38ded94c76d77acc8004

    SHA256

    fc9e6255702a587f92918c6289a7209bd74c8c7d6f3c4d9a5ce8979ab3286d5f

    SHA512

    dc2e59aba93420db9bb71b311058f6a0f1d7ce16a7cba9f596d7301e735e03bdf3ed6442075633803cef4533ea4e90549ea9ecb5d975aa0e36966c03ef8d647a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2F8B.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echelon.exe.config
    Filesize

    216B

    MD5

    ed6192054a346a72d8bd4352895f25f9

    SHA1

    2de8e2859eb7451eb23d408cf9fa45f37a4e2d0e

    SHA256

    707f233f9e814e64d7655a78275e60bb44c35646292fa5b41ee936e1763c9f77

    SHA512

    7fe3851b67da2cd748c5e194e7b0c8252c65516ac710d950e5d6ac3aefe7051a5a01e034d6714f1dba077046ec211d234eb9f19e05c80d292b24e0f84dd6ce0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2F9D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\Echelon.exe
    Filesize

    592KB

    MD5

    52c389a5c951fa6b0c5636ece3b9a4cc

    SHA1

    7ea98e6dc3113e1bb7a89a4b8c3f29f770163b68

    SHA256

    8b7240910326218e895b469398b4e98443ba8aba78e17270659050fb7562f930

    SHA512

    6bdbd1dfd21f7db0682972502e632fa006843db79c46265e8199c75f69458ecf6506c3c5b8424d465d004483897056739e2edb73b821205b48a0d7fb6b48f38d

    Download Submit