Overview

overview

10

Static

static

10

5a29150b4f...4f.exe

windows7-x64

10

5a29150b4f...4f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-05-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a29150b4fefd571121e4783fa22df697d0089a9491349a8a6a448195daf394f.exe

  • Size

    66KB

  • MD5

    e3287e3ec712777c509ea25d80db15ac

  • SHA1

    9fd0b13eebb9a62ef637dcaae56f260432ba2943

  • SHA256

    5a29150b4fefd571121e4783fa22df697d0089a9491349a8a6a448195daf394f

  • SHA512

    d8df55a5795333a39dd3cacbd548c33784afc3f09943ecb9f18b681b7220fc852e000bb9a587612e5e380dda5db4ed9f11d8e4fa6770cc4482a5c3f48d0e9691

  • SSDEEP

    384:2rEYcmtbi3fQcBDzdPoW/ltpFrl7S7EIseivWfF38dDnaxg679Poww4glQhgLU0b:Os3Zzdn1A5s1Us9naW+9SLf

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a29150b4fefd571121e4783fa22df697d0089a9491349a8a6a448195daf394f.exe
    "C:\Users\Admin\AppData\Local\Temp\5a29150b4fefd571121e4783fa22df697d0089a9491349a8a6a448195daf394f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ViewList.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2528
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 912
      2⤵
      • Program crash
      PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ViewList.txt
    Filesize

    226B

    MD5

    acc86acf19d1d7d90c4dd5fe3d562d5c

    SHA1

    18874bc151540b8ec6510477a6c82110374521cc

    SHA256

    e770774aaf574a22725ccb002a087d85a2f4a69c947bacb13cb73c9e22caa8c5

    SHA512

    0296724dfecb2451e18f1ae846ae244ca499bd98234791ec996c3f5e019e352eb86a89e438799edfb4758abab23f589ed5f17321e56f04442a83986b4de41226

    Download Submit

  • memory/2164-0-0x00000000748CE000-0x00000000748CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2164-1-0x0000000000BB0000-0x0000000000BC6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2164-3-0x00000000748C0000-0x0000000074FAE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2164-8-0x00000000748CE000-0x00000000748CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2164-9-0x00000000748C0000-0x0000000074FAE000-memory.dmp

    Filesize

    6.9MB

    Download