eternity | b8b8cc13343bd521c8d3ed34c571e641fea1029672bc9f3bc73014dbd0e1b816

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 19:46

Target

BruteForcer V1/BruteForce.exe
Size

1.2MB
MD5

fa11a8ae74dd3752193ddf503601ffdd
SHA1

f34a69973f37dbc0ccd1b9c8325642400b23b6e5
SHA256

c109b3abe23923e425df417524dcf7b27773f5acf256e8be5a5587e16843944b
SHA512

204918728747d7bb7318b77da55e7e1d15e390fe00bc9bc53062431e746111a19904ed3f8222d7196a1a1b6118c39019f6638cf2e72eb181c34bc436e50e7f9b
SSDEEP

24576:SwT7rC6qbvVo15SKjNlYP6r8EsotvVo15S:brC6q7VoLS2y5EVoLS

Score

10^/10

eternity stealer

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/1692-1-0x0000000000AC0000-0x0000000000BC4000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Executes dropped EXE 1 IoCs

pid	Process
3028	dcd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1692	BruteForce.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 3028	1692	BruteForce.exe	28
PID 1692 wrote to memory of 3028	1692	BruteForce.exe	28
PID 1692 wrote to memory of 3028	1692	BruteForce.exe	28
PID 1692 wrote to memory of 3028	1692	BruteForce.exe	28
PID 1692 wrote to memory of 2620	1692	BruteForce.exe	29
PID 1692 wrote to memory of 2620	1692	BruteForce.exe	29
PID 1692 wrote to memory of 2620	1692	BruteForce.exe	29

C:\Users\Admin\AppData\Local\Temp\BruteForcer V1\BruteForce.exe
"C:\Users\Admin\AppData\Local\Temp\BruteForcer V1\BruteForce.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1692 -s 1564
  2⤵
  PID:2620

C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
memory/1692-0-0x000007FEF5683000-0x000007FEF5684000-memory.dmp

Filesize
4KB

Download
memory/1692-1-0x0000000000AC0000-0x0000000000BC4000-memory.dmp

Filesize
1.0MB

Download
memory/1692-2-0x0000000000540000-0x000000000057E000-memory.dmp

Filesize
248KB

Download
memory/1692-3-0x000007FEF5680000-0x000007FEF606C000-memory.dmp

Filesize
9.9MB

Download
memory/1692-4-0x000007FEF5680000-0x000007FEF606C000-memory.dmp

Filesize
9.9MB

Download
memory/1692-10-0x000007FEF5680000-0x000007FEF606C000-memory.dmp

Filesize
9.9MB

Download
memory/1692-11-0x000007FEF5680000-0x000007FEF606C000-memory.dmp

Filesize
9.9MB

Download