eternity | 57ac46bbdacb1a13afebc579f14ee71ede947ca2f26c57c91528e8863c337765

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:10

Target

394af9cb6f116b9b603ba446401135ed.exe
Size

912KB
MD5

394af9cb6f116b9b603ba446401135ed
SHA1

e05f5961bda0b2c5c3ad05d71f0686eb4f3fb591
SHA256

57ac46bbdacb1a13afebc579f14ee71ede947ca2f26c57c91528e8863c337765
SHA512

92aa3353acd6d80d43ec68c847bc690078177dad628eb330bb6cafcb02369560c49f196421c2becd3e106cf4432dfcdd3d158e5d6904c07e51b468b79bae2326
SSDEEP

12288:sTEYAsROAsrt/uxduo1jB0Y96qG20KEFVynRQ9jFg++6SeXXBhTQcmNvQ:swT7rC6qxEFVMRaxgFPehhkH

Score

10^/10

eternity stealer

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000C20000-0x0000000000D0A000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2968	394af9cb6f116b9b603ba446401135ed.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2992	2968	394af9cb6f116b9b603ba446401135ed.exe	28
PID 2968 wrote to memory of 2992	2968	394af9cb6f116b9b603ba446401135ed.exe	28
PID 2968 wrote to memory of 2992	2968	394af9cb6f116b9b603ba446401135ed.exe	28

C:\Users\Admin\AppData\Local\Temp\394af9cb6f116b9b603ba446401135ed.exe
"C:\Users\Admin\AppData\Local\Temp\394af9cb6f116b9b603ba446401135ed.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2968 -s 760
  2⤵
  PID:2992

memory/2968-0-0x0000000000C20000-0x0000000000D0A000-memory.dmp

Filesize
936KB

Download
memory/2968-1-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2968-3-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2968-4-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download
memory/2968-5-0x00000000009C0000-0x00000000009FE000-memory.dmp

Filesize
248KB

Download
memory/2968-2-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2968-7-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download
memory/2968-6-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download
memory/2968-8-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2968-9-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download