eternity | hxxps://github[.]com/mustleek/Project-Eternity-Growtopia

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/mustleek/Project-Eternity-Growtopia

Score

10^/10

eternity stealer

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

stealer

resource	yara_rule
behavioral1/files/0x0002000000022fb8-153.dat	eternity_stealer
behavioral1/memory/4956-179-0x0000000000150000-0x0000000000264000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Downloads MZ/PE file

Executes dropped EXE 18 IoCs

pid	Process
4956	Eternity_download.exe
2376	dcd.exe
5044	Eternity_download.exe
3284	Eternity_download.exe
2992	dcd.exe
3836	Eternity_download.exe
2796	Eternity_download.exe
2348	Eternity_download.exe
612	dcd.exe
4632	dcd.exe
992	dcd.exe
3596	dcd.exe
2992	Eternity_download.exe
4856	dcd.exe
4924	Eternity_download.exe
4108	dcd.exe
3284	Eternity_download.exe
3348	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133565572034559926"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeDebugPrivilege	4956	Eternity_download.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeDebugPrivilege	5044	Eternity_download.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 2584	3200	chrome.exe	86
PID 3200 wrote to memory of 2584	3200	chrome.exe	86
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4964	3200	chrome.exe	89
PID 3200 wrote to memory of 4596	3200	chrome.exe	90
PID 3200 wrote to memory of 4596	3200	chrome.exe	90
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91
PID 3200 wrote to memory of 2384	3200	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/mustleek/Project-Eternity-Growtopia
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7ffd3fcc9758,0x7ffd3fcc9768,0x7ffd3fcc9778
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4956
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5732 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5044
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:2992
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:612
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  PID:3836
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:4632
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:992
- C:\Users\Admin\Downloads\Eternity_download.exe
  "C:\Users\Admin\Downloads\Eternity_download.exe"
  2⤵
  - Executes dropped EXE
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1896,i,1685851673972163722,1825040817130807462,131072 /prefetch:8
  2⤵
  PID:1688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4008

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
PID:2992
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4856

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
PID:4924
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4108

C:\Users\Admin\Downloads\Eternity_download.exe
"C:\Users\Admin\Downloads\Eternity_download.exe"
1⤵
- Executes dropped EXE
PID:3284
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f19bd32079a6d02d339a70eeb66c925d

SHA1
7503c2937246777a1797d22705ae6bf02ac9c889

SHA256
69204aff6730bbf471aefe845eb20dfea4c0fc070b41e2d55c10cd8a96c21554

SHA512
5ed7370a69b0003f50e78b34d7e031c4b5e3a342d83dba13373f1655bce6fd0b9385971561095bb3312ef2dac0fe491c34ede1ca41f9079f5bf34439d72df9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bc48a871b0e893099cd79fffc263eb21

SHA1
6f89a807dd9779e7ec41c8d7cee27008633f7c25

SHA256
30d112ca3abe143eeabd9fe0a446db36becbe444322331026f1971ce3fb1863f

SHA512
096721203f3bdbec7e8895fa02565f63e71743ffd7a7d001b77b28b8c6be07a3ff5bb4a6e67a63d335c9433d5e31c1154d92d2b3aa1d2ff78de5b09d18ad1f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39fc08f950ee332627a6b993b4e9f7a2

SHA1
5e2b07d40a632c335d8997dc7b5fc9e82bfa5426

SHA256
d7a7ac0980fd828e720758070664a43bec3ad9f3e9a43ab431a8c89bb371e876

SHA512
8fb01fac2939bd38a1a13ebe05c5afe6bb7238c7cefbc69a30f1e273472c913c31a2f02fb9b51b27f4fb8cb13e380443bc377f3db8d7995a9c7987ab2f0f40f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6a3af76238d3d822009246ace2e7b21

SHA1
4190ad1fd1989b127fdd6fcec7fc9a9e1fdde6ef

SHA256
c91dbe993e65b507f7c99d260f9c242f32feea541c8b9c084c91521d06442864

SHA512
2038e68ede311a9df71a5551e316bfe838c726275933611c108444fa405bdc1dcd718cd928922a088e6e762f6650a53645f992f7f250a885de0bd5cec0d98019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44dc29263b1cf5c8fb7d42ad452748bb

SHA1
4aa72a0c2dc4917418ebafef7ee8fb7d04b52981

SHA256
2c932d0140f04570d7ba48397711327393a0ee2750943055d4450dc552431071

SHA512
c8b9064db0051f025af58e6b9c70fc1542002e4502f643f1e862183469102e3a440962de572053f3dd2be5904fa7161bf55915891125aa6a45046a9c9292ea15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53a08c73bdd91566b552156233dde246

SHA1
cbab527249f796af9afdb17952f7ef7938529b6d

SHA256
a96134eb49558a071afd4faa2e4e877320302a4cc7a32a089e41f3fb91fd3281

SHA512
b866cdcb28d50dd5f270dec72d6c134ff416743ccd36d6b9c75735406b1dfa769bd961ca94b62d75903d896081c454c4911fa820ac6c743d35bd978169dd8a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c09f2bd38b53a333d1d4f2048f9f65f4

SHA1
ca2267003b75ba098d25b8eceb0d01b022e7c52d

SHA256
ce38c53b630210b55dccebf5f29297be8e8dc9065c9073ee3351e27695f9d8ca

SHA512
126fda0d46a6f9980b18692fda3b284103a1154eaead3588d96226f8e5710934c81c1e2d4bdd577e6e8cb31f40673100fa82affb82bb119591f10bc5267da5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
26e7083b232804ac876fdbb168440af8

SHA1
f3dfab5e428c6c5c065e187ca470ecfb66b8bb80

SHA256
f27a9b86c57d4111198bc8552dcf7b8439c7b9ab43c10cff7ffda713dc37503b

SHA512
6a6a92d732faf7134145f9f1b47b70482e4319994138db1a40894c2f563025220bdb2174e123cf52459b2b6fa577a1036ddd7b244866338f315bcf5748b21c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
4aa44fd7e75af2f845aaf73c7d54c9de

SHA1
6746bb60ac28378e0d30feb3a1a810728970705c

SHA256
05c33c1c2252fafa6efa1e4c6d676a21e3573449359af3f7b39bb2460fd41b04

SHA512
3d8e749398414ad8226e9ae3967909bd52da701ae3c2294302f653a69abf61abb25ed5be8467423c161eff9c53ad4f68bf2dd4ccd2ac678ef5b2f00c43cd626d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
31df7c41601c03aa4150400691132772

SHA1
a8580b90a0d041d6e063c7c2324ffafa90182717

SHA256
069e524f2b39ad7a07d6d14576f989cb4660110ac2ee0598a0c9ae881c05188a

SHA512
1d3b22cb289ed5bc1602146e8c336a962e580d1a2f7c25ee70e254302c7c75a978b28d499bea31845f0338d4c706ebdc452b07085897a3ba5a52f8aa7ed954ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
3409597266d463770cf70187bce603c8

SHA1
d0997dc9ade01f34de1bd4ee32bcdb4d64f784e5

SHA256
b8daa65be6210aa3d73c419d2924404794d1d01b95a028c9f15b971b667ea1fd

SHA512
f14047d263e5b9cc78acd9e7a45fced401796746fa10b7b0d2282e20b0ecf76e2ac52b7e23e77c5bee00211d2ad293156ac21ae39cf6639e064381aab54a5acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582342.TMP

Filesize
114KB

MD5
e1bf4a95ad99760b82f2bf23ab2ecee0

SHA1
77c4c8015e11d6a324fd4a4a1e7f4570b9c3c89a

SHA256
b32c1139add0527cad89b151a052287bed743c4508c14ac998b323665f90b6a0

SHA512
eddaa2aadd42d8150ca4e880bbb65ee87c9b436970ee462d93ffccf8f82290717314af7f60b531dfe737296d3bdfeba82e0053155473b8fe03d9656948cecb04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
632a2617f741c595be46a0e1fe10df77

SHA1
0f59a142e9463c1a6bbd2a141141093ad10e8c9d

SHA256
4110dbe340684af516cb06610bda8da565b2244196f3770ef0df6497bb257006

SHA512
e4ab185740fa5d9827e89fa3913e11ec18417b873b5e7745b94b79d7557e88df4e6763fcc8c5b5cd6a630d6786b1ba986dcae70f17ff3bea92a77ce4979071ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 423506.crdownload

Filesize
1.2MB

MD5
f950213c5ae8dbd3142e09496d36c41d

SHA1
f9016e2d078966366e2030847e10a5c051ebd6b2

SHA256
a5f51085387a791f59857b68302b8f17415da6909bb919579c0236590f40f8a2

SHA512
91bcd876ebdcac8c77b07b350dd527822d3f80abae2202c337cbb9f9ca787599446c8af30e97eb85ff0e9e873f42bd371658e018e475e204c3e35d2f59d5304d

Download Submit
memory/2348-258-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2348-246-0x000000001B740000-0x000000001B750000-memory.dmp

Filesize
64KB

Download
memory/2348-231-0x000000001B740000-0x000000001B750000-memory.dmp

Filesize
64KB

Download
memory/2348-228-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-226-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-259-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-235-0x000000001B3B0000-0x000000001B3C0000-memory.dmp

Filesize
64KB

Download
memory/2992-293-0x000000001B7D0000-0x000000001B7E0000-memory.dmp

Filesize
64KB

Download
memory/2992-294-0x000000001B7D0000-0x000000001B7E0000-memory.dmp

Filesize
64KB

Download
memory/2992-292-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/2992-291-0x00007FFD3B6D0000-0x00007FFD3C191000-memory.dmp

Filesize
10.8MB

Download
memory/2992-299-0x00007FFD3B6D0000-0x00007FFD3C191000-memory.dmp

Filesize
10.8MB

Download
memory/3284-322-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3284-257-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3284-334-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3284-324-0x000000001B4E0000-0x000000001B4F0000-memory.dmp

Filesize
64KB

Download
memory/3284-224-0x000000001AE40000-0x000000001AE50000-memory.dmp

Filesize
64KB

Download
memory/3284-323-0x000000001B4E0000-0x000000001B4F0000-memory.dmp

Filesize
64KB

Download
memory/3284-229-0x000000001AE40000-0x000000001AE50000-memory.dmp

Filesize
64KB

Download
memory/3284-321-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3284-230-0x000000001AE40000-0x000000001AE50000-memory.dmp

Filesize
64KB

Download
memory/3284-220-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-260-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-223-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/3836-233-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download
memory/3836-227-0x0000000002F50000-0x0000000002F60000-memory.dmp

Filesize
64KB

Download
memory/4924-303-0x000000001AF10000-0x000000001AF20000-memory.dmp

Filesize
64KB

Download
memory/4924-302-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4924-304-0x000000001AF10000-0x000000001AF20000-memory.dmp

Filesize
64KB

Download
memory/4924-301-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4924-309-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-183-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/4956-182-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-185-0x0000000002380000-0x00000000023BE000-memory.dmp

Filesize
248KB

Download
memory/4956-186-0x000000001B1C0000-0x000000001B1D0000-memory.dmp

Filesize
64KB

Download
memory/4956-187-0x000000001B1C0000-0x000000001B1D0000-memory.dmp

Filesize
64KB

Download
memory/4956-192-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-179-0x0000000000150000-0x0000000000264000-memory.dmp

Filesize
1.1MB

Download
memory/4956-180-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-181-0x0000000002330000-0x0000000002380000-memory.dmp

Filesize
320KB

Download
memory/4956-184-0x000000001B1C0000-0x000000001B1D0000-memory.dmp

Filesize
64KB

Download
memory/5044-242-0x000000001B350000-0x000000001B360000-memory.dmp

Filesize
64KB

Download
memory/5044-213-0x0000000000F90000-0x0000000000FA0000-memory.dmp

Filesize
64KB

Download
memory/5044-232-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/5044-238-0x0000000000F90000-0x0000000000FA0000-memory.dmp

Filesize
64KB

Download
memory/5044-214-0x000000001B350000-0x000000001B360000-memory.dmp

Filesize
64KB

Download
memory/5044-247-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download
memory/5044-212-0x00007FFD3B7F0000-0x00007FFD3C2B1000-memory.dmp

Filesize
10.8MB

Download