Overview

overview

10

Static

static

10

006a0eecd5...64.exe

windows7-x64

10

006a0eecd5...64.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2023 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    006a0eecd58bad79212c0c4757cfb264.exe

  • Size

    101KB

  • MD5

    006a0eecd58bad79212c0c4757cfb264

  • SHA1

    59ec2fa436052ba3a4deffe0f8e65d952c12df8d

  • SHA256

    0396e012683038f15388fac6b1db2db167572ee5288ebe8cb61c0c189d0b87e8

  • SHA512

    61ac341d684a721433b48f93c99c32e402711d0b1541688255bb9f9a719348f1ce40876e347704efdc1ad7c559650f63dd5f8244c71439a3d327d06c54ae2acd

  • SSDEEP

    1536:uEerxZK7ZEJgahcqa3NfjGYjIhE2i7PccDnNMM1QFE0gHI9n/kdRaAWXVNr5Y7RW:ObSZChhS3NrVJxDnNLaAWDri9gHf

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\006a0eecd58bad79212c0c4757cfb264.exe
    "C:\Users\Admin\AppData\Local\Temp\006a0eecd58bad79212c0c4757cfb264.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe
      "C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"
      2⤵
      • Executes dropped EXE
      PID:1324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 900
      2⤵
      • Program crash
      PID:1736

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe
    Filesize

    11KB

    MD5

    8ab05c31c23248c2ae46809d5fb73e33

    SHA1

    242c046a5fd614242e047d4c4bece9fdc375c952

    SHA256

    781e7f15682ffc1d7d523baa7835084199568054ab5161d63ba6a338b270d202

    SHA512

    81a1820beeae5f811716da764a54f8ba8595a6a533cc63efdfcd178ea84561153deff8434c8d804d7aa4b815f93e9dfc1fb986ae6d25f8b7f36866a159ae52de

    Download Submit
  • memory/1472-54-0x0000000000940000-0x0000000000960000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1472-56-0x0000000004870000-0x00000000048B0000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1472-60-0x0000000004870000-0x00000000048B0000-memory.dmp
    Filesize

    256KB

    Download