Overview

overview

10

Static

static

10

AJProxy_3.0.zip

windows7-x64

1

AJProxy_3.0.zip

windows10-2004-x64

10

Resubmissions

30-12-2024 11:08

241230-m817wavmak 10

30-12-2024 11:07

241230-m7zyesvmaj 10

Analysis

  • max time kernel
    119s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2024 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AJProxy_3.0.zip

  • Size

    5.9MB

  • MD5

    15d0e9c9f528aaf2198153fc0b70265e

  • SHA1

    3fea5aabe3974d5fb515c6247abc93e9c481c87e

  • SHA256

    df1f1e02e8b95f351ea612561399e0a05252009bd0c8bcabade1af042e4cc754

  • SHA512

    fdbf5f22b3ed12bbf949bc20c7647ab91fe6491ff28a9f12916a9af350dfc6971599fd3a588b728e648504c83d315e2cc41330cc84a70a55fe4bb05ce34044c5

  • SSDEEP

    98304:Mc5Vo7LeRRDoiif0xJmth8TcZ9fCi4UmoJcs9juLgt59302frWH4:1o2wKmthVZtCiVm1XMptyH4

Score
10/10
eternitydiscoverystealer

Malware Config

Signatures

  • Detects Eternity stealer 2 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Eternity family
    eternity
  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\AJProxy_3.0.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Users\Admin\AppData\Local\Temp\7zO412B6259\AJProxy3.0.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO412B6259\AJProxy3.0.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4072
      • C:\Users\Admin\AppData\Local\Temp\dcd.exe
        "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4700
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7zO412B6259\AJProxy3.0.exe
      Filesize

      887KB

      MD5

      948298bd9dec41df13cbc007cacc3e70

      SHA1

      822ba513d2263161590f9db62fa83d417b5dbb54

      SHA256

      1324fff98ceaf46786fa86c449c0829804b668718f2a73f1daa6343d7eecd426

      SHA512

      76fd8d2190d7e9cc2582123c579af214bba467001b1faf2c4ed96d60f6b7fb695301ebfa141052a4c4847a38a54c64bd117f5b052ced1f4cfc5de4667630b906

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      Filesize

      227KB

      MD5

      b5ac46e446cead89892628f30a253a06

      SHA1

      f4ad1044a7f77a1b02155c3a355a1bb4177076ca

      SHA256

      def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

      SHA512

      bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

      Download Submit

    • memory/4072-20-0x00007FFFD83B3000-0x00007FFFD83B5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4072-21-0x0000000000200000-0x00000000002E6000-memory.dmp

      Filesize

      920KB

      Download

    • memory/4072-22-0x000000001AE10000-0x000000001AE60000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4072-23-0x000000001AE60000-0x000000001AE9E000-memory.dmp

      Filesize

      248KB

      Download