Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-03-2024 01:56
General
-
Target
9c5560fc76e973e7b2284badfe33788fc541b21fa66c2087e3588bea71235bca.exe
-
Size
581KB
-
MD5
77b4883feb5a690e1f58fc8d9143198a
-
SHA1
b605c1085432eceeadb976f673fcf3cfd3f354cc
-
SHA256
9c5560fc76e973e7b2284badfe33788fc541b21fa66c2087e3588bea71235bca
-
SHA512
0948bf74a4375a415326398149907c684e12a631111a10fc6e0902b78081d6768c75b425cff0b6f3f2778c6981f5369ec119816744542e9e6d2feb6553df497a
-
SSDEEP
12288:L0tUv4VmeO8Ze9FFHAZLJLUf9snBS4csPYae6qfzwAA:HMsHAhhUF54clNf7wB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 2 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c5560fc76e973e7b2284badfe33788fc541b21fa66c2087e3588bea71235bca.exe"C:\Users\Admin\AppData\Local\Temp\9c5560fc76e973e7b2284badfe33788fc541b21fa66c2087e3588bea71235bca.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2128 -s 12162⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608KB
-
Filesize
9.9MB
-
Filesize
512KB
-
Filesize
9.9MB