Overview

overview

10

Static

static

10

GrowPai In...ai.dll

windows11-21h2-x64

9

GrowPai In...al.exe

windows11-21h2-x64

10

GrowPai In...er.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    87s
  • max time network
    90s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-01-2024 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GrowPai Inzernal/Inzernal.exe

  • Size

    35.7MB

  • MD5

    d815f8a597d063c2a41706fae7bcae96

  • SHA1

    708bc33078ed1d434e39d9fef439b1f545b7abd8

  • SHA256

    bb9e65f3e2d03a24d3a6ccc79ab16208eb391e7db5d150d946e1b9f8932e9683

  • SHA512

    502b1d16894f10518d58564d34dccac84f64ef44d950f1ba9689d243aa0aef09f72fdbe64a106da937b600cc5f204d9ddd8b91bfb401b2ad6d79adb483fd1211

  • SSDEEP

    786432:eF2eoWV9K6d99d7IxW0HR+LswG1mLPo4AKxjU8S8jh1UXo7kfeka0sLNEGJ:eIeoWRd99SxW0H4swG1mbo4S8IXo7WDu

Score
10/10
eternityevasionspywarestealertrojan

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detects Eternity stealer 1 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
    evasiontrojan
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GrowPai Inzernal\Inzernal.exe
    "C:\Users\Admin\AppData\Local\Temp\GrowPai Inzernal\Inzernal.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Drops startup file
    • Windows security modification
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Users\Admin\AppData\Local\Temp\smsufrtu.ntq\Inzector.exe
      "C:\Users\Admin\AppData\Local\Temp\smsufrtu.ntq\Inzector.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3184
    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
      2⤵
      • Executes dropped EXE
      PID:4876
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qpqvxeli.45l.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\smsufrtu.ntq\Inzector.exe
    Filesize

    1012KB

    MD5

    8babe9bbd8846deb011189611ec861fe

    SHA1

    2a13b6bd343dc4f6e2454d0a616f398adac90a9e

    SHA256

    d1d3b403fd30946aafe8865b500389123791deea04f379deb9254178c270c590

    SHA512

    1aa364af161d591a3231bd287c40668edd076c3c0cb7bfc4adad38f2ea221f2604ec55db2dc63f10376b78180db6ecbf38364aa5087d548c014db72d374d24e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\smsufrtu.ntq\Inzector.exe
    Filesize

    961KB

    MD5

    3dcb7f6e0e44092655f5aa81e2361b39

    SHA1

    71395bbd0ee61868df2be1e354017b0349652162

    SHA256

    cf70b871a3f7e010b8b88a344ef210c16ee1b4e0001640811dcb4b910c7e22ac

    SHA512

    d926a5fa3fcc45ed70b381bb4adff4843722f813c3812c14d5af2c09b7620cfe95450ff35cb8266f5abcd4536a3a0c2318ad47910f25c3e0d3adead8aca00b20

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\smsufrtu.ntq\Inzector.exe
    Filesize

    711KB

    MD5

    6f070731e67a76ef1dbda7136fd91274

    SHA1

    0f9bf09153ee415ffaf06e04729ae821c6f1a7e2

    SHA256

    6d9ead88e317ae55150717e07cb97bbffb0b735932cac878b39cbfdc175b3100

    SHA512

    b8a069aa846ccd7285fdb2b94d590e885a2f671c3ef04bda4817b755fe9e665e7f2732603078c7a1c76bf767ac4cc94ee65cc8e1ed9bd5e7d6742de851361019

    Download Submit

  • memory/864-4-0x00000000045F0000-0x00000000045F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/864-6-0x000000001D3E0000-0x000000001E580000-memory.dmp

    Filesize

    17.6MB

    Download

  • memory/864-7-0x000000001D2D0000-0x000000001D2E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/864-3-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/864-5-0x000000001D2D0000-0x000000001D2E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/864-2-0x000000001CF90000-0x000000001CFE0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/864-1-0x0000000000030000-0x00000000023EE000-memory.dmp

    Filesize

    35.7MB

    Download

  • memory/864-50-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/864-0-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/864-32-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3184-37-0x00007FFB02A90000-0x00007FFB02A92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-40-0x0000000140000000-0x0000000141DE2000-memory.dmp

    Filesize

    29.9MB

    Download

  • memory/3184-33-0x00007FFB03C90000-0x00007FFB03C92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-49-0x0000000140000000-0x0000000141DE2000-memory.dmp

    Filesize

    29.9MB

    Download

  • memory/3184-36-0x00007FFB03CB0000-0x00007FFB03CB2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-35-0x00007FFB03CA0000-0x00007FFB03CA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-39-0x00007FFB014E0000-0x00007FFB014E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-41-0x00007FFB014F0000-0x00007FFB014F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3184-38-0x00007FFB02AA0000-0x00007FFB02AA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4468-34-0x0000020CFD5F0000-0x0000020CFD600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4468-20-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4468-22-0x0000020CFD5F0000-0x0000020CFD600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4468-23-0x0000020CFD510000-0x0000020CFD532000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4468-47-0x00007FFAE2B90000-0x00007FFAE3652000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4468-21-0x0000020CFD5F0000-0x0000020CFD600000-memory.dmp

    Filesize

    64KB

    Download