Analysis
-
max time kernel
144s -
max time network
180s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
-
submitted
24-09-2022 22:24
General
-
Target
e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe
-
Size
5.9MB
-
MD5
77bf70f8c1da395f912d51fff3e6b18a
-
SHA1
b43ba34649de3f6a1371d50cfe54f81e1fbf23f4
-
SHA256
e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729
-
SHA512
07b53ffe3ead2b151c17c97c1af025bf81313cd26e92f73508680ca7c273c1494de0f36ca7038ae9c39c74395cf1c36daa5fa2ba051058b17f08cac85bb7550d
-
SSDEEP
98304:MyPKcjUaampDA4HZpEkEno6DxWd9NadL+++zMap5Eiyao6UTzm9gFJFjH:zicdampfHZ6fo6DxLu/p5EiC6U2qfF
Malware Config
Signatures
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 49 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe"C:\Users\Admin\AppData\Local\Temp\e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"2⤵
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- outlook_office_path
- outlook_win_path
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
-
C:\Windows\SysWOW64\netsh.exenetsh wlan show profile4⤵
-
-
C:\Windows\SysWOW64\findstr.exefindstr All4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile name="65001" key=clear | findstr Key3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
-
C:\Windows\SysWOW64\netsh.exenetsh wlan show profile name="65001" key=clear4⤵
-
-
C:\Windows\SysWOW64\findstr.exefindstr Key4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.14⤵
- Runs ping.exe
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
-
-
-
-
-
-
-
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
26.0MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
26.0MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
3.8MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
584KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
26.0MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
208KB
-
Filesize
5.0MB
-
Filesize
624KB
-
Filesize
40KB
-
Filesize
96KB
-
Filesize
3.8MB
-
Filesize
104KB
-
Filesize
24KB
-
Filesize
26.0MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
-
-
Filesize
360KB
-
Filesize
408KB
-
Filesize
320KB
-