eternity | 3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf | Triage

Submit
Reports

Overview

overview

Static

static

3cded3354f...af.exe

windows7-x64

3cded3354f...af.exe

windows10-2004-x64

Sharing

General

Target

3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf
Size

347KB
Sample

230125-y34xcsca8w
MD5

dafc8e7ccd381af36f19267a2a9b3f9b
SHA1

742c9021f4f0fb264c32a59a66e3ac514b8e166b
SHA256

3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf
SHA512

70779917d042e4dc65dbac4fda2f521721f9deb42e67e4cfe3eb3a82ff508da3303b96e71bff37b2e95f51d8be7fc6e8987bb0244bd6d2be857c0e0bd44bfa4e
SSDEEP

6144:58CS6KWJ0XJWcPZ1PiqbeiS8XDMs9HHCUA:KC9IgWrPiN0YEHHFA

Score

10^/10

eternity evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf.exe

Resource

win7-20220812-en

eternity evasion ransomware

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf.exe

Resource

win10v2004-20221111-en

eternity evasion ransomware

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf
- Size
  
  347KB
- MD5
  
  dafc8e7ccd381af36f19267a2a9b3f9b
- SHA1
  
  742c9021f4f0fb264c32a59a66e3ac514b8e166b
- SHA256
  
  3cded3354fbcfaad7112c599b3622680a632e601602ea4f5faa07a6bcc8cbeaf
- SHA512
  
  70779917d042e4dc65dbac4fda2f521721f9deb42e67e4cfe3eb3a82ff508da3303b96e71bff37b2e95f51d8be7fc6e8987bb0244bd6d2be857c0e0bd44bfa4e
- SSDEEP
  
  6144:58CS6KWJ0XJWcPZ1PiqbeiS8XDMs9HHCUA:KC9IgWrPiN0YEHHFA
Score

10^/10

eternity evasion ransomware
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

eternityevasionransomware

behavioral2

eternityevasionransomware

© 2018-2025

Terms | Privacy