2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

16-01-2025 12:50

Analysis

max time kernel
132s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-01-2025 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/eternalblue.exe
Size

886KB
MD5

981aaac4782bb076aa737901910f2556
SHA1

a552a4dac03b584cbb7d461fd48b01ddaa85af5d
SHA256

7f5f447fe870449a8245e7abc19b9f4071095e02813d5f42c622add56da15b8b
SHA512

334d096f72d46adc522f21834d116968a7cb5f05dc21c60e094ac4ccff69412a2c108aeb5c54861ac717ebf884c632edd0291a3d832e4ab7dcc7903e7f965934
SSDEEP

12288:96fny4wDTzvE/XICULcJ48j406qbgg6RaAD9bSoGGHgm3Ihr6k:96fny4wbkHJ4I40vggPWSoGWv3c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	eternalblue.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	eternalblue.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	eternalblue.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2380	eternalblue.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2380	eternalblue.exe
2380	eternalblue.exe

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\eternalblue.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\eternalblue.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a2a8d5a0c101be09049fbcacd828aa6

SHA1
cee5d883140207893cbcd144f517eed016736e74

SHA256
9ece2af77b8d5ef4e1f2b07ebccb8fd49192486f6b837290f14d10b6cceb7101

SHA512
bdfa16d7a0a161fe3c075abe560ba987f55ef58925436dfa0de4f2e79cfc9af3d01755abb6278bc6bff8f18b746750652fbbdcf165a499eb7d5d29319aa4a680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e88b2b6b88f1e68ae85cc2a073054242

SHA1
ef3bed7656726c986766daabdb5409fa1e34b5d9

SHA256
53e7982c20a14a4a69334d1998fed0c244389135a048531e0b390b26ff637dd4

SHA512
4dca5ada463ade4ff084504404a46fa059261cfda42351eb44f591da48626dec73279c32b2547d800c1a8cfe4355596411eafb3b69e5c529121ff55b43baead8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a610916667cc3c6ef2767c7bf716c8b7

SHA1
4f52077d9e47b14ea7740e2b2388aacfef1116fb

SHA256
005529409cf9519497957e5170e3603dbed07d22f92e1839490f7cc2f1524ac7

SHA512
f8f5ca262da420cf066e68ed447ec712eca495dc10e346b5a1313adcbb987e6129da17109a6c28478e0324e7d64431211f2d7b54af0655f653784ebe7a388e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ab57d7d3ab88ad435d23d7dbec9c830

SHA1
2e2e35c3945e35d2efd6211c5c2b6e3a2cb7346c

SHA256
14283ac5635701d2bb4987f26d10721ba74206cc6e2b6dd31dfe39255df1508c

SHA512
56778f9837a289b4425f8daba3dc9d0992ce000de51c98e590a9614e08e245c5a28c918ad17899abd619081c75e1584450d18658f320d6be081670107bd09d97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b130e2b1f9cedf48b9e40c45c5d1286

SHA1
1c68809c5d1a95a849a24b8d8718eeab7ab30876

SHA256
e504448a2f29ba8e6fa0384067c91654b3c8ffde4f58422af5e7aa36bd7c04d6

SHA512
38c3f932a60772c543103b41aee5675c11a0bb8aaa9bb7ffbe86b419eff7ce153e36a41f75543061b77d225d5615d6a57b1185343bf12387de5b41fd374b6ffa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
980faed12c0d86e6cccd9e32468df763

SHA1
2b557f81b6345f36c12466ecbd68395420facd82

SHA256
d25433c080ccaa722e8daf0c381ca433c722061194b428671a9b42eccf170c4b

SHA512
49a70f91beb26f411e2d09d4a0b92d463acbbf2c40275a63868970ffe518700e39f9ec40d7902c468a3180029c68db4fe16f0cff926114aa0d6dcfa3a72a5e6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4915caa5dd2a0cba48fe944fb966eb20

SHA1
d17e3afac1874fe2360996683351675197aa21a7

SHA256
cf7d47383b7830ec88f1c7071f364c92764c9ccdbd5f8645240c23ed316c4dc3

SHA512
774184eda0b5a78421cfdc4c46ef9327156eb74e8c869a3116581d97105da5b256a6b1e0e1d72123838004a4114cbc7a2a8f1e9633972631bde440c868467c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1c8a72a2515288ac8b13432a65706f9

SHA1
8beb9128ee19364503253e9b439c8689f2ce92c5

SHA256
856fc60508baee5a655e5a668905612c84c1fd9a59e2f789c294e92df17285f9

SHA512
2fda823d858dde8c0aec02b518d73c9c3fca649459e55c5a933ec07f0f3d5effddf955921fbfb284e33302c46d1ff8f6ecb82047fc837e47bf3bc8909acf0177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
635bcf2218e907a25f615c18fcee6cf0

SHA1
3ef5278fd5f0e1ec7ee6ecb9834de43ec777409c

SHA256
0c58bb1e691b3a7baed9cb8cb1ba1262346bc64045b0f7f25ee533240069fe3d

SHA512
8a34ae521d9bca47e6e9baec26b3328e02072407992ca00ada818c071528c47d2b9fce5754e671a38a5b7837e72bcebec25ba0fd582332e0b8d3a08a3ab54dd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d308f6a0b48410463bff523788c086

SHA1
fdc086853c53d39de32787dd9bd81cd4891c39af

SHA256
0ddcd59472d5024536f958ec703676f49f476e7f0741e9ee67861641e5737ff9

SHA512
30572ca4d0ccd6fb6c25c7d8d9a72028a300256b1b2e424d5fefccbdc39b73122fae031a43c01568828583fea5849916a747aee25ba10d4e5926e39d5a732b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
2563ee8412acb04e6b73a416ba2555f9

SHA1
283983b0a982a99a88f8741d87d5238cf95fa8d0

SHA256
b20d4eab8cb381b77da5945782e56c343e66d241a2472277f7e4820998f2a3ab

SHA512
d29213fc79f9276fdcf125b6bbb4ca9aac74ffe287e6cb8ae2421f61951599ad19711fe64796d76b64422b815cb309cb428c724c2f1bb3ff0a32342e0ca040f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\error[2]

Filesize
3KB

MD5
16aa7c3bebf9c1b84c9ee07666e3207f

SHA1
bf0afa2f8066eb7ee98216d70a160a6b58ec4aa1

SHA256
7990e703ae060c241eba6257d963af2ecf9c6f3fbdb57264c1d48dda8171e754

SHA512
245559f757bab9f3d63fb664ab8f2d51b9369e2b671cf785a6c9fb4723f014f5ec0d60f1f8555d870855cf9eb49f3951d98c62cbdf9e0dc1d28544966d4e70f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\warning[1]

Filesize
1KB

MD5
124a9e7b6976f7570134b7034ee28d2b

SHA1
e889bfc2a2e57491016b05db966fc6297a174f55

SHA256
5f95eff2bcaaea82d0ae34a007de3595c0d830ac4810ea4854e6526e261108e9

SHA512
ea1b3cc56bd41fc534aac00f186180345cb2c06705b57c88c8a6953e6ce8b9a2e3809ddb01daac66fa9c424d517d2d14fa45fbef9d74fef8a809b71550c7c145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\error[1]

Filesize
1KB

MD5
b9bec45642ff7a2588dc6cb4131ea833

SHA1
4d150a53276c9b72457ae35320187a3c45f2f021

SHA256
b0abe318200dcde42e2125df1f0239ae1efa648c742dbf9a5b0d3397b903c21d

SHA512
c119f5625f1fc2bcdb20ee87e51fc73b31f130094947ac728636451c46dced7b30954a059b24fef99e1db434581fd9e830abceb30d013404aac4a7bb1186ad3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9DC7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E66.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2380-8-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-4-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-3-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-2-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-0-0x000007FEF5E53000-0x000007FEF5E54000-memory.dmp

Filesize
4KB

Download
memory/2380-5-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-1-0x00000000003D0000-0x00000000004B2000-memory.dmp

Filesize
904KB

Download
memory/2380-591-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-731-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-6-0x000007FEF5E53000-0x000007FEF5E54000-memory.dmp

Filesize
4KB

Download
memory/2380-7-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2380-9-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download