Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://tinyurl.com/...

windows10-1703-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    101s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-06-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tinyurl.com/eternitydownload

Score
10/10
eternityspywarestealer

Malware Config

Signatures

  • Detects Eternity stealer 4 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Program crash 3 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://tinyurl.com/eternitydownload
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3492
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\Eternity.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\Eternity.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Users\Admin\AppData\Local\Temp\dcd.exe
        "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
        3⤵
        • Executes dropped EXE
        PID:5016
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 4844 -s 1748
        3⤵
        • Program crash
        PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4588
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4588 -s 1704
      2⤵
      • Program crash
      PID:3724
  • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4984
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4984 -s 1672
      2⤵
      • Program crash
      PID:4864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_582DC597430784041BB93D3718D1C412
    Filesize

    727B

    MD5

    5111d9453cded5a09aaf8f3ff1e6b6ba

    SHA1

    4e06a594bcd88c0723c5c31e0d7d7f492929cabb

    SHA256

    15f8fec333157fba52bdbdcc29c158a063c563ae4431cd7900df31989092875f

    SHA512

    0615d3c22060833d84354494fe996aa3fc40921df001319d3c94f4f9fa090336279cba2ffa219fdc44d6fe45941ab1403317c5d4852eef17608686abbc53c992

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    6ed1b9e0ada67cd4e13ffe2ebff3202d

    SHA1

    26e57e0292d9b0fdf705748d723c197e50225bb5

    SHA256

    e4256833d3e11cd58e3725ea44482597742a652041a44b3339d371739a6e5735

    SHA512

    749783679cbd1f6f06ea031c22cc262152d57da36acf3778ac54717f5d9400aa0ad388b9898f5b0ff9bdf666f7f4c4ec590f770d48d1bf4301d05ad944746a33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    471B

    MD5

    67151b4e823a1254ca5bac63f0a055a2

    SHA1

    bc7d914c70be93c9665fe51fc59a0afa502097f8

    SHA256

    d1e2cacf37e36e7877d8922c4ee2c5720dcb4404f625c4ba562f39e39f99771a

    SHA512

    60c71ebb87c76c2945c205b9acb8f27ddf25b500ff4eb058d950ed39d038c7a266ca4ce0e74e7af738836284a956eca32988f344d327e816cd9ef5b5ae923a0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_582DC597430784041BB93D3718D1C412
    Filesize

    408B

    MD5

    ce1625be90327a1701f5bd3f39245f6e

    SHA1

    76eac1eed154dd5633378f8a9cbdb02bdd6d0b7c

    SHA256

    dec9f125b51947ea8e06a7c96772d362b4e3246e1f908d87fadf8ac22410ce08

    SHA512

    93aad0e6b6897dd78c86b7baedee4af480d8b13714d7d89f290395e9a5540bff0dcd782d1b21c8cfa2f765464fc1d06f4608049c771547032720af624ea2b879

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    bea1ee27a31e634a8a5a447129067d69

    SHA1

    a4557829f7325f35f11bf62a0cb0a3d9c408bb38

    SHA256

    0d08c0970f23682eab6f8318d20fc631000b28f8976392506d4df453b943f0f0

    SHA512

    4e2a9701c2245369beb72de38c59231f57597a64a6382512fdb31c41ca1810b5893647e3d01e9e312efb831c52442901037a54db4a157cbbb16c1110f8a80bfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    400B

    MD5

    686d4eaa9a30f6ca00a7d3f0132bf51d

    SHA1

    d068dc8397c131ff9eb14003751fc8b598c03578

    SHA256

    c1227806bf202ebebabfcf87ee7abbd7ab95d570e4d3661ead4016a844dceec4

    SHA512

    97bdcbfa6efc3b0dc34577789df7abd00e6075860b43c8c0818365b0fd43d0211e6f54b4a5d62fe54b70649deba81a6623139aa34c92bea17bc96e9dbb7ad2cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M89E9QLF\www.upload[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\Eternity.exe
    Filesize

    1.0MB

    MD5

    337161e45b4d7d642e2d19ee3c8b8bc6

    SHA1

    4b0a8ce8d6f23462be82c4f7ce9a7dd73e0b3ac9

    SHA256

    8f874647e2f6d84e5b1aa43bb8327c055788b260776ea68daf89ddd9634a0247

    SHA512

    e4505895ae5507e47d5ea927cd42585e8a265b689a45dd3bb8802d42993b6ded35dcac95f0c5d257939616d8b138bf15ec97a3f3e9d26bc25502e968a40c5be9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\Eternity.exe.56x8xy6.partial
    Filesize

    1.0MB

    MD5

    337161e45b4d7d642e2d19ee3c8b8bc6

    SHA1

    4b0a8ce8d6f23462be82c4f7ce9a7dd73e0b3ac9

    SHA256

    8f874647e2f6d84e5b1aa43bb8327c055788b260776ea68daf89ddd9634a0247

    SHA512

    e4505895ae5507e47d5ea927cd42585e8a265b689a45dd3bb8802d42993b6ded35dcac95f0c5d257939616d8b138bf15ec97a3f3e9d26bc25502e968a40c5be9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FLQISSZ5\Eternity[1].exe
    Filesize

    1.0MB

    MD5

    337161e45b4d7d642e2d19ee3c8b8bc6

    SHA1

    4b0a8ce8d6f23462be82c4f7ce9a7dd73e0b3ac9

    SHA256

    8f874647e2f6d84e5b1aa43bb8327c055788b260776ea68daf89ddd9634a0247

    SHA512

    e4505895ae5507e47d5ea927cd42585e8a265b689a45dd3bb8802d42993b6ded35dcac95f0c5d257939616d8b138bf15ec97a3f3e9d26bc25502e968a40c5be9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KIQVE9IA\favicon[1].ico
    Filesize

    1KB

    MD5

    f299cf2e651c19e48d27900ced493ccb

    SHA1

    c2d1086d517d7a26292e0d7b32da7c55b166c23b

    SHA256

    115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

    SHA512

    b46341bfbac50f48afcd2a4e34910901d722ce72f9f34f809916103e01d7ebc11bce15a28bf6449efd49ab9dfef1f84a94e3ad775cbe52d5822996674124b104

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KIQVE9IA\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2KI1F9FL.cookie
    Filesize

    241B

    MD5

    727cd34d29586b0e16047a6491250776

    SHA1

    6268883b7236a74760b545121289477d153d8dee

    SHA256

    50060bc8715a76f7c851f544046d8b6a53b2daf526c8f805082d88964296ff36

    SHA512

    6a43ff209ea87382c4d41cb4e6e7208619ccffdad36708d08724153df5f4cb25843943fef7450767613fb070cd470075b3b4f575b0689ea9b7d459feb6db9cfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HTHDRSZL.cookie
    Filesize

    70B

    MD5

    85493959affbcf268d4aeaa5c75e1096

    SHA1

    d1bd20f9ec7066fe817545212d6d694ef0006a19

    SHA256

    d50db4e30dd60665d6362e5ecbe0856a082b67392112619c98cdafa37a670670

    SHA512

    9c8921cb2fdcab0e569ec6100aab9286f94195afcafcd77a78252a79ad30ad53851f579e2e430311fec780a2d1de046dcc006f9ea730e5a95269e9ffbf3e48b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JEOZIY5D.cookie
    Filesize

    371B

    MD5

    c4ef4a86b69d9e963bf5c12f079fdab2

    SHA1

    b8afd4207ca562b89689f3e7f057950d406951b6

    SHA256

    00c9dfe2c9b08fa6087f0aaf1b0f0df641016151d67d32b503365c52e0d0606c

    SHA512

    57e669d1a02396dea086e03a4547ba40f6d7231866c069adefca1748ea4b3057f9ed760005d4c96d10b01b9223d3c7691e4daeb44f4c6b25ad54e1a645e2ba4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YCTQSTPH.cookie
    Filesize

    612B

    MD5

    9f3298a4887842d4f3360204a857585e

    SHA1

    23fb4c62c1bf322f14a303734a86b774445b10d5

    SHA256

    be7b04da1356549049d1bf6dd4d8a0343f24228c6f6f4719b027036683a4c806

    SHA512

    23f3b39966eb2302442314517b7f3bede2cb8e0472eb8a881013fc09a9a0b38e40c4896db422dca48b8b77d77241786fb78b6ea22a0a22d57429c2817175da09

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.sechealthui_cw5n1h2txyewy\AC\Microsoft\Windows\4272278488\3302449443.pri
    Filesize

    65KB

    MD5

    153393e3433cc37fb82899a854dc262c

    SHA1

    db4fe1a5d4700dbd9c3c63febd50ce1b7cbcd881

    SHA256

    c566ced32f0759eb7ced2ecea21eecfec01cf8cd981c54a4fecf0d685067b0de

    SHA512

    a30e6843a26038339aecbc1de847d426ed3886c10a468fd4d02eea19000f868f6aaccdfbbb2e45251570c53c738cb2fea5af53ce3cba8b188d9eebd633ea242a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Kno72A4.tmp
    Filesize

    88KB

    MD5

    002d5646771d31d1e7c57990cc020150

    SHA1

    a28ec731f9106c252f313cca349a68ef94ee3de9

    SHA256

    1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

    SHA512

    689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • memory/4844-248-0x0000000000E70000-0x0000000000F68000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4844-258-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4844-257-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4844-255-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4844-254-0x00000000016C0000-0x00000000016C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4844-250-0x0000000002FF0000-0x000000000302E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4844-249-0x0000000002FA0000-0x0000000002FF0000-memory.dmp

    Filesize

    320KB

    Download