eternity | b9dfb3ec5457015f6a52e92a4f23ef0b6cfcf081703c94b4fb8688b9d33cda09

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 07:19

Target

5c1207273d347421e01531690820f8ec.exe
Size

1.1MB
MD5

5c1207273d347421e01531690820f8ec
SHA1

6b42901dbe173ba67e4ea7c6a33c681015131677
SHA256

b9dfb3ec5457015f6a52e92a4f23ef0b6cfcf081703c94b4fb8688b9d33cda09
SHA512

3c06298e6b7873f20fcbe18fd5cc46db3234957c347d81c5b8b36e0bf3b33f8948e292503c764b5df656ba9293936c92dc51a5e75e7dcdf362006e8c6c115986
SSDEEP

24576:uwT7rC6qREcZiTYHYnCoLjvv3CgUtcZi:3rC6qB4zLM

Score

10^/10

eternity stealer

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/1820-0-0x00000000013B0000-0x00000000014B4000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1820	5c1207273d347421e01531690820f8ec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2684	1820	5c1207273d347421e01531690820f8ec.exe	21
PID 1820 wrote to memory of 2684	1820	5c1207273d347421e01531690820f8ec.exe	21
PID 1820 wrote to memory of 2684	1820	5c1207273d347421e01531690820f8ec.exe	21

C:\Users\Admin\AppData\Local\Temp\5c1207273d347421e01531690820f8ec.exe
"C:\Users\Admin\AppData\Local\Temp\5c1207273d347421e01531690820f8ec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1820 -s 760
  2⤵
  PID:2684

memory/1820-0-0x00000000013B0000-0x00000000014B4000-memory.dmp

Filesize
1.0MB

Download
memory/1820-1-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download
memory/1820-4-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/1820-7-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/1820-6-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/1820-5-0x0000000000A80000-0x0000000000ABE000-memory.dmp

Filesize
248KB

Download
memory/1820-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1820-2-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download
memory/1820-8-0x000007FEF5860000-0x000007FEF624C000-memory.dmp

Filesize
9.9MB

Download
memory/1820-9-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download
memory/1820-10-0x000000001AE10000-0x000000001AE90000-memory.dmp

Filesize
512KB

Download