Overview

overview

10

Static

static

10

Eternity.exe

windows7-x64

10

Eternity.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2024 16:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eternity.exe

  • Size

    40.7MB

  • MD5

    dd25c1eb2ee26fae2e4e1514568f08a2

  • SHA1

    4e1c0cc2354510a550f54692449780b8e5613d01

  • SHA256

    feed95481351dc1e993cdb061ae0eb28bfe18bc46409d231ee1ddc5e7c538181

  • SHA512

    53554600d9f45271658a126a33a08ead6f15ac25736cdc85efaa9e9a831564626f3e42fdbb02f5c2891b743b0127b57e41db5b5857a558710619702d147e8e4f

  • SSDEEP

    786432:hzvsyBy7Mu30RZFaG4ZmI1XHMX+XJQripdhr:ayCMr3EG4TVHjZQr+hr

Score
10/10
growtopiastealer

Malware Config

Signatures

  • Growtopia

    Growtopa is an opensource modular stealer written in C#.

    stealergrowtopia
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Eternity.exe
    "C:\Users\Admin\AppData\Local\Temp\Eternity.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2328
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 1316
      2⤵
      • Program crash
      PID:5108
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2328 -ip 2328
    1⤵
      PID:4284

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2328-0-0x0000000074C80000-0x0000000075430000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2328-1-0x0000000000610000-0x0000000002E70000-memory.dmp

      Filesize

      40.4MB

      Download

    • memory/2328-3-0x0000000007820000-0x0000000007830000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-2-0x0000000007820000-0x0000000007830000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-4-0x0000000007820000-0x0000000007830000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2328-5-0x0000000009D10000-0x000000000B098000-memory.dmp

      Filesize

      19.5MB

      Download

    • memory/2328-6-0x000000000B650000-0x000000000BBF4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2328-7-0x000000000B160000-0x000000000B1F2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2328-8-0x000000000B4A0000-0x000000000B4AA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2328-9-0x0000000074C80000-0x0000000075430000-memory.dmp

      Filesize

      7.7MB

      Download