Overview

overview

10

Static

static

10

afcc447467...5d.exe

windows7-x64

10

afcc447467...5d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2024 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afcc447467d954cf08e916789e7181a3c8b5fa9f49ec628574f43b17c2eee05d.exe

  • Size

    72KB

  • MD5

    b53922cd19d2f906148bd62f3e96caec

  • SHA1

    6038d94acc9e943bce213c89d10686e4724dd99f

  • SHA256

    afcc447467d954cf08e916789e7181a3c8b5fa9f49ec628574f43b17c2eee05d

  • SHA512

    902abe1feab7239f122b117001fbcff5c40e9c648b2ca72d4e9ed98604089f232f1ff42de142013c23090dbbd00855db51c0f20f5cf244b4ed7add6f1bf2ca7d

  • SSDEEP

    768:bthHn7dSDNC0DdlKhUcDamoaMZs9naW+9SLf:bthHSNCqIToaAs9a3SLf

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afcc447467d954cf08e916789e7181a3c8b5fa9f49ec628574f43b17c2eee05d.exe
    "C:\Users\Admin\AppData\Local\Temp\afcc447467d954cf08e916789e7181a3c8b5fa9f49ec628574f43b17c2eee05d.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\FolderTypes.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3504
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 1268
      2⤵
      • Program crash
      PID:1732
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2300 -ip 2300
    1⤵
      PID:1808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\FolderTypes.exe
      Filesize

      5KB

      MD5

      24c482e9a8094deba0e5d2e85046727c

      SHA1

      1882cca51c567bc9bd7504a2555e6c366cbe80fa

      SHA256

      91e823c85cebafefd6ca98759234f1dca7a3585d7d0fbafe4463664197d9d8e5

      SHA512

      877158427e3fa8a3539d64f0b9994409d3c3a2c6920823827c6b11fa52001f1ef69999bafafbee6a63a0ab38ed94b0a03ae71994f4fdb78e223156fee1ac0cd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\FolderTypes.txt
      Filesize

      6KB

      MD5

      5130e896d3f3e5e02553b6f779ae4a37

      SHA1

      22de192c9b890095936acd668bb71b37975d5891

      SHA256

      a79c4cd7cf44dd454409d12779e613de88e40089037c7d99c63aee3e86347805

      SHA512

      8c6fe1f0974437f427d872a9f43d8133bd456514f47f201b6200a98232645aa844eb96470bb7aa25f2521706efc482e86dd1af7f330d9a316c982e496ef8ea1d

      Download Submit

    • memory/2300-0-0x000000007485E000-0x000000007485F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-1-0x00000000006D0000-0x00000000006E6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2300-3-0x0000000074850000-0x0000000075000000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2300-15-0x0000000074850000-0x0000000075000000-memory.dmp

      Filesize

      7.7MB

      Download