Overview

overview

10

Static

static

10

18b8eaaca1...7c.exe

windows7-x64

10

18b8eaaca1...7c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2023 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18b8eaaca17c55a378a88b6767b14d7c.exe

  • Size

    199KB

  • MD5

    18b8eaaca17c55a378a88b6767b14d7c

  • SHA1

    cc3b16b0cee1476790ace32097d7a5e903d3ee50

  • SHA256

    a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071

  • SHA512

    d193e675688a43bc3caad08ea7e3b58d40f7eca01ee562ab213915f76a3ea245b4b168fb19c15523cceee937b428a147d8537e80d11a881e0cd8be13750a2fa6

  • SSDEEP

    3072:VzMkEejtozYaGKfYE7VcCAZXiLF6nzL6LHVLKs+qb6jNXlwZA8a00f:VzpEQ+soAEpcCAZXiLF6zL6NPkwer

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18b8eaaca17c55a378a88b6767b14d7c.exe
    "C:\Users\Admin\AppData\Local\Temp\18b8eaaca17c55a378a88b6767b14d7c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe
      "C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe"
      2⤵
      • Executes dropped EXE
      PID:1412
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 896
      2⤵
      • Program crash
      PID:1496

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe
    Filesize

    104KB

    MD5

    217dd189b66b68149ed4f7e8c9ba1dd9

    SHA1

    83cf7ed2c94afa35d0c80b7b2ea8d6da08f68285

    SHA256

    f4a1550bfefbdc09da82f53ce94ef3261c75db1cc7c1edd1074d31f828a47316

    SHA512

    19ae23131aa4b8a59d8e9c8617d09bf8d3b904ba4a60637c682aa973c7347a1898ffc62e15e9928b7a6cd9434f5c2348d37fb010e5c3c15ce0ddd22d5715cadb

    Download Submit
  • memory/1728-54-0x00000000003F0000-0x0000000000426000-memory.dmp
    Filesize

    216KB

    Download
  • memory/1728-56-0x0000000004450000-0x0000000004490000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1728-60-0x0000000004450000-0x0000000004490000-memory.dmp
    Filesize

    256KB

    Download