Overview

overview

10

Static

static

3

69fa727ccf...c9.exe

windows7-x64

10

69fa727ccf...c9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2024 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69fa727ccf84c2f677b7231960fdb1c9.exe

  • Size

    1.3MB

  • MD5

    69fa727ccf84c2f677b7231960fdb1c9

  • SHA1

    a61943b826df64a1421441539f9703b9954d43d6

  • SHA256

    ede17bc45691636246b55b5d49a02fbdbee75ceb4d38dc8a04ee42bf8135d98c

  • SHA512

    021b930990e68b97da5afc4907656a3a7398e459b313580a00f5c61a40d92b45a04cfd7680450162284903866744e3d5237176b84ccd86efe1214c88164051f6

  • SSDEEP

    24576:Ov9MKQ72cZzFoipVyN31n4sOzTuGag+7B9OE395ghhig:kc72cRCEmn4sOYjB9OOv6V

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 3 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69fa727ccf84c2f677b7231960fdb1c9.exe
    "C:\Users\Admin\AppData\Local\Temp\69fa727ccf84c2f677b7231960fdb1c9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\SysWOW64\calc.exe
      C:\Windows\system32\calc.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=calc.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2912
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9efe288a3c577c0b5850d7d13e2a1ad

    SHA1

    de63fa9690a4c1f7ee5c9499aa64a12f1792e1fb

    SHA256

    2fdaea12da3a3de9b9cb215ef6dc96283ecf8b16974821ebf5728422a9fcc710

    SHA512

    37eb10d124988c631ddd6317afa5b8b268de65edac58a4e63b6327fe263ce448320a8f33836490d364c93b779ab8df6ca16fa20465de0996b37433fe50cc9448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    657a2000a974ca09b5251ba4501af49f

    SHA1

    065ee525e21f60fee5100f45c3ad1930e26e0737

    SHA256

    ce139ebff81ba4cfd9608df6209f5690e24046853cf639059ef8206932597496

    SHA512

    891bf3cc9e91da60598b591e9d2ef8bdb827023ecf67cdc10269dd49220029450c0d85b1ae29468a2434f44ffb50855a37e644af1409ead0bba1767d0a50fabd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4b631cdb71dec6351249372a9c76d02

    SHA1

    e3be35531931fc7b21639a0d2f3d6ebc1dde902a

    SHA256

    0a9761b30b164b54458d449fa3a2334a0e1af505eed7f147649f252a95b628b4

    SHA512

    654ca0172f12677fd3fe0d0f7d685d8098c6a4b0b7653769f8a6fc9e42fc488ecdc6d2cb877ea8a5c126a156ec81b9aa2c29a69d2849afd9f9fefad3b703af73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05b636d2a1ba1c11dd6289bb49e307fc

    SHA1

    8aa03ffb092a96e11d308cc12efddbc4a0e7c916

    SHA256

    b6bee4892554496748ba372f7a788f478714427fd9e1bd44096f6a8f5729bfdf

    SHA512

    f987ad9a987ac3603866ae55072568cc120367fedcd3e23a54fdc3b7d08fcadfd5908244f8991220fcd762aed1708f1ba8d9e03f502c15e058a1e09e5ca20481

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9d44c43c0d86cef5f0fde8a15cc5c5c

    SHA1

    353092f535fd007926db3d81352925c0655bc227

    SHA256

    c53407b7e61d65a892bd1f10ae3e67ac5b3abf4a2b6e7bdb7a6f915b5e3073d4

    SHA512

    d5cb1e8da58ecaa3b6f51ed27672b5d9a73dbbc2cc5ce11a52058e4688821df09a324f4abbb6003443e55799b11cf06c434e3e721830df2b2023e302d310bf4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4723d5426bca01c016e6889bbf7c1ac7

    SHA1

    cf382d248d3169123d0070395322cf3f9f9bba64

    SHA256

    bfc680bfa4444b3bc81025a3155c2236d31c6c35542cdaf73ffd759be4e01f9b

    SHA512

    e5478863b0b345953be7d3ee49c3737d1c83676fab8d23388e762b336ff3f893b1bd2dce5c63b51f7b8c510afa41a9bae1f93eae3f68763d4c91da95b410de67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    676df4ffc69c15df48603be2993b2c79

    SHA1

    5cefce20d101ccde1ff6faed38998c20e164108c

    SHA256

    213b9ef6b4e37e06013b00c4731b9fdf2cd40ca3535ecd04f0319ef8247b0daf

    SHA512

    8b7116ddd1cadc4bcdf5e6bbed425686619f4cebf399e1786d1f23a74599666a37f25321a20d77c2182f8f7304c2ea1b50047c6805f042b27e53333ec049067a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b8ed062a44c710edd2d4b21792aa71d

    SHA1

    2f6ed75c92c0b145b7656e5ba1a576ee5fa3855c

    SHA256

    93b993b610454c8d0d3e673eb3d1c1f96dd385ec6213b31ea5ef5c543ffb130c

    SHA512

    71415e59063d21857739365cc19d9d65d4e7b8afca1be344456f6fde5a50c967868c2c9d8872f5c339be959aaf42455d75f2f4d2090ca452c686a63051bd2c73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbeb30cfa27539ec1ac3bc5636843576

    SHA1

    7840c581cbdb3217e933a0e438171c4382688223

    SHA256

    823ef83fefd26f57a18de81f8d401fd4081030ba986ecdcd81ed045cc810ea01

    SHA512

    8da9dc0f9496f0c08a4960b19e4ede4d7bfce32b6cb7f45f6c73711ff56633e50f9fa3494c4b8177584107bf9dc0f016df20c6a08515f16925c6910044b533e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff64396bfdbacd9818028286362a9df0

    SHA1

    64823452f4190192fd8f9fc7a07972865d7343d1

    SHA256

    30f840ec73c794d2bf13f77d8db3a0bd5399d12ca4b091125a6faf88447ccf20

    SHA512

    79c777e613060ce72f3aa13c1f2c06ca0d9934cda4f691eeb1c324ff7b09ddd0b6dbe266b79a9291f07aa3a8211fc5bf6c7401088f558f3181bf8f145cd4217a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50e012f98a9c48eed207f392dc79e1b3

    SHA1

    2e3b94b0fcc2b7f6f8b767311f88bc3e098a7f74

    SHA256

    9d7919e507d9429b49620066ba458dc6c8a3f1eef53aab2e5206f913a6248e02

    SHA512

    1ef3053a1d49a398255505fb9cc87f759a205139a59abcc6f8151566a9cc4b7916b183ec7d64f750da629f7ec936c09a59d3a1953c8b2f08d5e6b2185906f93b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5bcb51429dc0718e7ccf2e6a27131cf6

    SHA1

    3b3b642d625b14c9264704300ad60fea78a11405

    SHA256

    013e5ba5982ed7759c70064b1cf68c498046688c8917943f7625102670b30329

    SHA512

    c9459c48bc1df07b3f7b324ad1fb1d3fb4c9a5c6d450fadf0ed91b7d910601e8530fd466fd337c7d86fdbd627b91cee0554c34413b31fb3d24d274ae08b5e421

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8682fd5dd30d4a91ac0319e3009434df

    SHA1

    a1b4f2d2f629161e2daff579a557e76d8ce657bf

    SHA256

    99978ca857a8c33a31fae0dc97808fc751818c26ab2f68fa6d1d52f83eca3f02

    SHA512

    3b4ffd6c01004561f15d07268a8c32706dc4324e21854c594fa4f2050c3ab4a8e8b8de34fa2df306de4e5dee7fcba1e25de8b1d606ca8309226c5dbaef19ba08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfbf4f06b1154618fd076c6791ed0959

    SHA1

    90c04e1c4b0dee126edfb3f0b4845f1f8261dcb9

    SHA256

    de491ad52079635850e682eb7c10f5a749c15a73a6ceeae6cabe340861840ac2

    SHA512

    e12deb07d9439e02adda280736d9d668085ac43bc09af0bc841bedc675ac9cfd9b1213a8e8e14d86963b4591b5689e66bcbfcd8ed35c0556304f95afc1d4df55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    543cd4a7cafcd6a6f6fc3b1454415772

    SHA1

    9af8077c02c3acf776b0b73658d980453107c866

    SHA256

    e1443ba6f698a66d9a672fad5373489a8fc5c91dd45ba5667b93f90f7e5209d7

    SHA512

    fee0ad29f992e100174299a33a0548501151735d10cba5ea02d92231a4b44ea0ba138f1fb2d8ff12588c719485a20376a17e610afb0b6eda675b5aee778bc181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b2a0bd65a6e848cf686ac67a7c92bee

    SHA1

    053e38f11fba3ee4c1ccf5ba96841f2c0ee811ea

    SHA256

    e2ea344547d0476084d3e56781ff0b9b769f16acf1f7a69b641df1d01a287c36

    SHA512

    f6fc0c5520b4107763fab01696bdee717680e892112d3af1f0adbbf13882cf185aaf42b2db30e1f07098c80599c0ebe8bb5a3eda5b73ff151403b060dba6a074

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f8412d5338c443a71785796bb4e751c

    SHA1

    a6f20090085f16064cf6301d21c235c965c8ea68

    SHA256

    4537ec557f41f511d3033847e2d4e10b8343f7bb707c32a3775185306993d747

    SHA512

    9a88b1cefeedbe17842bf44db2748c0db34b112596343c000dc48d2370b8dcf27c18263328ea93331cb8960ae00b9e9d9f4c1e933c27ccfb148e04d6e860ec1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43fd278f737d728a96c4bea899791c5a

    SHA1

    42bcb32e7e7cfcde2fc527424371e18dbbf6a5c5

    SHA256

    37acea6b7388f306bdbd13b86485de11ba2c78a6fff3cef8ae663c1ab090d4d1

    SHA512

    d4d8dc006eb2aff93c143473363b011591e4c0e2961704edf49eac7cb7395f32d005262a1a85104501da96b1dcfded5989ee44ce1bc1f8070f96e0b3f1613556

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd80f59c9b683a0809d5709cb59ae55a

    SHA1

    78dea80d600a3c397de0bfb10f50402eee7d3c5c

    SHA256

    9ffc2b5526d175765798dba40e57fc61d8e5678471af90612fecff5231da293f

    SHA512

    e621ed4cb9e2415a77b68baefc59fa19c6ed57a91d7f1a7ac7a066ea6bc425c973260d35f445fedffe22c5420a68a59f36f16c00de43bd9485b119b1cc768a17

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4A4C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4AFB.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2684-6-0x00000000001D0000-0x0000000000300000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2684-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-1-0x00000000001D0000-0x0000000000300000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2684-4-0x00000000001D0000-0x0000000000300000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2684-8-0x00000000001D0000-0x0000000000300000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3068-0-0x0000000000F90000-0x00000000010DD000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3068-441-0x0000000000F90000-0x00000000010DD000-memory.dmp

    Filesize

    1.3MB

    Download