Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
09-03-2023 18:08
Behavioral task
behavioral1
Sample
006a0eecd58bad79212c0c4757cfb264.exe
Resource
win7-20230220-en
General
-
Target
006a0eecd58bad79212c0c4757cfb264.exe
-
Size
101KB
-
MD5
006a0eecd58bad79212c0c4757cfb264
-
SHA1
59ec2fa436052ba3a4deffe0f8e65d952c12df8d
-
SHA256
0396e012683038f15388fac6b1db2db167572ee5288ebe8cb61c0c189d0b87e8
-
SHA512
61ac341d684a721433b48f93c99c32e402711d0b1541688255bb9f9a719348f1ce40876e347704efdc1ad7c559650f63dd5f8244c71439a3d327d06c54ae2acd
-
SSDEEP
1536:uEerxZK7ZEJgahcqa3NfjGYjIhE2i7PccDnNMM1QFE0gHI9n/kdRaAWXVNr5Y7RW:ObSZChhS3NrVJxDnNLaAWDri9gHf
Malware Config
Signatures
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE 1 IoCs
Processes:
MigRegDB.exepid process 2028 MigRegDB.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1992 2016 WerFault.exe 006a0eecd58bad79212c0c4757cfb264.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
006a0eecd58bad79212c0c4757cfb264.exedescription pid process target process PID 2016 wrote to memory of 1992 2016 006a0eecd58bad79212c0c4757cfb264.exe WerFault.exe PID 2016 wrote to memory of 1992 2016 006a0eecd58bad79212c0c4757cfb264.exe WerFault.exe PID 2016 wrote to memory of 1992 2016 006a0eecd58bad79212c0c4757cfb264.exe WerFault.exe PID 2016 wrote to memory of 1992 2016 006a0eecd58bad79212c0c4757cfb264.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\006a0eecd58bad79212c0c4757cfb264.exe"C:\Users\Admin\AppData\Local\Temp\006a0eecd58bad79212c0c4757cfb264.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"C:\Users\Admin\AppData\Local\Temp\MigRegDB.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 9002⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\MigRegDB.exeFilesize
11KB
MD58ab05c31c23248c2ae46809d5fb73e33
SHA1242c046a5fd614242e047d4c4bece9fdc375c952
SHA256781e7f15682ffc1d7d523baa7835084199568054ab5161d63ba6a338b270d202
SHA51281a1820beeae5f811716da764a54f8ba8595a6a533cc63efdfcd178ea84561153deff8434c8d804d7aa4b815f93e9dfc1fb986ae6d25f8b7f36866a159ae52de
-
memory/2016-54-0x0000000000A60000-0x0000000000A80000-memory.dmpFilesize
128KB
-
memory/2016-56-0x0000000004790000-0x00000000047D0000-memory.dmpFilesize
256KB
-
memory/2016-60-0x0000000004790000-0x00000000047D0000-memory.dmpFilesize
256KB