Analysis
-
max time kernel
139s -
max time network
183s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
10/09/2022, 22:15
General
-
Target
789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe
-
Size
2.6MB
-
MD5
0c717a4d5c7c6a0716fa3d788f0b2cdd
-
SHA1
ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27
-
SHA256
789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05
-
SHA512
314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af
-
SSDEEP
49152:DmVRGHUBcBLZ3K5va9tNCyK4Vs9mOpLbO88y8kiaAm3EmB5hwVjrrkxCP3RcdlsG:DmVRbO5Za5voN2aso4bOKiaB3Em1wht5
Malware Config
Signatures
-
Detects Eternity clipper 2 IoCs
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe"C:\Users\Admin\AppData\Local\Temp\789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "SteamsService" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "SteamsService" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"3⤵
- Adds Run key to start application
-
-
-
C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"C:\Users\Admin\AppData\Local\Microsoft\SteamsService.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD50c717a4d5c7c6a0716fa3d788f0b2cdd
SHA1ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27
SHA256789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05
SHA512314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af
-
Filesize
2.6MB
MD50c717a4d5c7c6a0716fa3d788f0b2cdd
SHA1ccebe3bfbd0f46942c27e898b67dcd56c2dd7e27
SHA256789630c437ccf2d7df712ce174ba2336792977a27d203431957c79163f9b9a05
SHA512314e1c5b4569f7ca2db449f4fe5d86dd56972ae59c08ce82618d889c2c311b5d744cb4d52fd7f89411afc30c7e185d8ef46274e2b205076b584bb74a9dd997af
-
Filesize
64KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
10.2MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
8KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
10.2MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
3.8MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
624KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
10.2MB
-
Filesize
240KB
-
Filesize
24KB
-
Filesize
584KB
-
Filesize
5.0MB
-
Filesize
40KB
-
Filesize
10.2MB
-
Filesize
1.6MB
-
Filesize
10.2MB
-
Filesize
10.2MB
-
Filesize
3.8MB
-
Filesize
10.2MB
-
Filesize
104KB
-
Filesize
24KB
-
Filesize
10.2MB