eternity | 76697d9efe6d8bc524f762f77e3f30aa46b4bf2d141ecf683f36b1dd1ce80ed2

Analysis

max time kernel
133s
max time network
145s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09/03/2023, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00d53e03f0d550699293537ba1e8a06d.exe
Size

769KB
MD5

00d53e03f0d550699293537ba1e8a06d
SHA1

9604edac085c30fba52e3ace78e8ae7b050024fa
SHA256

76697d9efe6d8bc524f762f77e3f30aa46b4bf2d141ecf683f36b1dd1ce80ed2
SHA512

729a20aa467adc12543ef56472a73ac5b7cf3fb9060e9cd76a61c6a460c6ae0c555182fe48b122245dbb3694802901907529d8b6e16e39178530e58fb2418493
SSDEEP

24576:+uAJ1MuTKLeeLYJXpjYFoPa7uARsVrq+ZT:+7ZTKamaeJRkBZ

Score

10^/10

eternity

Malware Config

Signatures

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Executes dropped EXE 1 IoCs

pid	Process
1356	noises.exe

Loads dropped DLL 1 IoCs

pid	Process
908	00d53e03f0d550699293537ba1e8a06d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1356	noises.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
588	DllHost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1356	908	00d53e03f0d550699293537ba1e8a06d.exe	29
PID 908 wrote to memory of 1356	908	00d53e03f0d550699293537ba1e8a06d.exe	29
PID 908 wrote to memory of 1356	908	00d53e03f0d550699293537ba1e8a06d.exe	29
PID 908 wrote to memory of 1356	908	00d53e03f0d550699293537ba1e8a06d.exe	29

C:\Users\Admin\AppData\Local\Temp\00d53e03f0d550699293537ba1e8a06d.exe
"C:\Users\Admin\AppData\Local\Temp\00d53e03f0d550699293537ba1e8a06d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:908
- C:\Users\Admin\AppData\Local\Temp\noises.exe
  "C:\Users\Admin\AppData\Local\Temp\noises.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1356

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\noises.exe

Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
C:\Users\Admin\AppData\Local\Temp\noises.exe

Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
C:\Users\Admin\AppData\Local\Temp\noises.png

Filesize
678KB

MD5
e37abd57f54a31d05048679dd02e027b

SHA1
2f915cbbbcd3453b1c3b083c2387b3b47665cb0f

SHA256
77d1aa0c2195a4f644296b681295865cdb3c71bb6c380b69c2f43338f653acf5

SHA512
e8fc9c73e2f43814f9ccdab19dd9cb30344bcf31170ea4dcb645c55eedd4602c6b61f6ab469b8a0bda8a719f45acff7ed5c380a4f8b55b569b30f0fd7246685a

Download Submit
\Users\Admin\AppData\Local\Temp\noises.exe

Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
memory/588-57-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/588-60-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/588-70-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/908-54-0x00000000002F0000-0x00000000003B6000-memory.dmp

Filesize
792KB

Download
memory/908-56-0x0000000001EC0000-0x0000000001EC2000-memory.dmp

Filesize
8KB

Download
memory/908-58-0x00000000048E0000-0x0000000004920000-memory.dmp

Filesize
256KB

Download
memory/1356-67-0x0000000000C80000-0x0000000000C9A000-memory.dmp

Filesize
104KB

Download
memory/1356-69-0x0000000004750000-0x0000000004790000-memory.dmp

Filesize
256KB

Download