Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
25-02-2024 07:36
General
-
Target
a339a377abbfb9c0ee85652901cc67b3.exe
-
Size
1.0MB
-
MD5
a339a377abbfb9c0ee85652901cc67b3
-
SHA1
cbafbcefd502b16d4661a2da17fc6d04b34ee0cb
-
SHA256
0a0a341eb3849788273e62d2acd28de82942f01396c7543f85a5b8a8420e0c44
-
SHA512
a43ae5d6cf03c96ae757bdb97521562c64e7248d73791ecfae1498df4e9b7401d359bba5e56a3ba2c16cc0e6f30cfc6b9c421667353cb4677b98977c0082282d
-
SSDEEP
24576:JjE5gAVhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoR4E:go54clgLH+tkWJ0Nj
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a339a377abbfb9c0ee85652901cc67b3.exe"C:\Users\Admin\AppData\Local\Temp\a339a377abbfb9c0ee85652901cc67b3.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-0-0x0000000000320000-0x0000000000426000-memory.dmpFilesize
1.0MB
-
memory/1660-1-0x000007FEF5A40000-0x000007FEF642C000-memory.dmpFilesize
9.9MB
-
memory/1660-2-0x000000001BAC0000-0x000000001BB40000-memory.dmpFilesize
512KB
-
memory/1660-3-0x0000000002470000-0x00000000024E6000-memory.dmpFilesize
472KB
-
memory/1660-4-0x000007FEF5A40000-0x000007FEF642C000-memory.dmpFilesize
9.9MB