Overview

overview

10

Static

static

10

3298449aaf...77.exe

windows7-x64

10

3298449aaf...77.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2023 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3298449aaf1bf74a8893876c72a63977.exe

  • Size

    101KB

  • MD5

    3298449aaf1bf74a8893876c72a63977

  • SHA1

    31c58291f508da192fc00683850e152971664bdc

  • SHA256

    2a3cd260eb5330e3fda595621e915561d52db85fdc5fe10adb0996fdfc843550

  • SHA512

    27fdf998bae74e03fe8675f918b70493d470fbecd30c0343dc174d7cfa33dcf1eb1e15eb08d167b844c808377cef2113a6506c7921dbc7471a76aa366a596b5f

  • SSDEEP

    1536:TjD33J59gnWs/5IUvxsP3RyAuAFRY42nLBWmB4c5c2zuTrdDJHG7kjKel:T33H9gRvxsPhyBi2nNnK+c2c5D9Ga3l

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe
    "C:\Users\Admin\AppData\Local\Temp\3298449aaf1bf74a8893876c72a63977.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe
      "C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"
      2⤵
      • Executes dropped EXE
      PID:1536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 900
      2⤵
      • Program crash
      PID:848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe
    Filesize

    11KB

    MD5

    8ab05c31c23248c2ae46809d5fb73e33

    SHA1

    242c046a5fd614242e047d4c4bece9fdc375c952

    SHA256

    781e7f15682ffc1d7d523baa7835084199568054ab5161d63ba6a338b270d202

    SHA512

    81a1820beeae5f811716da764a54f8ba8595a6a533cc63efdfcd178ea84561153deff8434c8d804d7aa4b815f93e9dfc1fb986ae6d25f8b7f36866a159ae52de

    Download Submit
  • memory/1676-54-0x0000000000D60000-0x0000000000D80000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1676-56-0x0000000004950000-0x0000000004990000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1676-60-0x0000000004950000-0x0000000004990000-memory.dmp
    Filesize

    256KB

    Download