Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
09-03-2023 18:01
Behavioral task
behavioral1
Sample
3298449aaf1bf74a8893876c72a63977.exe
Resource
win7-20230220-en
General
-
Target
3298449aaf1bf74a8893876c72a63977.exe
-
Size
101KB
-
MD5
3298449aaf1bf74a8893876c72a63977
-
SHA1
31c58291f508da192fc00683850e152971664bdc
-
SHA256
2a3cd260eb5330e3fda595621e915561d52db85fdc5fe10adb0996fdfc843550
-
SHA512
27fdf998bae74e03fe8675f918b70493d470fbecd30c0343dc174d7cfa33dcf1eb1e15eb08d167b844c808377cef2113a6506c7921dbc7471a76aa366a596b5f
-
SSDEEP
1536:TjD33J59gnWs/5IUvxsP3RyAuAFRY42nLBWmB4c5c2zuTrdDJHG7kjKel:T33H9gRvxsPhyBi2nNnK+c2c5D9Ga3l
Malware Config
Signatures
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE 1 IoCs
Processes:
MigRegDB.exepid process 1536 MigRegDB.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 848 1676 WerFault.exe 3298449aaf1bf74a8893876c72a63977.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
3298449aaf1bf74a8893876c72a63977.exedescription pid process target process PID 1676 wrote to memory of 848 1676 3298449aaf1bf74a8893876c72a63977.exe WerFault.exe PID 1676 wrote to memory of 848 1676 3298449aaf1bf74a8893876c72a63977.exe WerFault.exe PID 1676 wrote to memory of 848 1676 3298449aaf1bf74a8893876c72a63977.exe WerFault.exe PID 1676 wrote to memory of 848 1676 3298449aaf1bf74a8893876c72a63977.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe"C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 9002⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\MigRegDB.exeFilesize
11KB
MD58ab05c31c23248c2ae46809d5fb73e33
SHA1242c046a5fd614242e047d4c4bece9fdc375c952
SHA256781e7f15682ffc1d7d523baa7835084199568054ab5161d63ba6a338b270d202
SHA51281a1820beeae5f811716da764a54f8ba8595a6a533cc63efdfcd178ea84561153deff8434c8d804d7aa4b815f93e9dfc1fb986ae6d25f8b7f36866a159ae52de
-
memory/1676-54-0x0000000000D60000-0x0000000000D80000-memory.dmpFilesize
128KB
-
memory/1676-56-0x0000000004950000-0x0000000004990000-memory.dmpFilesize
256KB
-
memory/1676-60-0x0000000004950000-0x0000000004990000-memory.dmpFilesize
256KB