Overview

overview

10

Static

static

10

17f6063bb2...02.exe

windows7-x64

10

17f6063bb2...02.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-05-2024 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17f6063bb270cd10ece9002bedb90c84711b6efe6a1a66b52d254b4532264202.exe

  • Size

    70KB

  • MD5

    d7d06a5643291ff48ed602b773264f25

  • SHA1

    86a43422686cedc96fdcf739ade018f7c0d8a054

  • SHA256

    17f6063bb270cd10ece9002bedb90c84711b6efe6a1a66b52d254b4532264202

  • SHA512

    2a76a73774c5dc6486444506ca980b6ff4c4bf03fcd77023ac6c1e77e50cd5b1bd9fcf8318971d22cd5866d45c9719db35cf3c6e0322ba2cfcb4923ede3eb957

  • SSDEEP

    384:mIvRBy67ui/aDK+8zfP4mCxFkEL68DDkJsl38dDnaxg679Poww4glQhgLU07kRI1:jvciiDK+8DyNTcJ+s9naW+9SLf

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17f6063bb270cd10ece9002bedb90c84711b6efe6a1a66b52d254b4532264202.exe
    "C:\Users\Admin\AppData\Local\Temp\17f6063bb270cd10ece9002bedb90c84711b6efe6a1a66b52d254b4532264202.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Dialog.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1180
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 1592
      2⤵
      • Program crash
      PID:4808
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1424 -ip 1424
    1⤵
      PID:4860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Dialog.exe
      Filesize

      5KB

      MD5

      24c482e9a8094deba0e5d2e85046727c

      SHA1

      1882cca51c567bc9bd7504a2555e6c366cbe80fa

      SHA256

      91e823c85cebafefd6ca98759234f1dca7a3585d7d0fbafe4463664197d9d8e5

      SHA512

      877158427e3fa8a3539d64f0b9994409d3c3a2c6920823827c6b11fa52001f1ef69999bafafbee6a63a0ab38ed94b0a03ae71994f4fdb78e223156fee1ac0cd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Dialog.txt
      Filesize

      4KB

      MD5

      1a9eeb355c464755c06d26042c545ca6

      SHA1

      9d0dda756fdc6fc64de06675529d976c12637723

      SHA256

      6ea4dad6a2e4cdbcf2f2ee09aebe2b90d966725979e7c9d268a7ffe658381d5b

      SHA512

      93cef6bfa3fe50e4b42b78ad40d751edbc90abdd41534696cfe01cb1cb068dcad6eba2ddb782d2eb6a7eb7e07aef4bb91e2feca4f44da28e892cca50e6739296

      Download Submit

    • memory/1424-0-0x00000000744CE000-0x00000000744CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1424-1-0x00000000004B0000-0x00000000004C6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/1424-3-0x00000000744C0000-0x0000000074C70000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1424-15-0x00000000744C0000-0x0000000074C70000-memory.dmp

      Filesize

      7.7MB

      Download