eternity | 2a3cd260eb5330e3fda595621e915561d52db85fdc5fe10adb0996fdfc843550

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09/03/2023, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3298449aaf1bf74a8893876c72a63977.exe
Size

101KB
MD5

3298449aaf1bf74a8893876c72a63977
SHA1

31c58291f508da192fc00683850e152971664bdc
SHA256

2a3cd260eb5330e3fda595621e915561d52db85fdc5fe10adb0996fdfc843550
SHA512

27fdf998bae74e03fe8675f918b70493d470fbecd30c0343dc174d7cfa33dcf1eb1e15eb08d167b844c808377cef2113a6506c7921dbc7471a76aa366a596b5f
SSDEEP

1536:TjD33J59gnWs/5IUvxsP3RyAuAFRY42nLBWmB4c5c2zuTrdDJHG7kjKel:T33H9gRvxsPhyBi2nNnK+c2c5D9Ga3l

Score

10^/10

eternity

Malware Config

Signatures

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Executes dropped EXE 1 IoCs

pid	Process
1536	MigRegDB.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
848	1676	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 848	1676	3298449aaf1bf74a8893876c72a63977.exe	29
PID 1676 wrote to memory of 848	1676	3298449aaf1bf74a8893876c72a63977.exe	29
PID 1676 wrote to memory of 848	1676	3298449aaf1bf74a8893876c72a63977.exe	29
PID 1676 wrote to memory of 848	1676	3298449aaf1bf74a8893876c72a63977.exe	29

C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe
"C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe
  "C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 900
  2⤵
  - Program crash
  PID:848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe

Filesize
11KB

MD5
8ab05c31c23248c2ae46809d5fb73e33

SHA1
242c046a5fd614242e047d4c4bece9fdc375c952

SHA256
781e7f15682ffc1d7d523baa7835084199568054ab5161d63ba6a338b270d202

SHA512
81a1820beeae5f811716da764a54f8ba8595a6a533cc63efdfcd178ea84561153deff8434c8d804d7aa4b815f93e9dfc1fb986ae6d25f8b7f36866a159ae52de

Download Submit
memory/1676-54-0x0000000000D60000-0x0000000000D80000-memory.dmp

Filesize
128KB

Download
memory/1676-56-0x0000000004950000-0x0000000004990000-memory.dmp

Filesize
256KB

Download
memory/1676-60-0x0000000004950000-0x0000000004990000-memory.dmp

Filesize
256KB

Download