Analysis

  • max time kernel
    81s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2022, 10:15

General

  • Target

    24b99a15afb676da6886b5b020d938c82704799876d4fcb4d611c7c7188c1e8a.exe

  • Size

    3.3MB

  • MD5

    4d05c920040c671e49187a179033c50b

  • SHA1

    387a1318539ff16974c21ed6e78fbcbe8e73e3fa

  • SHA256

    24b99a15afb676da6886b5b020d938c82704799876d4fcb4d611c7c7188c1e8a

  • SHA512

    f86f5a2e11ceed5a212ae1c61d1c1f31d125ee09cd007610db0db0720fedc08d874807defa029136e6c063ab1e03f47b67298d25a827ebe45ce7f774e5c79849

  • SSDEEP

    49152:Duvjict75qI24MnFmAhxC5fGQRbZtU4axGtOEdzx5onb5EnWcq3jAvKUYgeGc:Duvjict4nFLxafGQNTUNxNMLoVtcWdP

Score
10/10

Malware Config

Extracted

Family

eternity

Attributes
  • payload_urls

    http://178.20.44.214/edgedownload.exe

    http://178.20.44.214/a.exe

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

  • Downloads MZ/PE file
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24b99a15afb676da6886b5b020d938c82704799876d4fcb4d611c7c7188c1e8a.exe
    "C:\Users\Admin\AppData\Local\Temp\24b99a15afb676da6886b5b020d938c82704799876d4fcb4d611c7c7188c1e8a.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2016

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1536-54-0x0000000000390000-0x0000000000B5C000-memory.dmp

          Filesize

          7.8MB

        • memory/1536-57-0x0000000075681000-0x0000000075683000-memory.dmp

          Filesize

          8KB

        • memory/1536-58-0x0000000006230000-0x000000000644E000-memory.dmp

          Filesize

          2.1MB

        • memory/1536-59-0x0000000002780000-0x00000000027B4000-memory.dmp

          Filesize

          208KB

        • memory/1536-60-0x00000000026A0000-0x00000000026B8000-memory.dmp

          Filesize

          96KB

        • memory/1536-61-0x0000000002910000-0x000000000292A000-memory.dmp

          Filesize

          104KB

        • memory/1536-62-0x0000000002930000-0x0000000002936000-memory.dmp

          Filesize

          24KB

        • memory/2016-63-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-64-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-66-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-67-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-68-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-71-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-73-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-75-0x0000000005B30000-0x0000000005C7A000-memory.dmp

          Filesize

          1.3MB

        • memory/2016-76-0x00000000055B0000-0x00000000056D2000-memory.dmp

          Filesize

          1.1MB

        • memory/2016-77-0x00000000007E0000-0x00000000007FA000-memory.dmp

          Filesize

          104KB