Overview

overview

6

Static

static

3

EXETOOLS.url

windows7-x64

6

EXETOOLS.url

windows10-2004-x64

3

pm-setup.exe

windows7-x64

1

pm-setup.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EXETOOLS.url

  • Size

    50B

  • MD5

    69eeba0388f852e3131e781039ed52fc

  • SHA1

    dd8e6943da78f7b4b5a9f090de48eb92de10032e

  • SHA256

    ea1434dc20cda63db57fa4a6112767a1596407698a06daa65b49aa365c928aaf

  • SHA512

    b94cfacb4af372eb7de02e1b7bfab95a644550d4464278cfdf6bb5414f11c76695a74562645d88a2ba2749555e0b9594f2453bbec4f06adfbe1a7730787b4135

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\EXETOOLS.url
    1⤵
    • Checks whether UAC is enabled
    PID:2848
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0aaf0e685e9099a49f3e4f57b955275f

    SHA1

    8ee90911bb9d4b835eadc6695397630f83bfd14c

    SHA256

    db4b5a3b76fb08b39a949b21875a475703feb6dedb8a8d9767e016f6c27189b0

    SHA512

    8188569e5c11854fe3815ca2239d729a0aded236a0b14c5f72c248972722297b6eb34218fb8f5ddfcf5efabc53555cbe66b7f3e7ba7e8e43248671b1a331f8bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90d27bf1772f8dd67ec79b7b97ec2d34

    SHA1

    3a6aca7eef591038c235cda5c08f0c3d30e7b7ad

    SHA256

    8110bbf18a3a0af33e5d57cc72a56efd4502cd6c0917e5bc5221197bb74f6527

    SHA512

    400c96d368613b098114f36e99bebe1814caa71ddef5c1b1f176b623c6488e8b9eac3b813806c6aee16a846b9f276c42d02fb1c2643789f34f13b25d1233b7af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b45a815cd8d20cc0978f2bc62095527

    SHA1

    24cca4f66949c9af7da41ef85ff80c2f2a80450b

    SHA256

    b2cca75a360a9b06d07c944344c7664a9a0276f04fa4c47634cfd0f27f9b997b

    SHA512

    f3a72e34af1578b3c7c2ed04b8bd7679a2ebd8eaf116f9ceb3e408291e1a0c830eade0c09461feec0b90a33ca52fa67e94a9ded3271fd49bce267e41348e6a45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8802fa0c35037f91855993da869fa8de

    SHA1

    1bbeb6d427b0f0102afc0b6db898740763001014

    SHA256

    aab1960b9cbf340d60c1ec9743166196c7dd5d4354f47c7268592d69527f0a84

    SHA512

    9c848228fbebb142c0a7dd18ba582c27a711621456d503031e0ea6e7b6fab955afe91e3e3c7575a96c6ccd0e9a6d354ce0826c1e95b49f6636a5a61cf5984b04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1417d86fb9d590c8d2743e45f0cea9a8

    SHA1

    337b5bd2997de03219a93b0bb93ae78fe9f30bfb

    SHA256

    9fd62c4a937fcfab8e1add16c6435a253482052a84278912b147d06662ca63c9

    SHA512

    a52ef0f08c76f5acce46f43e66496eaa5feb21f15eeb958ed29013ec301898d63bed7a555dcfa633dd9d4bed72a4597e3401786912e596ea48f2a9a2966107ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3415a2710185a2ac5b0252eb2124e1d

    SHA1

    567fde3c3be095a29c4ab8ceb87ed31e9a8be3ac

    SHA256

    171565c1d11e3de617790332a9f90375e93bd3d0d6323e7d4d09817fa7284f1e

    SHA512

    4f3ce7bb41278915008bed800dfc7abdd9fc8b522becc4458b3ceb68779243a107dbd2041983a66b9963319f0eafa3f35e50a2760f389cdbb0a696b6266679be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    733a367eacc5947a2547ce479352486d

    SHA1

    70435ca166687a62afe74a2ecc12a946ede0bb4d

    SHA256

    3857c0577978c734d83404032d8c8c93fed780dd32df89656699009e8a7886a0

    SHA512

    c6e3cb213a2e9f0ba5622e8e8d9b9360fcfb4482c3dc59c95803325af710ea0151f5eeac9342efef85169e9b8df0db647650b585b438f5fcacc066b104d3e037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    32e9b8275064328b569bfd342157a6df

    SHA1

    e4b768933f2f9f9d235befe284f9065a0c2d901e

    SHA256

    577af126074e63dbd5c15a33e7cc90991ae074a8744000398a378c9fb1896917

    SHA512

    fc8b178e30458c2b39b60f724bbd71ee52d4fb3cced5bcd2fee2bab84051be2af6475e453ae29d87adb4586fc234e658c69b40182f86620075982b8ba872fb5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b2af47d36629515a56c90eaae7fe5ef3

    SHA1

    3e8001bfe6d14f3f8f93f6f478f4e911b62b5cf1

    SHA256

    4b66b8d81e80afff9ad7bbfb3c8be3e97882ebeaaf9c54e6fac52f6ba2deac25

    SHA512

    037580be9b9f1d663d2db42dabccca9af3b3764de19b4b36a26568ecda6ec7f5b92b2208e084b6bb6c41f63f3ea3b6fc31871dc190ceece055b931084c2fe6bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6455c19a6cb9bf5d97620710b4b890a5

    SHA1

    8bc77e090869eaf91c2c72de802d0ca5a5215b0d

    SHA256

    f396fde5b4baf89fca5dda022a3993e0b21b0b39f395a216eb77becf08ea0e5e

    SHA512

    3575611432f22e63f6354536b94f4cc9318b62ade701961d7c5a3103712ad11c1f03c80c24971bf85fdf3dbc86060c1fe4bde5e4ab1a5ddf928ad1fb6f1dea45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14d09f001b401bb652cfeab3b87ed353

    SHA1

    66f7c9dd78b635b572522d05fb8d3f0a55ec6844

    SHA256

    efd01e00716e198c939f8d1bc039153452b176114228c32ed004be6be75ccc2e

    SHA512

    07a2f1c9f166103c5aa65dfb60ff34d2ff42cb2575a2e09481020832b04cd094a13f5f5a982d82dbf7b42a9bfcaf7f30f7a78972431d20bde3979065abd0448d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ec452b669a3c7ff1f86d230b7bebf94

    SHA1

    2bd5b9948398f3397b2a15cf878eadf6226067b1

    SHA256

    dfaaccc978ffb1088104c24765afd696aa98f6c44c212deb1d435437c5ec7ce6

    SHA512

    5ccb7c9d513ccef0b762f9f4d340381856ceaffa2daabbc653b27fd00a30266e98776a31d11468152dd22ebda665fd45784e540a142199037023aa05912af0c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95af9ad34e4cbe9a7d7a6e5dc02b9220

    SHA1

    5a1ce8f18db066fb4bc8cff103762602a6f4f0da

    SHA256

    0b1a83e827d387681a1abe12942233dbedf45fda648e775f991556ac75fbe605

    SHA512

    6655cba06cc233dad8dfdc3140f2a40ea654bcffb73a24462efaccdd9611f5ba5eb38faf5ab084843af1fbf603dfd53ce3713caa314a623fb6bac0d9d7af01cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    babc3bc75cd3c4c1da022b119464ed1a

    SHA1

    368db1745042859c92cc0cbaddc1a848fc0fed7b

    SHA256

    bda9e876a1119138f1aa4d671dc712398dd6adf0bd9c014bfff2cfb13c0db4e6

    SHA512

    da1f81559712f5a3807a7e18bfd81643dbe2b3fcce3ffffb8268e837e91e0e166e7af6bd52985b54e96a5270062b92cb5cd6fa91539ab9d74b0bf4930645bffb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ecf2a8e9ef17d7279720d488889361d

    SHA1

    4d6ddfcc44ef8fe5d01354aeefeba693b66e0c55

    SHA256

    bf0e3764d2429c5c7ad4e07f1d821fdef2cb789691df51bd0932ae4f1db9ebff

    SHA512

    02c1a8a80269e152a75fe60ce1888c781dc9244fccdc8005678ab224d64831267b89705e359e854fdeb35d2717a952d7b731640e977e2a3b5526a2fad2cb175d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6B43.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6B84.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2848-0-0x00000000002C0000-0x00000000002D0000-memory.dmp

    Filesize

    64KB

    Download