eternity | ec4996e811fb0971cde953c229d532144e48c4608f62f86f79170d6a2eee90e1

Analysis

max time kernel
16s
max time network
19s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-07-2024 20:42

Target

AAP BYPASS.exe
Size

884KB
MD5

6c42867bd89e3e095c44b473abb74172
SHA1

9d455632d2454cf4ae5d9715e170d57d7a93b91a
SHA256

ec4996e811fb0971cde953c229d532144e48c4608f62f86f79170d6a2eee90e1
SHA512

e253fe011d0df319982b78b3a1c2b9ed6052525c40dcdff0f01b851f42af5c6bb33ad60381bf43098234e32b8cfb47ec8ef5a6e5df08a0d360ca16d43fd42a9a
SSDEEP

12288:gTEYAsROAsrt/uxduo1jB0Y96qKG+Nh/CgfZTm6rFa1Em+oYuUx/uDnCGtCoLt:gwT7rC6qKG2kW46rFrPfuUxSCFo

Score

10^/10

eternity stealer

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/4144-0-0x00000000007E0000-0x00000000008C6000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Executes dropped EXE 1 IoCs

pid	Process
4024	dcd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4144	AAP BYPASS.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4024	4144	AAP BYPASS.exe	74
PID 4144 wrote to memory of 4024	4144	AAP BYPASS.exe	74
PID 4144 wrote to memory of 4024	4144	AAP BYPASS.exe	74

C:\Users\Admin\AppData\Local\Temp\AAP BYPASS.exe
"C:\Users\Admin\AppData\Local\Temp\AAP BYPASS.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4024

C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
memory/4144-0-0x00000000007E0000-0x00000000008C6000-memory.dmp

Filesize
920KB

Download
memory/4144-1-0x00007FFD5A823000-0x00007FFD5A824000-memory.dmp

Filesize
4KB

Download
memory/4144-2-0x0000000001240000-0x0000000001290000-memory.dmp

Filesize
320KB

Download
memory/4144-3-0x0000000000FD0000-0x000000000100E000-memory.dmp

Filesize
248KB

Download
memory/4144-4-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

Filesize
9.9MB

Download
memory/4144-5-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

Filesize
9.9MB

Download
memory/4144-6-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

Filesize
9.9MB

Download
memory/4144-7-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

Filesize
9.9MB

Download
memory/4144-12-0x00007FFD5A820000-0x00007FFD5B20C000-memory.dmp

Filesize
9.9MB

Download