Overview

overview

10

Static

static

10

Growtopia Hack.exe

windows7-x64

10

Growtopia Hack.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Growtopia Hack.exe

  • Size

    1.2MB

  • MD5

    3f532a4355da80fc22ce565440f9d73d

  • SHA1

    ad55468ee3271ddf921fc68252ff633a56449d77

  • SHA256

    e14364e74981e5512d4b55360af8dc794d2e00dc758c1952484171e729018536

  • SHA512

    7545619ccc2920b1cefb4cc8f476886b2fcd08124059d0f72570878d9086280251ee9f0206f8fa9e69c249cad4bdab0e299b5ed0fbb7ad6d8223ac76489ed540

  • SSDEEP

    12288:HTEYAsROAsrt/uxduo1jB0Y96qNef7PV64xnAsspqZEeLh0I4oDgJzzq1MlEjFNh:HwT7rC6qmPdhsqBL61oDGCuyw

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 1 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Growtopia Hack.exe
    "C:\Users\Admin\AppData\Local\Temp\Growtopia Hack.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
      2⤵
      • Executes dropped EXE
      PID:1952
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1868
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:444

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      Filesize

      227KB

      MD5

      b5ac46e446cead89892628f30a253a06

      SHA1

      f4ad1044a7f77a1b02155c3a355a1bb4177076ca

      SHA256

      def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

      SHA512

      bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

      Download Submit

    • memory/444-16-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-26-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-28-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-27-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-23-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-25-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-24-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-22-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-18-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/444-17-0x0000022E97B60000-0x0000022E97B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4196-5-0x000000001B7F0000-0x000000001B800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4196-15-0x00007FFC4E380000-0x00007FFC4EE41000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4196-8-0x000000001B7F0000-0x000000001B800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4196-7-0x000000001B7F0000-0x000000001B800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4196-6-0x0000000002E00000-0x0000000002E3E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4196-0-0x0000000000AF0000-0x0000000000BFA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4196-4-0x00000000014A0000-0x00000000014A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4196-3-0x00000000014A0000-0x00000000014A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4196-2-0x000000001B7A0000-0x000000001B7F0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4196-1-0x00007FFC4E380000-0x00007FFC4EE41000-memory.dmp

      Filesize

      10.8MB

      Download