Overview

overview

7

Static

static

1

URLScan

urlscan

1

http://sakpot.com/ev...

windows10-1703-x64

7

http://sakpot.com/ev...

windows7-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-04-2023 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://sakpot.com/evon-executor/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://sakpot.com/evon-executor/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1852 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1808

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab617fe362a4b346846b4e557b438484

    SHA1

    a8dc174b46c65a3109675cef5a8227554ea8e60a

    SHA256

    5062b9e76b108138c2bdfc4c418040ddc9ed2781ebe6afcc2677d3f1bfd019b2

    SHA512

    623be1837a0fe1d704f568756dc985ec5076260ae83e6a27c3aa93234f76f2d30a701d76bb5cf1d6e692c3694d38a6d8b6286bf95a287a249568ebe6143f3258

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86782d4cd4fc597b139269a20efc8ba2

    SHA1

    d7e5bf5a21847543865418d6e7d8b763972e17fc

    SHA256

    2832135f177ab2aa0215c6846eaf8d256a6d42f20a13f3896b6bd5125134097d

    SHA512

    d5e1a42872ab5abcdbf277772fdfe7c012bcc680f5f53c855f24cfd85d0f1cec8eed9447340eabddd5c413722778256bfa0c0a883a4b8feb6d1b3ea4d794fc0b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a05790946a045233d04d98c50bf1ae63

    SHA1

    158c3ca5cbf86438589d610985ce5aa9886eb05f

    SHA256

    1ce1d2a2d7775efa0c5c7255bbd1ec0af866d0cc8d418b23799fb9901535ffb7

    SHA512

    eacfd32ff6d047fcf390cd385472ceaff6f5b6ca952e689f456b9e8bc160f181c5ded1611954f1d3104404f65c23f06b8ab19e5fd34eca44cb81e0728c420b32

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3584bb760b9f424aad3e543b757fcc1e

    SHA1

    d421dc9aa842fdeb0bddd32213971d7e5d23b81d

    SHA256

    c4e640768bf15bf48292644a1cc95fff88c5dc339d2f04d1d1a2961466c0613e

    SHA512

    03e66820dd6492f7805d3792dac9997d096657a3ec984265a0656f45446f8785e09ea716f5e6c279578ab4a9acdaa7c5e9b6f92721f3d77667ee79cbd221bd2c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0421fa352b4c8085a26ebeb25e80d110

    SHA1

    0366a51b99314797654de9894a6854074dce430a

    SHA256

    dbd2151e0444a6d1b323bbe070193fe646df8f08e21d09f8b30c31f1fcc2ddd4

    SHA512

    b53a2a2cf9096e195a55999f829b14a024d3edc2914e39389259976e30159f573cf608d720acf63c3710f7c6100087ee07fa5f9c6ef92049e40211c41087ef98

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fe06fdf6afd51cb215f929d42d246ba

    SHA1

    ec9094689b630f77f8359e1cd0b0e28182f985ee

    SHA256

    4b42a449b247946fca9ec7ad87b6b7a9cf46702ade6a717b41e412c0965082b1

    SHA512

    36d54022fd5281b62213a464536bf49ef669a8d8d38729553bccc8d4095dcfd9b02d4b5025b971cc4ba3de9f777b2e23add7076bded8f0842428b632ca8c5f0b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ab7dcc5a09d7fec3fd18daa08ee072b

    SHA1

    81ff21dd3a5a169c95b3def0bd620fefa565ddbf

    SHA256

    abd20c32004dcba0dad4fa5120d045677e20c4f7206fa2c3ecf7ffe309e4b839

    SHA512

    26931b9cbde920c6d55c878848c489bb40498713c1a7a48fbba42fd191d4b451191149a083832a4007c2b11fac7ea7200831cc6d4ce23658aa28b9e98a36755b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c07f7025ef543531ac077f84773893d3

    SHA1

    be6f2df55c61b74aafad60a81ea3f87bc72ee89a

    SHA256

    402def5a118749444ccb9ae88b4dd0513e9bb77e20fdad90e40b62c7ffacd793

    SHA512

    a6a9f9fc4b41403706f815db3f5bfe8ef93219f41ef3feb792a3aecd922996b9ae7026261f61acaa7a270f891118ee4996a20b2e23b426293a99502ff5ecbb32

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fc1df0e0f592521dd8971d24b4fcb2e

    SHA1

    9dba421f14cdda15fe4edeb0e06abd68d6cdb796

    SHA256

    70fa37f2d2e914302a07d859c81e723a31c6e555acd64cdac2755c1fd074ff5b

    SHA512

    f12caba4067318278feeccdbdfb0e0029a733a3e30220daa2c8f9b4127a8574f674293c0881e57797d23384e5fc7c8d30dbdb145ac6bfdeb6b20838738a93775

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5094afd613c1844ed68207780c458a8

    SHA1

    e337a84a88f09e450be56e27b68c9659e9c491b0

    SHA256

    94cb537a9e5d38711040c07ec50bc0da5792831f78b99122ace9b1bec7c3e870

    SHA512

    03071d4bc732559d5f2a7b179f6dedcc55a4085fe05c04584e63ca8549167ea7a597ed112dc03a665e8546ded3a0d50e0f0c50188d2b6a3114f45e9299fe31c7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    461708f1cae9df1f183ff85eb8698049

    SHA1

    03243baefe8a0c411bc4e47a97fb676940452d3d

    SHA256

    5feb484e24c6dfe72efb80a3dc7cb106c26a25b25e8fe35f6fbc6ac21e6bebf6

    SHA512

    334e4431cf8831a6838b242c89bba342e6b40541bb70ea5e2b186a3d50404e4b1d1d88640dfb121cd10c4ea2f52333c00fc9ac3cd92d6a4dd8508f6736f4760f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZTPJYNO\pipe[2].htm
    Filesize

    235KB

    MD5

    0c1218c21d5f03592d06789897947806

    SHA1

    b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2

    SHA256

    1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209

    SHA512

    64feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZTPJYNO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab3AE1.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar3C7E.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NV8AHMGO.txt
    Filesize

    607B

    MD5

    5abd957940dda2527ef8f853c29db213

    SHA1

    ee3e256ae084431ac6b3382e5986a88084e845cf

    SHA256

    26bb617205d0f5b2becf2d29a3315094c8e3c50e17fb788db1082c899ba6aa51

    SHA512

    d999edc019c48c38442aed3ee721017c3f993a73567a7de1289485522b22ef0e1fecde39501585c8b2cc13e5a5c77fb5b9c5d908b48cb743f84a960f176b4db4

    Download Submit