Overview

overview

10

Static

static

10

083d14f17c...09.exe

windows7-x64

10

083d14f17c...09.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-05-2024 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    083d14f17c17f8f5e045eb446981733893929ed922d46bfd66c008469dcd8409.exe

  • Size

    66KB

  • MD5

    684ba0386ac3c481ab4e2a31d6c5a832

  • SHA1

    a763049196fc1bf64d2aa024951000bc294fadd1

  • SHA256

    083d14f17c17f8f5e045eb446981733893929ed922d46bfd66c008469dcd8409

  • SHA512

    1d050399d3596d74fd1c8e6f3de4414fc64d03ddd318f29a460544d2aec521ada0f5cef1e99568072833d6c7c3314536e5ea02c0a065a6bc2cb198bc84538ee3

  • SSDEEP

    384:9u/XOJD9vad5JEPIeNznDBA8CrF6wYA5vG38dDnaxg679Poww4glQhgLU07kRI0m:C+ZadDmIevBK6X6es9naW+9SLf

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\083d14f17c17f8f5e045eb446981733893929ed922d46bfd66c008469dcd8409.exe
    "C:\Users\Admin\AppData\Local\Temp\083d14f17c17f8f5e045eb446981733893929ed922d46bfd66c008469dcd8409.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Kaspersky_VRT.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 1520
      2⤵
      • Program crash
      PID:1208
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1320 -ip 1320
    1⤵
      PID:4684

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Kaspersky_VRT.exe
      Filesize

      5KB

      MD5

      24c482e9a8094deba0e5d2e85046727c

      SHA1

      1882cca51c567bc9bd7504a2555e6c366cbe80fa

      SHA256

      91e823c85cebafefd6ca98759234f1dca7a3585d7d0fbafe4463664197d9d8e5

      SHA512

      877158427e3fa8a3539d64f0b9994409d3c3a2c6920823827c6b11fa52001f1ef69999bafafbee6a63a0ab38ed94b0a03ae71994f4fdb78e223156fee1ac0cd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Kaspersky_VRT.txt
      Filesize

      862B

      MD5

      7456c178aa8743a3196f530ebc8711db

      SHA1

      95ee0059dfdff544757938f13d957dcefb501bd4

      SHA256

      73496e9df02154c4c109ff778c932fff79c9dc4a910a2c956810d5db97259a51

      SHA512

      88b8a360abab8c69f9bc3c4d7cb7de12f025fc0bdbbe4e094c376ea63ef0b0e669190072492a837a4290d4f72dc346e5813b224d4523b30757a6849e5e85145c

      Download Submit

    • memory/1320-0-0x0000000074ADE000-0x0000000074ADF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-1-0x0000000000B00000-0x0000000000B16000-memory.dmp

      Filesize

      88KB

      Download

    • memory/1320-3-0x0000000074AD0000-0x0000000075280000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1320-15-0x0000000074AD0000-0x0000000075280000-memory.dmp

      Filesize

      7.7MB

      Download