Overview

overview

10

Static

static

1

csn_hackv2.html

windows7-x64

10

csn_hackv2.html

windows10-2004-x64

10

Resubmissions

13-06-2023 18:14

230613-wvhcaaaa58 10

13-06-2023 18:11

230613-wsvvlaad41 10

Analysis

  • max time kernel
    124s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2023 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    csn_hackv2.html

  • Size

    409B

  • MD5

    72b1976505fae025f4f5a1271dde71d2

  • SHA1

    76be1e871cdfbe31c7bd1c0178c5685eea60813e

  • SHA256

    84bcfb6ffc7f2d05ef0675c2b31c6981a95715c07400389626bea4259d4bdab6

  • SHA512

    da4e935014aae7edfbfa6e6a99b566ebebbfee29c7ee218f8e14015f22243f86ef84ed1caabfed59b7dfb5eb6242839a521d523bdc79c9d1ba7672d7b4bea3a3

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 4 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Program crash 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\csn_hackv2.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3544 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4732
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\csn_hackv2.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\csn_hackv2.exe"
      2⤵
        PID:1224
        • C:\Users\Admin\AppData\Local\Temp\dcd.exe
          "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
          3⤵
            PID:1900
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -u -p 1224 -s 1884
            3⤵
            • Program crash
            PID:3720
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 412 -p 1224 -ip 1224
        1⤵
          PID:2452
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /7
          1⤵
            PID:1108

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
            Filesize

            779B

            MD5

            6acc0e5e7b8cb3fec8c4624860ab13d7

            SHA1

            49d869abae92841afe5550fe912b53fb01df7166

            SHA256

            47a51968387ab181adab1dfd9cc9f234dbcbaa2c899507172bbd733c77b7f276

            SHA512

            0c91411566ccb047dc9118765e921eb770069f2408ec4d472bdf75801a8ebda7ad7bc11559fa39b3a0231a217cfbdbd0011fb0c9672d75663a96efc38d502436

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
            Filesize

            246B

            MD5

            307cfe3a7696fc0c6788118d0586a610

            SHA1

            ef9e64976129231857e48817f7a11b36405b65d4

            SHA256

            6d46e0e5c2e338a6a2bc8abe994cab593434cdcbe5d8a5b75a2e4e864813a298

            SHA512

            8dc8ef131e70bd3686c0484697bd7e155dad2de2527846bfb830fb1028caddc7fdbab24f1573d7a844bae256b1ba1a7403bdcdf6fd91f38eec49e7c0995d471d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CEHQ4R1G\www.upload[1].xml
            Filesize

            13B

            MD5

            c1ddea3ef6bbef3e7060a1a9ad89e4c5

            SHA1

            35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

            SHA256

            b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

            SHA512

            6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
            Filesize

            1KB

            MD5

            57e73e4e04b050a332d4c7a5c2d74ca7

            SHA1

            a7051c06c71788c96eba3c4d447771dc7ed006d5

            SHA256

            91202aaa181ca6c0e0ca88fd57290ea18f6a04ea25ccbc5cfc5ea775f8c7758b

            SHA512

            bbec0758a79ee4679a22466748d480a2a2918c2e51be5f08ca58967ebd601f9f1db3544c2b531bc71b2924526e34653e277fc32f3800270c37d10810d48c6cf1

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\csn_hackv2.exe
            Filesize

            1.3MB

            MD5

            258fc3454a52b36ed6150f9f2a8ef0f0

            SHA1

            0e4bcdd3f8d607c918e80967b50704f6a2836222

            SHA256

            ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

            SHA512

            6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\csn_hackv2.exe.a0zyqu2.partial
            Filesize

            1.3MB

            MD5

            258fc3454a52b36ed6150f9f2a8ef0f0

            SHA1

            0e4bcdd3f8d607c918e80967b50704f6a2836222

            SHA256

            ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

            SHA512

            6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\csn_hackv2[1].exe
            Filesize

            1.3MB

            MD5

            258fc3454a52b36ed6150f9f2a8ef0f0

            SHA1

            0e4bcdd3f8d607c918e80967b50704f6a2836222

            SHA256

            ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

            SHA512

            6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H82VOZS\favicon[1].ico
            Filesize

            1KB

            MD5

            f299cf2e651c19e48d27900ced493ccb

            SHA1

            c2d1086d517d7a26292e0d7b32da7c55b166c23b

            SHA256

            115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

            SHA512

            b46341bfbac50f48afcd2a4e34910901d722ce72f9f34f809916103e01d7ebc11bce15a28bf6449efd49ab9dfef1f84a94e3ad775cbe52d5822996674124b104

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\dcd.exe
            Filesize

            227KB

            MD5

            b5ac46e446cead89892628f30a253a06

            SHA1

            f4ad1044a7f77a1b02155c3a355a1bb4177076ca

            SHA256

            def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

            SHA512

            bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\dcd.exe
            Filesize

            227KB

            MD5

            b5ac46e446cead89892628f30a253a06

            SHA1

            f4ad1044a7f77a1b02155c3a355a1bb4177076ca

            SHA256

            def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

            SHA512

            bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

            Download Submit

          • memory/1224-259-0x0000000000C30000-0x0000000000D48000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/1224-260-0x0000000002EF0000-0x0000000002F40000-memory.dmp

            Filesize

            320KB

            Download

          • memory/1224-261-0x00000000013B0000-0x00000000013B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1224-262-0x0000000002F60000-0x0000000002F70000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1224-263-0x0000000002F60000-0x0000000002F70000-memory.dmp

            Filesize

            64KB

            Download