Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06-02-2024 03:07
Behavioral task
behavioral1
Sample
93aa999dd6d7651750eaaca67637f97d.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
General
-
Target
93aa999dd6d7651750eaaca67637f97d.exe
-
Size
1.3MB
-
MD5
93aa999dd6d7651750eaaca67637f97d
-
SHA1
f812748e4aa94934d3444b95ddbd6f843bea8703
-
SHA256
c4ee664c29db860f125053f80652823902b108931a7359af95308fd4d55f4f84
-
SHA512
4da4ebc09d38990fd82125b41c54ff691c9ce082fd99d2c86825109fc34da065045fe7d8539b90a96a564648a373e7a4bf8d3e488129d58009cfd2913f7a76cd
-
SSDEEP
24576:pwT7rC6qmG4Dfr5AVKqh4mfb2iGvNStnxz/jG4Dfr5AVKqh4:orC6qmG4Dfr5AVKqam1kS7z/jG4Dfr5h
Malware Config
Signatures
-
Detects Eternity stealer 1 IoCs
resource yara_rule behavioral2/memory/1160-0-0x0000000000D40000-0x0000000000E56000-memory.dmp eternity_stealer -
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93aa999dd6d7651750eaaca67637f97d.exe 93aa999dd6d7651750eaaca67637f97d.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\93aa999dd6d7651750eaaca67637f97d.exe 93aa999dd6d7651750eaaca67637f97d.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1160 93aa999dd6d7651750eaaca67637f97d.exe