Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.upload.e...

windows10-1703-x64

10

https://www.upload.e...

windows10-2004-x64

1

Analysis

  • max time kernel
    41s
  • max time network
    42s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-06-2023 19:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.upload.ee/files/15250875/csn_hackv2.exe.html

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 4 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.upload.ee/files/15250875/csn_hackv2.exe.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3396
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\csn_hackv2.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\csn_hackv2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3144
      • C:\Users\Admin\AppData\Local\Temp\dcd.exe
        "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
        3⤵
        • Executes dropped EXE
        PID:4940
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3144 -s 1704
        3⤵
        • Program crash
        PID:4984

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_582DC597430784041BB93D3718D1C412
    Filesize

    727B

    MD5

    f248e0a3fc6d93113429f41072d4decb

    SHA1

    736a266eaf90560a3943f9235d6555267f493bfa

    SHA256

    f0663858494c318614b1ab39475508677b15df3be43a66b5ac60dc6bf5551d30

    SHA512

    6ac2f7eb1d90b0dca46e16a7951bab01b57727759633a426bda85a11849c66968e4cfa8ad47102e5d0c53a0bf6ed23094b23c4d305bb20509af1b8f889fd631c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    ddf1a1ee840c8834d02dac6011570106

    SHA1

    42ff466ff18fcf54da4f194a60ad1ed560fc92a4

    SHA256

    2d8493b08d470ef79f7aab91b8977e34913e67624a6ea148badff09ec69675dc

    SHA512

    7ab89343fb67c791289593969f7e4b0ab74522b6a8211cc5b29e7b00bbfbf1dcd47bdb2fde610f7ecf1293d7697a3a0dcce02bdef3a7db2f6555b5e8c65c20c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    471B

    MD5

    83b2af799c5b9fc19d3d35879de45495

    SHA1

    e0914a959dcdd283058ef725c232bfd47b96e7b1

    SHA256

    c1d3b57625b6877d7ddae101163e38e850d67a481f46a8aa63301188f00eded1

    SHA512

    6a00e94a8374762af56a42c7ff7ade9101a29b959d77e2bd69422304341dc7794d5cf1a7abba0279a0c70f0bf225a3fcadc8bcdfeb5d65ecf06873dfbf65b64b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_582DC597430784041BB93D3718D1C412
    Filesize

    408B

    MD5

    adf223d6126de1c59aaff411c9390902

    SHA1

    3c5da5124bbbaf09e7487ef92d3b64bc4034d88c

    SHA256

    b162800b8d341a9f3775903d0e9a4a65e704df16504d0ed21d002974e2792154

    SHA512

    20e43e2726d7681672079d56dd677542c1c971b82d51a2a093e9719d0acc7ea3169c65a536fed2cc105d9fe459e068a17ea2e15aa0d85e79ab597fa8e6d405cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    9db8774fda10fcd884b25915ad4c652f

    SHA1

    51e3a14f46074290baaf48ccddb40e3077e47251

    SHA256

    19368c7c21746d98d0c0a5044affaf77895297fd6bfdcf7d9c121ef484e8a4b2

    SHA512

    e1ebc2762b465a6a87f8918a79e44688f3450668dfbc68f5baf79b3d8a5aee481d019ffb14418f3e8d6966a4fcfefb65329283e189e5549db98365bce102b072

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    400B

    MD5

    8b1070ccf53223a23b5a507d3c363a1c

    SHA1

    1a64f552074358aae7030ad25a6a843b5ea3a3d7

    SHA256

    c09c1ffbd066928c29839890b5afd62a337c790f5a4227e9193caa8b809e1ace

    SHA512

    94c266812e9638f9fa531e0c0890cdee6f8682c084190e9502dfa27f3f596b54a78fb9edbba889a10396fea8db416c85f08ff0c5ea7b3f17318b7fc948211472

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BRTLT95M\www.google[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\480JMPRZ\favicon[1].ico
    Filesize

    1KB

    MD5

    f299cf2e651c19e48d27900ced493ccb

    SHA1

    c2d1086d517d7a26292e0d7b32da7c55b166c23b

    SHA256

    115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

    SHA512

    b46341bfbac50f48afcd2a4e34910901d722ce72f9f34f809916103e01d7ebc11bce15a28bf6449efd49ab9dfef1f84a94e3ad775cbe52d5822996674124b104

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\csn_hackv2.exe
    Filesize

    1.3MB

    MD5

    258fc3454a52b36ed6150f9f2a8ef0f0

    SHA1

    0e4bcdd3f8d607c918e80967b50704f6a2836222

    SHA256

    ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

    SHA512

    6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\csn_hackv2.exe.w7dyawm.partial
    Filesize

    1.3MB

    MD5

    258fc3454a52b36ed6150f9f2a8ef0f0

    SHA1

    0e4bcdd3f8d607c918e80967b50704f6a2836222

    SHA256

    ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

    SHA512

    6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\csn_hackv2[1].exe
    Filesize

    1.3MB

    MD5

    258fc3454a52b36ed6150f9f2a8ef0f0

    SHA1

    0e4bcdd3f8d607c918e80967b50704f6a2836222

    SHA256

    ff79d61d140c25e8c2fb2a049e0f8f67d058eb28f96a753c018befd56f6a7beb

    SHA512

    6b8cd79387f14714d40ff428ca25b5013bf638c673aacf802307cda3628e6eaa3868d8944006bd2a6f8cbf6e7443465789c323c8814b4254e02b10692ff514ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IJG8PS7L.cookie
    Filesize

    686B

    MD5

    cb39ddd8c6295c047c9e24affddefea7

    SHA1

    741ecc036d7576c1b5144c9e57ee9d9851a13374

    SHA256

    e51cc676c3cc0a76325d9571ff7c0dc0cd5a89198ffab224d4ed7a12a6618e12

    SHA512

    6576095b247b88ab18e810181e68e413e3fac225b869b35cfe871fb0d1af9a0d53ce5685758cc0a577617395371ff2970938e595e16cc851193d70628bafe888

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KMRKTKF0.cookie
    Filesize

    70B

    MD5

    3afe7e7e54b7a5051d94f8a751a1050c

    SHA1

    b25d73eaa1519ac0ab930e981bcddde8a9a93c83

    SHA256

    ef45c2923fcb9bafbb55face39ecb9ff2cb9eb07e97ce5f163997544bc631c3c

    SHA512

    0f5d1baf726c71a5712615241dc3349115f9d347fe637fdc02819373645c6a9c693805c749c8b91848f97b10240ed9f177cb73ac54c2a8b57a813a968924a0bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MZ59JHXE.cookie
    Filesize

    243B

    MD5

    30a59dc5bbbb5503140a111aedd888a1

    SHA1

    c031782bdfe75c7e62f131b64ef8df10afc7615b

    SHA256

    53546697b488785199243ff7af8b454eadab8a0e3c73d5450f6120e950b324cf

    SHA512

    af582aae37b37fb776d50a2816f200e10e29516d1c1b9135385018a5540128b7ed523b6212b21f050d50940976fbc5c6b1d76435da067e8172afeeac24aa6482

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\KnoE68C.tmp
    Filesize

    88KB

    MD5

    002d5646771d31d1e7c57990cc020150

    SHA1

    a28ec731f9106c252f313cca349a68ef94ee3de9

    SHA256

    1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

    SHA512

    689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • memory/3144-267-0x0000000002500000-0x0000000002501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-268-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-269-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-270-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-266-0x0000000002510000-0x000000000254E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3144-283-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-282-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-284-0x000000001B090000-0x000000001B0A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3144-265-0x0000000002690000-0x00000000026E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3144-264-0x00000000003F0000-0x0000000000508000-memory.dmp

    Filesize

    1.1MB

    Download