Overview

overview

10

Static

static

10

Hugo Proxy.zip

windows7-x64

1

Hugo Proxy.zip

windows10-2004-x64

1

Hugo Proxy...xy.exe

windows7-x64

10

Hugo Proxy...xy.exe

windows10-2004-x64

10

Hugo Proxy/items.dat

windows7-x64

3

Hugo Proxy/items.dat

windows10-2004-x64

3

Hugo Proxy...64.dll

windows7-x64

1

Hugo Proxy...64.dll

windows10-2004-x64

1

Hugo Proxy...64.dll

windows7-x64

1

Hugo Proxy...64.dll

windows10-2004-x64

1

Hugo Proxy/readme.txt

windows7-x64

1

Hugo Proxy/readme.txt

windows10-2004-x64

1

Hugo Proxy...s1.txt

windows7-x64

1

Hugo Proxy...s1.txt

windows10-2004-x64

1

Hugo Proxy...s2.txt

windows7-x64

1

Hugo Proxy...s2.txt

windows10-2004-x64

1

Hugo Proxy...r1.txt

windows7-x64

1

Hugo Proxy...r1.txt

windows10-2004-x64

1

Hugo Proxy...r2.txt

windows7-x64

1

Hugo Proxy...r2.txt

windows10-2004-x64

1

Hugo Proxy...d1.txt

windows7-x64

1

Hugo Proxy...d1.txt

windows10-2004-x64

1

Hugo Proxy...d2.txt

windows7-x64

1

Hugo Proxy...d2.txt

windows10-2004-x64

1

Hugo Proxy...t1.txt

windows7-x64

1

Hugo Proxy...t1.txt

windows10-2004-x64

1

Hugo Proxy...t2.txt

windows7-x64

1

Hugo Proxy...t2.txt

windows10-2004-x64

1

Hugo Proxy...k1.txt

windows7-x64

1

Hugo Proxy...k1.txt

windows10-2004-x64

1

Hugo Proxy...k2.txt

windows7-x64

1

Hugo Proxy...k2.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    1795s
  • max time network
    1804s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hugo Proxy/Hugo Proxy.exe

  • Size

    3.3MB

  • MD5

    8c3eade804e008553d55f87c8898e261

  • SHA1

    aa147d628faf0f37b72205c0e1dc46106bb01c5d

  • SHA256

    6c2a1d5c6c6022282e496e138ad6a372a0bf6c8b079799cb96d93a6be456964d

  • SHA512

    5d75d0a5d29c8b9f7422acc2b659b4ee839ff678db25cf0e11ec0cf646a15cff33175847fc432e070fc6fef3e08b3b8fa659a39cf625873ee0d0b07dd182a3e5

  • SSDEEP

    98304:ArphCyxSSTaVpyoF2gWl59NimUCMdyer:QhCyl4xMhp

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 1 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hugo Proxy\Hugo Proxy.exe
    "C:\Users\Admin\AppData\Local\Temp\Hugo Proxy\Hugo Proxy.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
      2⤵
      • Executes dropped EXE
      PID:2596
    • C:\Users\Admin\AppData\Local\Temp\y3gzhxf1.y32\Hugo Proxy.exe
      "C:\Users\Admin\AppData\Local\Temp\y3gzhxf1.y32\Hugo Proxy.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c Color 0A
        3⤵
          PID:3592
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=2224,i,17688331074622862378,73816879873678745,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1908 --field-trial-handle=2224,i,17688331074622862378,73816879873678745,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4408

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\dcd.exe
          Filesize

          227KB

          MD5

          b5ac46e446cead89892628f30a253a06

          SHA1

          f4ad1044a7f77a1b02155c3a355a1bb4177076ca

          SHA256

          def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

          SHA512

          bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\y3gzhxf1.y32\Hugo Proxy.exe
          Filesize

          1.2MB

          MD5

          b110736e63d6f9078ed650298e903a63

          SHA1

          ec43355d545c0f027d35c7978e0229feda1d6e67

          SHA256

          853bfda7b9da26eff51479ffa267475f365de51a36720b79f19f32755389057c

          SHA512

          d08dd7515f5d2d40f1ec5e281e35020156bb9f7cf9a9d0dba0f99a9f74faa4e2323b3f22394caceb9882925975fb3632bfb74df8382ba915319348cd0b7ba970

          Download Submit

        • memory/5084-0-0x0000000000350000-0x000000000069E000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/5084-1-0x00007FF894430000-0x00007FF894EF1000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5084-2-0x0000000000FF0000-0x0000000001040000-memory.dmp

          Filesize

          320KB

          Download

        • memory/5084-3-0x0000000000E30000-0x0000000000E31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5084-4-0x0000000000E30000-0x0000000000E31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5084-5-0x000000001B550000-0x000000001B560000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5084-6-0x000000001B660000-0x000000001B7CE000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/5084-7-0x000000001B550000-0x000000001B560000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5084-8-0x000000001B550000-0x000000001B560000-memory.dmp

          Filesize

          64KB

          Download

        • memory/5084-21-0x00007FF894430000-0x00007FF894EF1000-memory.dmp

          Filesize

          10.8MB

          Download