Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    107s
  • max time network
    230s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2023, 05:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe

  • Size

    1.4MB

  • MD5

    51b7efe7f38177392eb8a521959f8cf1

  • SHA1

    290eb873259da1e5026b60bd93d9dc69139637df

  • SHA256

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3

  • SHA512

    2a01f1d450ecd30c062e873da49b132e8e1eae9f9891a8711a4073369c6498f7cbd794c45d3c4c9665bc64a16e31074c9c71ca6eb0b4b65318f395498cf91b57

  • SSDEEP

    24576:GGkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYNy8:GjHZ5MMpoJOp+MIVai7Tq24GjdGSo8

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

Attributes
  • payload_urls

    http://162.244.93.4/~rubin/swo.exe

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
      "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:672

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9beb07fd77ef50d422e638a413af0871

          SHA1

          11d0b09da48eaf1a8354388b69c8353c348818bc

          SHA256

          bf1d619f11c7ae2fb8f1e9c8b13f38a87cfdaa537cfcd5525d253529f0757638

          SHA512

          3a0cad439c919049a2e06fa96d1e9f0a4a30b287e760646345102b05eb5b41c2d47817af85a321e0c04254163f3552de259f1fea06200b136ac1ac9c0e94a78f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          342549c6c43490422c5e8781a5c1d7a6

          SHA1

          7cbc5bd9eefdf7ad04b0ec4138e090371ce48ab0

          SHA256

          229a14b1cc62cefcc082ef1259ff897fcb7a28685d850fdd676a9e817707c73d

          SHA512

          a42f0f8ea83b57c234d80cf68b0ab44c6ce4d3dd917445a947a2082009d16758a22a394fc58b096da4466c83430109efcb5187c9c7d3a70c742c6f30bff49d71

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2424072adf6c12b9837fe5567a57720e

          SHA1

          014853cec340c22ad4ad44885e393ee7807346fc

          SHA256

          6da0ad5f219578f772acc311e956b7ae4e6f008e610115f33d477a9a3b8372c2

          SHA512

          8fe9fe99d61ece35665a69422e94788646df539626a9c071eb9d2e4cf90518e90d1e4763c76df07eefbaab60c3cf2520c40206c37eb405ada3fc4f53d8860ba5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          12fa3d4211a9cb1770648f83ea496118

          SHA1

          a7b36087aa8d802be6ae83d2a2c199bc495921c7

          SHA256

          18fa1900b5e6432998cf7078cd3e48ccc90cecfffdd4eed8cc1bff4fb3502e8d

          SHA512

          16bfcdf1d4f24cf33b4ef0effa88c8c3acc842b51b283bcc18775dd71b2068ec704b43498ffdcf028a05e4452bea40f6cac6221dcbcdc681cee5dbcb1de18aa1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          663e4639c1ee8226eb75ceee4a69d168

          SHA1

          d9a0ec357da2e766d9928523eb64ea8c64fc6ca6

          SHA256

          8934b6cc24e3e2d024c76ae861752705a9dbe44f7b8972a374a7470e811b961b

          SHA512

          7b9a9523b7cb37cd9660af6b29b0b01c6eceb98c89f006673d0911b8f5653310fff7568168b23c8561172787ae1154b648519b94a8831ff02ea23347cf40b117

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b9387095b8ad21472cfaf0c825f1d2cc

          SHA1

          cab8fe11b5ee1a38df3e6e0eb2b19b92ad507ce2

          SHA256

          b58dca55360825e8ce6b7bb1c8f03ec69eb3aace0d445e625ccb37eccdb88998

          SHA512

          b96a9b3bd86c1e200105f7df5b01c82028630300c8686b66d004d064132f6f3eecd970f8216b209b92865c3cb4aa615edf365fdce82c5c88858d67fb856316dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          406c35828c05234a03661a0f65656dbf

          SHA1

          104aaeb4a30d3ab3254eeb7992c2b95fa975a917

          SHA256

          1fc1860d7af8c7f20a831690ef7f7075a9a47e8235374d5d4f9cbf18a1bf08c2

          SHA512

          ca1a5c1b00f334c03bcc4042436cbc061777fa8c2b3581e344973e87ab2360f8479dde9ae42273e99dd5ccbd3ad14e4eadf5c9ed9dacb915cf85efb774710c44

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cd7579b93fb09f704f4a7c6b03ac3d8c

          SHA1

          29e87165327b2906df5232ee9555bec6ed4c26b7

          SHA256

          8b05f4b3a79b20028706c7084d5f995ed02eff1c0c4d2dd890e7bf97dd300798

          SHA512

          81bee01d2075ba8fd7dadc68552e9aa67a36f9f31aeda8fd82d04573747204c07502c3cee16a302cd475815a01721b8ca80c45796e79f47aa73e0d3da5e98eba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b23efd9bd074512345bc943c2c679a76

          SHA1

          08cf417d6dd02421acbca7654d8253512771348f

          SHA256

          d4e917d8fd8cf3b6006b52bc869a5e0680a5626b6c83c52be48aebb43ce065f5

          SHA512

          6b7c97e7da538a0da58ab4ac713513e7db9a41e20f3a4101f8c03fb0b88151de6bfbaaf2e235a335b091a00bd4230e30f2823ffcd17b5fac9395c1dd72ca53ed

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f6b637b24364aa37114a3d235304faef

          SHA1

          eb8d56fa84141815cf1e2fecbced0979296ab7d5

          SHA256

          8faab13cdd8f97a6897515d01bf1ffc9d043542b21a11b770e2a3a9478673eef

          SHA512

          1131d945e31b8c10b7dff2b668ae120b9fae2b2bbeffda1bd5c78dcf4453d678baf8af74d397be8e3d72474d41ddafa190000e9da175b0c321ff087a2ee429f7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c1de72731471b4675787aae6734f40a2

          SHA1

          67b37cbc41a73ae8c83633dda0c582b099937dd2

          SHA256

          ac09d4ce239b7eec709962f1598275da55b5c1c6887a77a78442ee44d92f966d

          SHA512

          158f81ab44294ca5fd00b161d14af965065c996ef136510325f8640ef3950e9ecd427d97aefe9e09b87137f4af61a9958fc93cfa126f9a99f8707be3224dd340

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3dea79f741405444c72ac13c56f48f71

          SHA1

          1cee5de3f1714a3b0bc3e63e6756e7264ba4a8d7

          SHA256

          c9fa2353259fea8adb07e51380df1a33cfdff29091d70ccb58190addc36e002f

          SHA512

          9ad23191e674d105184bc05d2d41f2b402ee1a55b3421d5163309ea45030bd7f153a76ed9f8f41e025c1294051b9c791e0819c269b819e2852e272d2b4347737

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPQI3YTS\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8097.tmp
          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar8147.tmp
          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SBTB7QL5.txt
          Filesize

          601B

          MD5

          3c64dbf38ea32a2d967df7da85a94d53

          SHA1

          4bf61e278d5ccfbee7e6dd66f8012e1561266907

          SHA256

          3b9bb049a007801a146249020c3822da4ec5dd2a0a52d3171fc589e6b456559b

          SHA512

          7dbd4bc677ce547e2d62db412cf06247055088d9aff358b5ecf9dbff4fc226e6c2e5c7e63f2c795e63492161cdd3169341e29a70db87436441b6427562bb4ba4

          Download Submit

        • memory/1740-57-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-55-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-54-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-56-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-58-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1740-59-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-61-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1740-63-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download