Overview

overview

10

Static

static

10

a591e8d5b6...71.exe

windows7-x64

10

a591e8d5b6...71.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2023, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071.exe

  • Size

    199KB

  • MD5

    18b8eaaca17c55a378a88b6767b14d7c

  • SHA1

    cc3b16b0cee1476790ace32097d7a5e903d3ee50

  • SHA256

    a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071

  • SHA512

    d193e675688a43bc3caad08ea7e3b58d40f7eca01ee562ab213915f76a3ea245b4b168fb19c15523cceee937b428a147d8537e80d11a881e0cd8be13750a2fa6

  • SSDEEP

    3072:VzMkEejtozYaGKfYE7VcCAZXiLF6nzL6LHVLKs+qb6jNXlwZA8a00f:VzpEQ+soAEpcCAZXiLF6zL6NPkwer

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071.exe
    "C:\Users\Admin\AppData\Local\Temp\a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe
      "C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe"
      2⤵
      • Executes dropped EXE
      PID:3068
    • C:\Users\Admin\AppData\Local\Temp\tmp6C1.tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp6C1.tmp.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe
    Filesize

    104KB

    MD5

    217dd189b66b68149ed4f7e8c9ba1dd9

    SHA1

    83cf7ed2c94afa35d0c80b7b2ea8d6da08f68285

    SHA256

    f4a1550bfefbdc09da82f53ce94ef3261c75db1cc7c1edd1074d31f828a47316

    SHA512

    19ae23131aa4b8a59d8e9c8617d09bf8d3b904ba4a60637c682aa973c7347a1898ffc62e15e9928b7a6cd9434f5c2348d37fb010e5c3c15ce0ddd22d5715cadb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\PerceptionSimulationService.exe
    Filesize

    104KB

    MD5

    217dd189b66b68149ed4f7e8c9ba1dd9

    SHA1

    83cf7ed2c94afa35d0c80b7b2ea8d6da08f68285

    SHA256

    f4a1550bfefbdc09da82f53ce94ef3261c75db1cc7c1edd1074d31f828a47316

    SHA512

    19ae23131aa4b8a59d8e9c8617d09bf8d3b904ba4a60637c682aa973c7347a1898ffc62e15e9928b7a6cd9434f5c2348d37fb010e5c3c15ce0ddd22d5715cadb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp6C1.tmp.exe
    Filesize

    76KB

    MD5

    dbb92d6b3c324f8871bc508830b05c14

    SHA1

    4507d24c7d78a24fe5d92f916ed972709529ced0

    SHA256

    376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

    SHA512

    d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp6C1.tmp.exe
    Filesize

    76KB

    MD5

    dbb92d6b3c324f8871bc508830b05c14

    SHA1

    4507d24c7d78a24fe5d92f916ed972709529ced0

    SHA256

    376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

    SHA512

    d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp6C1.tmp.exe
    Filesize

    76KB

    MD5

    dbb92d6b3c324f8871bc508830b05c14

    SHA1

    4507d24c7d78a24fe5d92f916ed972709529ced0

    SHA256

    376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

    SHA512

    d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

    Download Submit

  • memory/220-159-0x00000000008D0000-0x00000000008EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/220-160-0x00000000051E0000-0x00000000051F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/220-161-0x00000000051E0000-0x00000000051F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1472-133-0x0000000000DC0000-0x0000000000DF6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/1472-135-0x0000000005770000-0x0000000005780000-memory.dmp

    Filesize

    64KB

    Download