echelon | 607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-02-2024 01:29

Target

607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe
Size

99KB
MD5

1d8121368bf1309b6e74d33bed7bd18d
SHA1

45ae5348faac14c78a8a1b40f4bfa982d4c52ddd
SHA256

607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae
SHA512

0ef35fb90dda505f0fecf875fa0834b02b728da9111c3a4b5abb6e17157b68fbef6f4bd7a66a7edc7ba29462f371fdbe1b015a505dfb992f82e07769e8502a40
SSDEEP

3072:zUgSQhPduEyU1jxACwGI6omgyQm4IIGVyM0mby5oBl1XPE:zUgSQhluEyU1jxACwGI6omgyQm47pTmB

Score

10^/10

Detects Echelon Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2252-0-0x0000000000BE0000-0x0000000000C00000-memory.dmp	family_echelon

Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
stealer spyware echelon

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe

description	pid	process	target process
PID 2252 wrote to memory of 1600	2252	607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe	WerFault.exe
PID 2252 wrote to memory of 1600	2252	607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe	WerFault.exe
PID 2252 wrote to memory of 1600	2252	607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe
"C:\Users\Admin\AppData\Local\Temp\607241f1d3734cec39869a0a2ffaf969ced0f1953fcf8d79f15c68911fd5deae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2252 -s 832
  2⤵
  PID:1600

memory/2252-0-0x0000000000BE0000-0x0000000000C00000-memory.dmp

Filesize
128KB

Download
memory/2252-1-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download
memory/2252-2-0x000007FEF5710000-0x000007FEF60FC000-memory.dmp

Filesize
9.9MB

Download