Overview

overview

10

Static

static

1

ErinevPred...2.html

windows10-2004-x64

10

Analysis

  • max time kernel
    192s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ErinevPredictorV2.html

  • Size

    423B

  • MD5

    cfe76a74c3339cf650cac5e3dd4c6981

  • SHA1

    402d1ba5a539b8fdcb3292393641fef04bc7d945

  • SHA256

    fd0fda0f486791dca4e978793fba57cd73c2d69bace18450479cf69c8007eec3

  • SHA512

    d6336c990732f03a67c3d70d60c4a28cef4719a6d1c2e2014cf61c69951234b04e3394cf1d19ebca8c17ef4babc63d49fcb18c0b95186c342b9cf70ac6aa9dfc

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 3 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ErinevPredictorV2.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4836 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4444
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\ErinevPredictorV2.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\ErinevPredictorV2.exe"
      2⤵
        PID:3024
        • C:\Users\Admin\AppData\Local\Temp\dcd.exe
          "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
          3⤵
            PID:2172
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4788

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          164c747ec05b351867ac47fb8ac89dcb

          SHA1

          d814dbedc7356af4d274b907692c28baea48dba0

          SHA256

          e675e63c991701c36625eb6ef0d2e009c743f7a6843192f74bd10ac641503181

          SHA512

          895663660c26f74561154925fd7ef4c2ee7e8fe0ad25985f7ed51ceadb476d576450c8c57aa8e8ea350be398b491f0bb5fe54744d7d1e625e4ab97a93b375643

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          caa863d05de1f559f4966f1d7e97fe50

          SHA1

          a9ca5b708f77c73d7ec47a74aaaedd9218b93c5a

          SHA256

          f8a2f35dec35c6e7acd225d7f03f4de4904f4c04bb6ece867605776cf2e5f4e6

          SHA512

          0375197efbad479a2e0af55e4dd59a26d9340575f8ece0dce2924c03ea0ee3c5546c73a8fe5f8455d52ab6fe14277ffa1c57529e77fb554c1542fcf2193ac309

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8RXGHZOE\www.upload[1].xml
          Filesize

          102B

          MD5

          7037120677e50c9d0c11f0c8446e7617

          SHA1

          1a582443681a5c2d0f71fcbcde19538ba83889f2

          SHA256

          df14cd0dc5fccd4b1390b25e5ff4700b423c413248ca6c41bdd23804094c3e10

          SHA512

          1269d966fc06ab3a269f0d588198b2f630894334a2d4e9b5145270db7ff7185e70ceda0501b9b719d1ff3a8f674e10b9ed42859c438e366ba7fb6f5de10f1152

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\25xleom\imagestore.dat
          Filesize

          1KB

          MD5

          cadaf6513c23b3d9557e17a47eabdf29

          SHA1

          cfe44699c92ef80a59896ba8c6469941a87acc5e

          SHA256

          c7e7a6082731ee42023394ea1b90b1b9b5b49f70268cbc783bc0f061cd7c10fd

          SHA512

          e4e5ad556bcf8229b9364ccb7ba105115c93d3ec687e5003cd9a851b0aecfe05f1615275852bf45c90483f86993751588140b795e00e309ed5f4cb6d82d6fe6a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\ErinevPredictorV2.exe
          Filesize

          506KB

          MD5

          e65161241ffff0a88798bd82de4fd0d7

          SHA1

          997e088577510fe9e7269a835bd78fe157d4efde

          SHA256

          637f61f430080b6099f56b0b67efa89547f774c6acc29ac99ed73207339e0405

          SHA512

          92ff1ae07bdef7166e156b8a62af91e2c0e950bcefc1d9c86e206e0a1c7f240344f7962471f40cf79c378835e2c9d0a2364e0aaac84c94327c6a1470fa36c2ce

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7C34XGPV\ErinevPredictorV2.exe.5k8t7j9.partial
          Filesize

          10.3MB

          MD5

          631760bc234ed6111a02d3e75a52dd9d

          SHA1

          d1aaa2c99648d4b704fabd5e24cb7057b7bfadab

          SHA256

          def7738a9d99a602ae776ac4bdc4aae68cbe8b842470adabef64c22addb6b6cc

          SHA512

          0c36a01cc69ee2c683ed136d0cd2b44f503f5d397f381a3e2fb98a5a48f73bc7bfb6ea6fbd01336760f65a31bfa1a382f8fe9a9494be0fce1f082b4268d39035

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\favicon[1].ico
          Filesize

          1KB

          MD5

          f299cf2e651c19e48d27900ced493ccb

          SHA1

          c2d1086d517d7a26292e0d7b32da7c55b166c23b

          SHA256

          115c8eb4840245f7aed0cb2a17fa7e91b86f79bb2f223a25af8cc533e1dedff1

          SHA512

          b46341bfbac50f48afcd2a4e34910901d722ce72f9f34f809916103e01d7ebc11bce15a28bf6449efd49ab9dfef1f84a94e3ad775cbe52d5822996674124b104

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dcd.exe
          Filesize

          64KB

          MD5

          31f12c30f0bf8bdea59fb508530a95fc

          SHA1

          b0592b3f872cb1dbce99c0eac40c9776e1fb4778

          SHA256

          cb66807cce2f29eae1af77d89cbb59d88a9639ffa4ee7e0a40a3c952752d6e24

          SHA512

          62cbc20853ca7e55d5d46df8ee25950cdf2db86a8f2e93747ec133139a1578bd51ba1cd3cd7480997a1b423f70863738412acf12e1915b4119a65f4a29dba931

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\dcd.exe
          Filesize

          181KB

          MD5

          6ac58cf1ec3c24fca83c16835e13ce17

          SHA1

          38287d710976dde6f4ccefc4b95d8b3a15d20b36

          SHA256

          6a97aa4bb6f06e7e6446f9646901942819075c7803505427d1a6f8cabc20d058

          SHA512

          f8ef9b30d4d0eb4d5c220ca0747fd8b94cf84e2507421593e8972214852519be55efc43c71c7a4c6567d6a7526aba718b1d548f456da751410201071bed84aa6

          Download Submit

        • memory/3024-139-0x00000000004C0000-0x00000000005A6000-memory.dmp

          Filesize

          920KB

          Download

        • memory/3024-144-0x0000000002750000-0x0000000002751000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3024-146-0x000000001B260000-0x000000001B270000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3024-145-0x000000001B260000-0x000000001B270000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3024-143-0x00007FFB49380000-0x00007FFB49E41000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3024-142-0x000000001B1C0000-0x000000001B1FE000-memory.dmp

          Filesize

          248KB

          Download

        • memory/3024-141-0x0000000002760000-0x00000000027B0000-memory.dmp

          Filesize

          320KB

          Download

        • memory/3024-140-0x00007FFB49380000-0x00007FFB49E41000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3024-151-0x00007FFB49380000-0x00007FFB49E41000-memory.dmp

          Filesize

          10.8MB

          Download