Overview

overview

10

Static

static

10

Eternity.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/07/2024, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eternity.exe

  • Size

    40.8MB

  • MD5

    40f0212fa97e2fe44ee0fbffae0c96b5

  • SHA1

    e11664504e7b3ab905de8069e6fb5b1159aec002

  • SHA256

    32d38e1eae86466254658d5a91a8bca983706b3aec35148012cb0a50f550a74f

  • SHA512

    2eeebc345f202033762cfa1e5ae4a2b2f477dad7e7019e5aff7b3aff98d0a9ee7c2223a94dfb6cc1a6fd66eb0290adee3baa1fda8d99658253c005ca11f425f5

  • SSDEEP

    786432:gHvsyBy7Mu30RSVRAaAeQc98NmhJQ8mZoJRWUmx2qmE:gUyCMrUVKa/bhJQ8mZorV+

Score
10/10
eternitygrowtopiastealer

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Growtopia

    Growtopa is an opensource modular stealer written in C#.

    stealergrowtopia
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Eternity.exe
    "C:\Users\Admin\AppData\Local\Temp\Eternity.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:4740
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:208
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:3224
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4648
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2368
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0B293A50505665B4.TMP
    Filesize

    16KB

    MD5

    8becc594ba4e38e60c0761e612af84b8

    SHA1

    4f6a8ae695bddd75c22de5afed229396f3e42469

    SHA256

    8ed13ecf160cf349e52f2debcf8ac84e0270b5a128f7e91c569d2ba1cf09d638

    SHA512

    0516b33b98cfb477f1f9290137495d7237993fcdccc7ba3b60490c23f7ac7d03c67f48b96b54d34ee647baa1624aa55e9a71e083d58cb63984a92259c2935c07

    Download Submit

  • \Users\Admin\AppData\Local\Temp\enet_managed_resource\enet-win32-x86.dll
    Filesize

    39KB

    MD5

    e13ef136485a33c8a5b719d75b0312df

    SHA1

    fb692915b0a73e796c5904e05d37f963baef88dd

    SHA256

    9d2d83667ab5c391fbb60a1249078d0e2b031573a72dc07b67b610178ee94e78

    SHA512

    b3d58a11fc17925316f437e67d4b394bb9b5749e92064fe87eda3e12962f3970416e180cd40c61419651ec611eae0ee9f91a795199689cdd4743678bb6d3dca2

    Download Submit

  • memory/208-463-0x000001A591310000-0x000001A591311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/208-459-0x000001A596420000-0x000001A596421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/208-456-0x000001A5965A0000-0x000001A5965A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/208-55-0x000001A591320000-0x000001A591322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/208-36-0x000001A592320000-0x000001A592330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/208-20-0x000001A592220000-0x000001A592230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2368-67-0x000001AF88B00000-0x000001AF88C00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3388-97-0x000002ABFA730000-0x000002ABFA750000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3388-90-0x000002ABFA430000-0x000002ABFA432000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3388-115-0x000002ABFB1D0000-0x000002ABFB1D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3388-111-0x000002ABFB190000-0x000002ABFB192000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3388-113-0x000002ABFB1B0000-0x000002ABFB1B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3388-86-0x000002ABFA2F0000-0x000002ABFA2F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3388-88-0x000002ABFA410000-0x000002ABFA412000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4740-19-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-0-0x00000000731FE000-0x00000000731FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-8-0x000000000B8A0000-0x000000000B932000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4740-7-0x000000000BC90000-0x000000000C18E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4740-6-0x000000000A3F0000-0x000000000B790000-memory.dmp

    Filesize

    19.6MB

    Download

  • memory/4740-59-0x00000000731FE000-0x00000000731FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4740-60-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-5-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-18-0x000000006EFC0000-0x000000006EFD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4740-17-0x000000000C510000-0x000000000C550000-memory.dmp

    Filesize

    256KB

    Download

  • memory/4740-16-0x000000000BC30000-0x000000000BC3A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4740-10-0x000000000B860000-0x000000000B868000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4740-15-0x000000000C350000-0x000000000C402000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4740-14-0x000000000B9B0000-0x000000000B9CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4740-9-0x000000000BA20000-0x000000000BAF6000-memory.dmp

    Filesize

    856KB

    Download

  • memory/4740-168-0x000000000F520000-0x000000000F798000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4740-182-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-4-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-3-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-2-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-1-0x0000000000EB0000-0x0000000003740000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/4740-468-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/4740-469-0x00000000731F0000-0x00000000738DE000-memory.dmp

    Filesize

    6.9MB

    Download