Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
22-01-2024 01:05
General
-
Target
50ec312ca31e71d5128358026056711660baacc13e9a88af64363155dca7df79.exe
-
Size
659KB
-
MD5
e2812ccf1dd1f50c7a435e8c30b151a8
-
SHA1
0d76a779b75599e30a43f8a03f5581c8f3e19e2a
-
SHA256
50ec312ca31e71d5128358026056711660baacc13e9a88af64363155dca7df79
-
SHA512
c716c58a4c66cf27ea22c2e7042391d27209d138d01b4fdc14576d0f8546d62cebf7d9956c44705802df722e41bb45b9aff27a4e94afa04ec1230646d3885009
-
SSDEEP
12288:yA03baYUMm7XEOfQL32ikCaUS4csRBse6sfWnAA:yA03baYUBjfy3k94cunZenB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\50ec312ca31e71d5128358026056711660baacc13e9a88af64363155dca7df79.exe"C:\Users\Admin\AppData\Local\Temp\50ec312ca31e71d5128358026056711660baacc13e9a88af64363155dca7df79.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1680-0-0x0000021228C20000-0x0000021228CCC000-memory.dmpFilesize
688KB
-
memory/1680-1-0x000002122A950000-0x000002122A962000-memory.dmpFilesize
72KB
-
memory/1680-2-0x00007FFC9EB20000-0x00007FFC9F5E1000-memory.dmpFilesize
10.8MB
-
memory/1680-3-0x0000021243310000-0x0000021243320000-memory.dmpFilesize
64KB
-
memory/1680-4-0x000002122AA10000-0x000002122AA4C000-memory.dmpFilesize
240KB
-
memory/1680-5-0x0000021243320000-0x0000021243422000-memory.dmpFilesize
1.0MB
-
memory/1680-6-0x00007FFC9EB20000-0x00007FFC9F5E1000-memory.dmpFilesize
10.8MB