Overview

overview

10

Static

static

10

Project_Eternity.exe

windows10-1703-x64

10

Project_Eternity.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-04-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Project_Eternity.exe

  • Size

    950KB

  • MD5

    1dc77ddaa75048f165dde554875287ca

  • SHA1

    0368ce19a51729f7845edbf3f5d2f548da725b91

  • SHA256

    5bc85998297268f204aa20f24036cc966069ba9540513ecc8b28555bd3f68e35

  • SHA512

    58f06c1f38919715e5207d4bda5c8a05af41b06246e1cbb29cc417d5a568e12bf7f322207f3de4e2aaf5fb8c2ff9bc1d864287f81a93d87c307c4241728a59ff

  • SSDEEP

    24576:DwT7rC6q3GRUSNeuCOJd6GN2LhKyA4hU:KrC6qW0uRdDN2L3u

Score
10/10
eternitystealer

Malware Config

Signatures

  • Detects Eternity stealer 1 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 29 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Project_Eternity.exe
    "C:\Users\Admin\AppData\Local\Temp\Project_Eternity.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
      2⤵
      • Executes dropped EXE
      PID:216
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    227KB

    MD5

    b5ac46e446cead89892628f30a253a06

    SHA1

    f4ad1044a7f77a1b02155c3a355a1bb4177076ca

    SHA256

    def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

    SHA512

    bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

    Download Submit

  • memory/3644-0-0x0000000000620000-0x000000000070E000-memory.dmp

    Filesize

    952KB

    Download

  • memory/3644-1-0x00007FFB570B0000-0x00007FFB57A9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3644-2-0x00000000027D0000-0x0000000002820000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3644-4-0x0000000002780000-0x0000000002790000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-3-0x0000000002780000-0x0000000002790000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-6-0x000000001B610000-0x000000001B620000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-5-0x0000000002780000-0x0000000002781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3644-7-0x0000000002790000-0x00000000027CE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3644-8-0x000000001B610000-0x000000001B620000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-9-0x000000001B610000-0x000000001B620000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3644-14-0x00007FFB570B0000-0x00007FFB57A9C000-memory.dmp

    Filesize

    9.9MB

    Download