Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    107s
  • max time network
    230s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2023 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe

  • Size

    1.4MB

  • MD5

    51b7efe7f38177392eb8a521959f8cf1

  • SHA1

    290eb873259da1e5026b60bd93d9dc69139637df

  • SHA256

    a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3

  • SHA512

    2a01f1d450ecd30c062e873da49b132e8e1eae9f9891a8711a4073369c6498f7cbd794c45d3c4c9665bc64a16e31074c9c71ca6eb0b4b65318f395498cf91b57

  • SSDEEP

    24576:GGkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYNy8:GjHZ5MMpoJOp+MIVai7Tq24GjdGSo8

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

Attributes
  • payload_urls

    http://162.244.93.4/~rubin/swo.exe

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe
      "C:\Users\Admin\AppData\Local\Temp\a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a1e67d3495c39dd403f65217cb7368a468c66e5ccc790752dacc7e581b5d26b3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9beb07fd77ef50d422e638a413af0871

    SHA1

    11d0b09da48eaf1a8354388b69c8353c348818bc

    SHA256

    bf1d619f11c7ae2fb8f1e9c8b13f38a87cfdaa537cfcd5525d253529f0757638

    SHA512

    3a0cad439c919049a2e06fa96d1e9f0a4a30b287e760646345102b05eb5b41c2d47817af85a321e0c04254163f3552de259f1fea06200b136ac1ac9c0e94a78f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    342549c6c43490422c5e8781a5c1d7a6

    SHA1

    7cbc5bd9eefdf7ad04b0ec4138e090371ce48ab0

    SHA256

    229a14b1cc62cefcc082ef1259ff897fcb7a28685d850fdd676a9e817707c73d

    SHA512

    a42f0f8ea83b57c234d80cf68b0ab44c6ce4d3dd917445a947a2082009d16758a22a394fc58b096da4466c83430109efcb5187c9c7d3a70c742c6f30bff49d71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2424072adf6c12b9837fe5567a57720e

    SHA1

    014853cec340c22ad4ad44885e393ee7807346fc

    SHA256

    6da0ad5f219578f772acc311e956b7ae4e6f008e610115f33d477a9a3b8372c2

    SHA512

    8fe9fe99d61ece35665a69422e94788646df539626a9c071eb9d2e4cf90518e90d1e4763c76df07eefbaab60c3cf2520c40206c37eb405ada3fc4f53d8860ba5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12fa3d4211a9cb1770648f83ea496118

    SHA1

    a7b36087aa8d802be6ae83d2a2c199bc495921c7

    SHA256

    18fa1900b5e6432998cf7078cd3e48ccc90cecfffdd4eed8cc1bff4fb3502e8d

    SHA512

    16bfcdf1d4f24cf33b4ef0effa88c8c3acc842b51b283bcc18775dd71b2068ec704b43498ffdcf028a05e4452bea40f6cac6221dcbcdc681cee5dbcb1de18aa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    663e4639c1ee8226eb75ceee4a69d168

    SHA1

    d9a0ec357da2e766d9928523eb64ea8c64fc6ca6

    SHA256

    8934b6cc24e3e2d024c76ae861752705a9dbe44f7b8972a374a7470e811b961b

    SHA512

    7b9a9523b7cb37cd9660af6b29b0b01c6eceb98c89f006673d0911b8f5653310fff7568168b23c8561172787ae1154b648519b94a8831ff02ea23347cf40b117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9387095b8ad21472cfaf0c825f1d2cc

    SHA1

    cab8fe11b5ee1a38df3e6e0eb2b19b92ad507ce2

    SHA256

    b58dca55360825e8ce6b7bb1c8f03ec69eb3aace0d445e625ccb37eccdb88998

    SHA512

    b96a9b3bd86c1e200105f7df5b01c82028630300c8686b66d004d064132f6f3eecd970f8216b209b92865c3cb4aa615edf365fdce82c5c88858d67fb856316dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    406c35828c05234a03661a0f65656dbf

    SHA1

    104aaeb4a30d3ab3254eeb7992c2b95fa975a917

    SHA256

    1fc1860d7af8c7f20a831690ef7f7075a9a47e8235374d5d4f9cbf18a1bf08c2

    SHA512

    ca1a5c1b00f334c03bcc4042436cbc061777fa8c2b3581e344973e87ab2360f8479dde9ae42273e99dd5ccbd3ad14e4eadf5c9ed9dacb915cf85efb774710c44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd7579b93fb09f704f4a7c6b03ac3d8c

    SHA1

    29e87165327b2906df5232ee9555bec6ed4c26b7

    SHA256

    8b05f4b3a79b20028706c7084d5f995ed02eff1c0c4d2dd890e7bf97dd300798

    SHA512

    81bee01d2075ba8fd7dadc68552e9aa67a36f9f31aeda8fd82d04573747204c07502c3cee16a302cd475815a01721b8ca80c45796e79f47aa73e0d3da5e98eba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b23efd9bd074512345bc943c2c679a76

    SHA1

    08cf417d6dd02421acbca7654d8253512771348f

    SHA256

    d4e917d8fd8cf3b6006b52bc869a5e0680a5626b6c83c52be48aebb43ce065f5

    SHA512

    6b7c97e7da538a0da58ab4ac713513e7db9a41e20f3a4101f8c03fb0b88151de6bfbaaf2e235a335b091a00bd4230e30f2823ffcd17b5fac9395c1dd72ca53ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6b637b24364aa37114a3d235304faef

    SHA1

    eb8d56fa84141815cf1e2fecbced0979296ab7d5

    SHA256

    8faab13cdd8f97a6897515d01bf1ffc9d043542b21a11b770e2a3a9478673eef

    SHA512

    1131d945e31b8c10b7dff2b668ae120b9fae2b2bbeffda1bd5c78dcf4453d678baf8af74d397be8e3d72474d41ddafa190000e9da175b0c321ff087a2ee429f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1de72731471b4675787aae6734f40a2

    SHA1

    67b37cbc41a73ae8c83633dda0c582b099937dd2

    SHA256

    ac09d4ce239b7eec709962f1598275da55b5c1c6887a77a78442ee44d92f966d

    SHA512

    158f81ab44294ca5fd00b161d14af965065c996ef136510325f8640ef3950e9ecd427d97aefe9e09b87137f4af61a9958fc93cfa126f9a99f8707be3224dd340

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3dea79f741405444c72ac13c56f48f71

    SHA1

    1cee5de3f1714a3b0bc3e63e6756e7264ba4a8d7

    SHA256

    c9fa2353259fea8adb07e51380df1a33cfdff29091d70ccb58190addc36e002f

    SHA512

    9ad23191e674d105184bc05d2d41f2b402ee1a55b3421d5163309ea45030bd7f153a76ed9f8f41e025c1294051b9c791e0819c269b819e2852e272d2b4347737

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPQI3YTS\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8097.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8147.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SBTB7QL5.txt
    Filesize

    601B

    MD5

    3c64dbf38ea32a2d967df7da85a94d53

    SHA1

    4bf61e278d5ccfbee7e6dd66f8012e1561266907

    SHA256

    3b9bb049a007801a146249020c3822da4ec5dd2a0a52d3171fc589e6b456559b

    SHA512

    7dbd4bc677ce547e2d62db412cf06247055088d9aff358b5ecf9dbff4fc226e6c2e5c7e63f2c795e63492161cdd3169341e29a70db87436441b6427562bb4ba4

    Download Submit

  • memory/1740-57-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-55-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-54-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-56-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-58-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1740-59-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-61-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1740-63-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download