Overview

overview

10

Static

static

3

AutoClick.exe

windows7-x64

10

AutoClick.exe

windows10-2004-x64

10

Resubmissions

22-03-2024 17:46

240322-wcdldaed78 10

22-03-2024 13:04

240322-qaz4pseb4w 10

Analysis

  • max time kernel
    141s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-03-2024 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AutoClick.exe

  • Size

    1.8MB

  • MD5

    18082775ad95b33564a1129ecd3caf9a

  • SHA1

    2197f396533b532e044eb271c333985da1fd3675

  • SHA256

    9651a812e057af1920b6700e3ef0c6b6bc147c65be3546d9ab0900dedd0be1b6

  • SHA512

    8bfc97d454aa11aacef3bb14e24bb0fb5df0f86cc7ba24241571b708d54dd50a31578ae008c1fa20fd0a868f039e84599aaf06a19d4959e223972bc9952cc6a5

  • SSDEEP

    49152:37Ckt5baqAC/8yfMSpvoY+b5MreCb9Eb36Sn:3X5balCTDAYPXbCz6C

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Support DLL 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoClick.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoClick.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3632
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\VaultVM.Runtime.MSIL.1.0.0.0\NativePRo.dll
    Filesize

    40KB

    MD5

    94173de2e35aa8d621fc1c4f54b2a082

    SHA1

    fbb2266ee47f88462560f0370edb329554cd5869

    SHA256

    7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

    SHA512

    cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp541B.tmp\9aab9f6f-d7e7-465b-be5a-acf483285623.dll
    Filesize

    770KB

    MD5

    fcdce22248e6f6751dd6e67360f2abd8

    SHA1

    689711c1954bc5f50a73b092e31a68f4a19299b9

    SHA256

    d5e1bef0eb91637790223515625e2c0dd77bb4591d2e58d1f65cfe0c75577c65

    SHA512

    d4e8ac8f8900dfd3041747cc116773008191fcd754fb1eec8e4cffe343393250adc02d7c55ddf11f4fc4c649bd27f3004b0ed65484659130d5ebc60ff23cc5dd

    Download Submit

  • memory/3052-26-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-25-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-19-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-18-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-29-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-28-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-27-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-24-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-23-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-17-0x0000020419B60000-0x0000020419B61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3632-6-0x0000000001BB0000-0x0000000001BBE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3632-7-0x0000000005C70000-0x0000000005C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3632-16-0x0000000005C70000-0x0000000005C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3632-32-0x0000000005C70000-0x0000000005C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3632-15-0x0000000005D90000-0x0000000005D9A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3632-14-0x0000000005E20000-0x0000000005EB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3632-0-0x0000000000FD0000-0x00000000011A4000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3632-13-0x00000000063D0000-0x0000000006974000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3632-12-0x0000000005C10000-0x0000000005C54000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3632-30-0x0000000075250000-0x0000000075A00000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3632-31-0x0000000005C70000-0x0000000005C80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3632-1-0x0000000075250000-0x0000000075A00000-memory.dmp

    Filesize

    7.7MB

    Download