Analysis
-
max time kernel
1682s -
max time network
1692s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
29-07-2024 10:12
General
-
Target
https://github.com/Testabots22/Bloxflip/raw/main/Loader.exe
Malware Config
Signatures
-
Detects Eternity stealer 1 IoCs
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 32 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Testabots22/Bloxflip/raw/main/Loader.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff961c43cb8,0x7ff961c43cc8,0x7ff961c43cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1452,2049897079602006006,13077517340557033364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c0f062e1807aca2379b4e5a1e7ffbda8
SHA1076c2f58dfb70eefb6800df6398b7bf34771c82d
SHA256f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca
SHA51224ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e
-
Filesize
152B
MD56f3725d32588dca62fb31e116345b5eb
SHA10229732ae5923f45de70e234bae88023521a9611
SHA256b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140
SHA51231bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325
-
Filesize
261B
MD52c2e6472d05e3832905f0ad4a04d21c3
SHA1007edbf35759af62a5b847ab09055e7d9b86ffcc
SHA256283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03
SHA5128c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37
-
Filesize
5KB
MD54a8265fa7de393f683656026905ed13e
SHA1daee477c41574305e3d8ee0e1e9a7afcc25bb482
SHA256c6e2b99f219fc047bd7487ae333688c68acdcc0315904687e7e46bdb91f09de4
SHA5125d90923a241d71e335679c8dae8ada3a63eec92dd6b6ef7be4a7572b6c3fbb9f8f5e87ddc17760880f3a7f207de1927000dd40cf3d8699ff7ecc6aace362ea6e
-
Filesize
5KB
MD54d82f195f8127fb176b3fbce7c295cd3
SHA1f5ab80391ae21b5b112cf52442d6421256757c43
SHA2568614471de3dd8940573f1c587dd707779d02b190b23d40e6fdc6cabb4fa9db22
SHA512fb2f7b945320695cf48470fd92be35c99d66d1b142f68ebee2d23a1503551ff9ed1867710e7181f82e9850500e68d2559a39d355e3b64a99014b9b0951d158a4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5fc7587ef28c649e38d770ab01fe2b5bd
SHA160e14a018f61e179ab564dcd578f18cc7e958700
SHA256eca0a20a634025d437a31d1ee266e845c788f3cc78fe1a90ce2fb8047bccdb6b
SHA512fdb94e0cb26dff2ccfc78b18985e8583e187f4de6d7e6fe15badc8a4f8b562d907c29962a0d18573ed4655c1ef6806d7bbb4ed3200223c5dee368c546e6c7a1a
-
Filesize
10KB
MD5a824e39482f159521a9af4ed77944a1a
SHA15722540d8ed3163871c2d133d47b566378510103
SHA2569bb1e7e19698d52a22e75a29721588d4fa219aea52f3c7904c10f941accce09c
SHA5122c7139114afb0783e0fe0d20ba64f47e899b5ba2a3349518beda515dcc3d32a66f27b0ffb01653eda22b6d61dfe154ab7b3347a1afd473eed76cbfa465dc293f
-
Filesize
887KB
MD54921715c2581f736e92ea569def50a69
SHA185d44e955199463ca786b2ef4ca95189704bb599
SHA256d25991745f08ec053c593fe639303859ec6b50a02fd04f86223526d5563062ba
SHA5124b18a2361f9e0be0be1d3fedcd82c0e900b90cb96fe084c7937e8a0e60711e8a39394891d91f06e62f57026a1f98116ffa1c2ee41e168e59e72303562d823127