Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    289s
  • max time network
    229s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2023 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe

  • Size

    1.4MB

  • MD5

    51b7efe7f38177392eb8a521959f8cf1

  • SHA1

    290eb873259da1e5026b60bd93d9dc69139637df

  • SHA256

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3

  • SHA512

    2a01f1d450ecd30c062e873da49b132e8e1eae9f9891a8711a4073369c6498f7cbd794c45d3c4c9665bc64a16e31074c9c71ca6eb0b4b65318f395498cf91b57

  • SSDEEP

    24576:GGkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYNy8:GjHZ5MMpoJOp+MIVai7Tq24GjdGSo8

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

Attributes
  • payload_urls

    http://162.244.93.4/~rubin/swo.exe

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
      "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1028
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1092
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1092 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f340256ee6b74a15024d99238aab895

    SHA1

    ba0adb0d30b15511de547c2f0f90ffaccb0123d7

    SHA256

    9296a93670713b63211c947e6c7dea398b145ad9d3586f9ab26d575a7c0546cd

    SHA512

    1d6731febe39e382d85cf884d4901ce7c0275419459e8f37e1150c257a2de712ee7f4e238335e688078ebe32e23df1097c37d70ddc7f1c34fb4499d5f7b6987b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d18ad5fe8aac6c3a0b9f9cb14c93567

    SHA1

    5a2d755ed7205a2138b6de6df2fd90fe2021ad32

    SHA256

    b80b06e60428298f9d3b8b95d7a74fcf42437d12972007c651e4962ca18df93c

    SHA512

    0f49d124353f5ca166aceb2f1f6d66a2cf89dcaa543c77f248662fa5b0568767b0872be9eeb4d561107fb0763a4345a218750f5796d304847f51f56b0bcb54dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58280b6d22e67ddd56a56edd4e8de40b

    SHA1

    b05ae683feee8a1d592383f649740ba8dc15cb0c

    SHA256

    f9deadf0b324daa6ed1ab1384269de4f63e8635c30d0ac77b0ce3f7c394434c9

    SHA512

    e06c1231cf9936ace4ea994627cd1ec026c014452fb29daac29e7dda35061dbb17c740d3c8b8105d860e3181b1088793297051012e50bd7317ed02f499054d96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72375f85d037dcdd178a32270dd801a1

    SHA1

    8ea74a4954150b08a3efedb489aed6df18f0c4ae

    SHA256

    f65ab3b13f53866d088adf7cbebc6a0799db2fbb0f0430dec9c2acd7f9026061

    SHA512

    11adf08692b4f10389a0c89cb1e4686a2634efd87f460976667613766b7fe95a956999526e7d068de1bbf313af0d800d87c5162dafde046604df51dc6ed58f49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf1dfbe585edc5c88e2feeb6ff004355

    SHA1

    2cd29a86e993b7ba59011fdf66cc4d4250279afa

    SHA256

    a515079743e4c7ef00e215709193ef6de7b46c76b6b3a78ebd0715028124054b

    SHA512

    e9ade7bd5dff1d88e68d9362db27895d433f4ebf6e801701aa676f5944e3fae7f7b97c67ee6f246c2f26a2204a2da1d4709304bea4158837b1cd67b46e1a4d92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6b460ff72cb7d09bcaf56dbe2e49e6a

    SHA1

    52f45cc90cbc4f05dc442fccaf944a86b565d0c1

    SHA256

    9dbe28b22f133c93e4ed9679f498ecff1d8359e9b7ce0caac634f355d1a6614d

    SHA512

    c8732d23712165c8a1b0b327538f653a69795e9aa89d6eb8557e2afdab6409434bb063b98577ec14db6e92a415dd9eb114cde15d1796f8d1df6fdce565a2e688

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f14c7d81e3691979d65051d04402536

    SHA1

    adc455ab0ed3bd3e25b1f1c4d224a2a548fd0319

    SHA256

    02ce66d8be594a7f079d2f73fab46cb6fafee4061d7fccda2f20f00e77f6da49

    SHA512

    892095e905e9566af175ba60d1e0e2ac85da65e0f0da3fed1889e643443bc31a1b310888767a3e668d4145da43555a36130c33204a5ac593b426d3ee732cb526

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    feb44e23ab6f1909101bfcff5a0f8268

    SHA1

    d93cfa5355dbf5972c32439236611ef77406ef6f

    SHA256

    c60e9a63858360739ade5e84e84910e11f71b4077c4bcea130fb2a059bc72761

    SHA512

    e1c5544588514a1a76f6a6c7cf65cd69ce60dd0285ea39940442cbe5ed6f88be6665e3a0cb11ef2bdbe42820fc7f347ab1d44ba68cdd6225e9e575a3f9807db1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORT469H\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7226.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar72C7.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\37NOG8E3.txt
    Filesize

    601B

    MD5

    2d982b7fe1a71a0d9ea8010cb0130831

    SHA1

    d1d69269b83190679f58e77437f87dc2c95ed531

    SHA256

    0b6f6d95cd8558450e4614a4d53fcbcb8ff8c55d3892c0a782dd2ef9198e5498

    SHA512

    d99532a9d36e7fc03ab3f7d5644123f40f3b3c9e6bb6ca961f9f9c36462b4691d67afd95b67749972958a2de802234cc28a033e81bec5e5e11a4cdb08c60e9a6

    Download Submit

  • memory/1028-58-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-56-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-55-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-54-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-61-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-57-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-59-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1028-63-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download