Analysis
-
max time kernel
121s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
20-01-2024 08:40
General
-
Target
69fa727ccf84c2f677b7231960fdb1c9.exe
-
Size
1.3MB
-
MD5
69fa727ccf84c2f677b7231960fdb1c9
-
SHA1
a61943b826df64a1421441539f9703b9954d43d6
-
SHA256
ede17bc45691636246b55b5d49a02fbdbee75ceb4d38dc8a04ee42bf8135d98c
-
SHA512
021b930990e68b97da5afc4907656a3a7398e459b313580a00f5c61a40d92b45a04cfd7680450162284903866744e3d5237176b84ccd86efe1214c88164051f6
-
SSDEEP
24576:Ov9MKQ72cZzFoipVyN31n4sOzTuGag+7B9OE395ghhig:kc72cRCEmn4sOYjB9OOv6V
Malware Config
Signatures
-
Detects Echelon Stealer payload 3 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\69fa727ccf84c2f677b7231960fdb1c9.exe"C:\Users\Admin\AppData\Local\Temp\69fa727ccf84c2f677b7231960fdb1c9.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\calc.exeC:\Windows\system32\calc.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=calc.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e9efe288a3c577c0b5850d7d13e2a1ad
SHA1de63fa9690a4c1f7ee5c9499aa64a12f1792e1fb
SHA2562fdaea12da3a3de9b9cb215ef6dc96283ecf8b16974821ebf5728422a9fcc710
SHA51237eb10d124988c631ddd6317afa5b8b268de65edac58a4e63b6327fe263ce448320a8f33836490d364c93b779ab8df6ca16fa20465de0996b37433fe50cc9448
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5657a2000a974ca09b5251ba4501af49f
SHA1065ee525e21f60fee5100f45c3ad1930e26e0737
SHA256ce139ebff81ba4cfd9608df6209f5690e24046853cf639059ef8206932597496
SHA512891bf3cc9e91da60598b591e9d2ef8bdb827023ecf67cdc10269dd49220029450c0d85b1ae29468a2434f44ffb50855a37e644af1409ead0bba1767d0a50fabd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a4b631cdb71dec6351249372a9c76d02
SHA1e3be35531931fc7b21639a0d2f3d6ebc1dde902a
SHA2560a9761b30b164b54458d449fa3a2334a0e1af505eed7f147649f252a95b628b4
SHA512654ca0172f12677fd3fe0d0f7d685d8098c6a4b0b7653769f8a6fc9e42fc488ecdc6d2cb877ea8a5c126a156ec81b9aa2c29a69d2849afd9f9fefad3b703af73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD505b636d2a1ba1c11dd6289bb49e307fc
SHA18aa03ffb092a96e11d308cc12efddbc4a0e7c916
SHA256b6bee4892554496748ba372f7a788f478714427fd9e1bd44096f6a8f5729bfdf
SHA512f987ad9a987ac3603866ae55072568cc120367fedcd3e23a54fdc3b7d08fcadfd5908244f8991220fcd762aed1708f1ba8d9e03f502c15e058a1e09e5ca20481
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b9d44c43c0d86cef5f0fde8a15cc5c5c
SHA1353092f535fd007926db3d81352925c0655bc227
SHA256c53407b7e61d65a892bd1f10ae3e67ac5b3abf4a2b6e7bdb7a6f915b5e3073d4
SHA512d5cb1e8da58ecaa3b6f51ed27672b5d9a73dbbc2cc5ce11a52058e4688821df09a324f4abbb6003443e55799b11cf06c434e3e721830df2b2023e302d310bf4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54723d5426bca01c016e6889bbf7c1ac7
SHA1cf382d248d3169123d0070395322cf3f9f9bba64
SHA256bfc680bfa4444b3bc81025a3155c2236d31c6c35542cdaf73ffd759be4e01f9b
SHA512e5478863b0b345953be7d3ee49c3737d1c83676fab8d23388e762b336ff3f893b1bd2dce5c63b51f7b8c510afa41a9bae1f93eae3f68763d4c91da95b410de67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5676df4ffc69c15df48603be2993b2c79
SHA15cefce20d101ccde1ff6faed38998c20e164108c
SHA256213b9ef6b4e37e06013b00c4731b9fdf2cd40ca3535ecd04f0319ef8247b0daf
SHA5128b7116ddd1cadc4bcdf5e6bbed425686619f4cebf399e1786d1f23a74599666a37f25321a20d77c2182f8f7304c2ea1b50047c6805f042b27e53333ec049067a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52b8ed062a44c710edd2d4b21792aa71d
SHA12f6ed75c92c0b145b7656e5ba1a576ee5fa3855c
SHA25693b993b610454c8d0d3e673eb3d1c1f96dd385ec6213b31ea5ef5c543ffb130c
SHA51271415e59063d21857739365cc19d9d65d4e7b8afca1be344456f6fde5a50c967868c2c9d8872f5c339be959aaf42455d75f2f4d2090ca452c686a63051bd2c73
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cbeb30cfa27539ec1ac3bc5636843576
SHA17840c581cbdb3217e933a0e438171c4382688223
SHA256823ef83fefd26f57a18de81f8d401fd4081030ba986ecdcd81ed045cc810ea01
SHA5128da9dc0f9496f0c08a4960b19e4ede4d7bfce32b6cb7f45f6c73711ff56633e50f9fa3494c4b8177584107bf9dc0f016df20c6a08515f16925c6910044b533e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ff64396bfdbacd9818028286362a9df0
SHA164823452f4190192fd8f9fc7a07972865d7343d1
SHA25630f840ec73c794d2bf13f77d8db3a0bd5399d12ca4b091125a6faf88447ccf20
SHA51279c777e613060ce72f3aa13c1f2c06ca0d9934cda4f691eeb1c324ff7b09ddd0b6dbe266b79a9291f07aa3a8211fc5bf6c7401088f558f3181bf8f145cd4217a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD550e012f98a9c48eed207f392dc79e1b3
SHA12e3b94b0fcc2b7f6f8b767311f88bc3e098a7f74
SHA2569d7919e507d9429b49620066ba458dc6c8a3f1eef53aab2e5206f913a6248e02
SHA5121ef3053a1d49a398255505fb9cc87f759a205139a59abcc6f8151566a9cc4b7916b183ec7d64f750da629f7ec936c09a59d3a1953c8b2f08d5e6b2185906f93b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD55bcb51429dc0718e7ccf2e6a27131cf6
SHA13b3b642d625b14c9264704300ad60fea78a11405
SHA256013e5ba5982ed7759c70064b1cf68c498046688c8917943f7625102670b30329
SHA512c9459c48bc1df07b3f7b324ad1fb1d3fb4c9a5c6d450fadf0ed91b7d910601e8530fd466fd337c7d86fdbd627b91cee0554c34413b31fb3d24d274ae08b5e421
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58682fd5dd30d4a91ac0319e3009434df
SHA1a1b4f2d2f629161e2daff579a557e76d8ce657bf
SHA25699978ca857a8c33a31fae0dc97808fc751818c26ab2f68fa6d1d52f83eca3f02
SHA5123b4ffd6c01004561f15d07268a8c32706dc4324e21854c594fa4f2050c3ab4a8e8b8de34fa2df306de4e5dee7fcba1e25de8b1d606ca8309226c5dbaef19ba08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5bfbf4f06b1154618fd076c6791ed0959
SHA190c04e1c4b0dee126edfb3f0b4845f1f8261dcb9
SHA256de491ad52079635850e682eb7c10f5a749c15a73a6ceeae6cabe340861840ac2
SHA512e12deb07d9439e02adda280736d9d668085ac43bc09af0bc841bedc675ac9cfd9b1213a8e8e14d86963b4591b5689e66bcbfcd8ed35c0556304f95afc1d4df55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5543cd4a7cafcd6a6f6fc3b1454415772
SHA19af8077c02c3acf776b0b73658d980453107c866
SHA256e1443ba6f698a66d9a672fad5373489a8fc5c91dd45ba5667b93f90f7e5209d7
SHA512fee0ad29f992e100174299a33a0548501151735d10cba5ea02d92231a4b44ea0ba138f1fb2d8ff12588c719485a20376a17e610afb0b6eda675b5aee778bc181
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58b2a0bd65a6e848cf686ac67a7c92bee
SHA1053e38f11fba3ee4c1ccf5ba96841f2c0ee811ea
SHA256e2ea344547d0476084d3e56781ff0b9b769f16acf1f7a69b641df1d01a287c36
SHA512f6fc0c5520b4107763fab01696bdee717680e892112d3af1f0adbbf13882cf185aaf42b2db30e1f07098c80599c0ebe8bb5a3eda5b73ff151403b060dba6a074
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57f8412d5338c443a71785796bb4e751c
SHA1a6f20090085f16064cf6301d21c235c965c8ea68
SHA2564537ec557f41f511d3033847e2d4e10b8343f7bb707c32a3775185306993d747
SHA5129a88b1cefeedbe17842bf44db2748c0db34b112596343c000dc48d2370b8dcf27c18263328ea93331cb8960ae00b9e9d9f4c1e933c27ccfb148e04d6e860ec1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD543fd278f737d728a96c4bea899791c5a
SHA142bcb32e7e7cfcde2fc527424371e18dbbf6a5c5
SHA25637acea6b7388f306bdbd13b86485de11ba2c78a6fff3cef8ae663c1ab090d4d1
SHA512d4d8dc006eb2aff93c143473363b011591e4c0e2961704edf49eac7cb7395f32d005262a1a85104501da96b1dcfded5989ee44ce1bc1f8070f96e0b3f1613556
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fd80f59c9b683a0809d5709cb59ae55a
SHA178dea80d600a3c397de0bfb10f50402eee7d3c5c
SHA2569ffc2b5526d175765798dba40e57fc61d8e5678471af90612fecff5231da293f
SHA512e621ed4cb9e2415a77b68baefc59fa19c6ed57a91d7f1a7ac7a066ea6bc425c973260d35f445fedffe22c5420a68a59f36f16c00de43bd9485b119b1cc768a17
-
C:\Users\Admin\AppData\Local\Temp\Cab4A4C.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar4AFB.tmpFilesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
memory/2684-6-0x00000000001D0000-0x0000000000300000-memory.dmpFilesize
1.2MB
-
memory/2684-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/2684-1-0x00000000001D0000-0x0000000000300000-memory.dmpFilesize
1.2MB
-
memory/2684-4-0x00000000001D0000-0x0000000000300000-memory.dmpFilesize
1.2MB
-
memory/2684-8-0x00000000001D0000-0x0000000000300000-memory.dmpFilesize
1.2MB
-
memory/3068-0-0x0000000000F90000-0x00000000010DD000-memory.dmpFilesize
1.3MB
-
memory/3068-441-0x0000000000F90000-0x00000000010DD000-memory.dmpFilesize
1.3MB