Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

1

Analysis

  • max time kernel
    157s
  • max time network
    229s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2023 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe

  • Size

    1.4MB

  • MD5

    51b7efe7f38177392eb8a521959f8cf1

  • SHA1

    290eb873259da1e5026b60bd93d9dc69139637df

  • SHA256

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3

  • SHA512

    2a01f1d450ecd30c062e873da49b132e8e1eae9f9891a8711a4073369c6498f7cbd794c45d3c4c9665bc64a16e31074c9c71ca6eb0b4b65318f395498cf91b57

  • SSDEEP

    24576:GGkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYNy8:GjHZ5MMpoJOp+MIVai7Tq24GjdGSo8

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

Attributes
  • payload_urls

    http://162.244.93.4/~rubin/swo.exe

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
      "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1504
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da3136a8b7641d3429fce225962966e0

    SHA1

    5a2a0f4b5dfc24e97c59b5bdd58afb7ff83aaf72

    SHA256

    cf65ac74b1eadf51b48b5dcbfc2fbbd0524baa1b124a0bb973ef9bfd7b30fa80

    SHA512

    387b11b878a950b5acad3d8407dfbdb546c74604aa052f4d13a3cae646753fc3bbf37168205832fac652a55f619c356faee88b99265bc59489d42efa1dd32d1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e912857689b49bd637239b3eb2758f87

    SHA1

    3bb3e78198f79de48aeef58f96d7099601f1c3c8

    SHA256

    92743e8a1b6a2e15961a839da3a0c3cf66715b83e43b2a07c17c8acd34ac69d7

    SHA512

    f2af80f2bd20c67df8573c2d653b0ccbd9c606012310edb44e5a6636c792c1d5ed95b42ba5e4341041f637796b6398e6ef2a70a693bf44918ab31819a16b719c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66d3d30fe790761391a1549f5057caa5

    SHA1

    71ceb21537ff98edd47807d44fa9489134ffc735

    SHA256

    bda31be2aea2788f49e55b44b23e9f22797292a1d56547b0770425c487bf2b29

    SHA512

    ae7dd85f3f3e796c739f14f26f8506f189e557136e9b48cb91260779e7e50db346eeac5122f1c9aea30672858af9b841676394741ab77a5de3f958dfc0bee434

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51124b48922b2092eefcc43a7b8db53b

    SHA1

    3bcaf2f0e9019d9639947439959c7f444602fb32

    SHA256

    9b68baaf5ecb5f708bb22ccc830154a4f4803e74fa04072a847adf8c54b9e2d3

    SHA512

    baaf4073647a43493fa64be5c45aaa640fefab6cb2569f7e645daf994a83d9fe541660541c70cec127654672e68f16d245b3ee58b7305b756692e7e3e4fc960e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0173288d9e3ccb6593c8da93a9d583c0

    SHA1

    3745dcf1b44ab657dc6c44249fcfb8e69e54f0c0

    SHA256

    56b7f6a9974da2ee94e87130e477ee67c5c682352165533380ca80afa03996cc

    SHA512

    2baccdca582ee7805627f7f65b01b0a6773fad567a8b5f626b0bf4fee43d1e4dbf798cb843e049af25e1ed1bcc8f30a7db81c15c302ef232cdacef3b18887f27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f4cda8397a1a5d50cb8647d7f48c8b0

    SHA1

    ed87282c9c16e202b5a8a6261cdb1a74757e077b

    SHA256

    be5cd71860a21c3619c8e1281feabc1df8746636da99a7246b561bb94fa6ff6a

    SHA512

    973ce032ba7f9ec9efb64a963c479d3f25fe2cb4dd6a2aeab5d6c0f49708a55e55c8ff43da2f4dafcf6c959d4623df5a3defc50f81c30ce0c46ffaf31d82a785

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07942beef4919229cbfd660cc581284f

    SHA1

    1af56401010bf250b6defc98202508ad37e2faa6

    SHA256

    2e75e0ae30c3d4ab205980fb8a1b2c4666c87bbc5dac207c2d204e8acbf072c7

    SHA512

    4b40df2369b1eb8383c8aad21772faea1cdacc85e220257290ec61116e968a9cb6fe777df9fd3076482005faff003f31df1befd723b6b1263ea035f85c7d00bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b922cc6fc730ed2cfc68ba3afc93a4b2

    SHA1

    edc3d4e44f1408f9a82e8cd4a0ac88a08572357b

    SHA256

    d4ec9ccd08d18bb45f5d0f033b756d7e8a5d353fb8fb66d1ba868029a1d78845

    SHA512

    7be2ca23e2f63b6fd9f1175de0090b2b9330beaff4c50006457b615be21044b4c236cbf9dadfe4270fb93456356ced5e2645a40ebb40aa9b6cdd27e12366193f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76511692bc266984097ea2d7f2f5c575

    SHA1

    19ef9557debbcdfe521525a2b6d65982927d2554

    SHA256

    287dccd3be76af98edc266010bcd229bdd461b3ef85e8e2b9f648ee64b7444a1

    SHA512

    7c9fff8c4c3ba38fb158d2a611fd1194952e00abbfa43272159a272587fb9bd5e83eff96391975991be41a1d4ac6bdfdd48209150ee97e0f4d3ecce7a8df0f1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90WC9I6\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab653A.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar66A6.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R8SRO35X.txt
    Filesize

    606B

    MD5

    8db985cd0f09c5dead0eb4ba739ff383

    SHA1

    939b6c0b1bb1060ead6478a2a2d3ba5d33a31088

    SHA256

    2d8e3d7e2e6ff8293c63ced066c734a40e618676928580073dec874baef6a5f8

    SHA512

    caeee7faf9dcebcea1631b06e78e5e7309104dfcca4c5dd43646b73916004b7dc7722e3efad989fb11b8f8069f8e10b526c74fdddd9c09d1f54900bcde5aa0a1

    Download Submit

  • memory/2012-58-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-55-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-54-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-56-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-61-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-57-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-59-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-63-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download