Overview

overview

7

Static

static

7

KeyMaker.exe

windows7-x64

1

KeyMaker.exe

windows10-2004-x64

1

everest.exe

windows7-x64

7

everest.exe

windows10-2004-x64

7

everest.chm

windows7-x64

1

everest.chm

windows10-2004-x64

1

everest.exe

windows7-x64

7

everest.exe

windows10-2004-x64

7

everest.url

windows7-x64

6

everest.url

windows10-2004-x64

3

everest.html

windows7-x64

1

everest.html

windows10-2004-x64

1

everest_bench.exe

windows7-x64

1

everest_bench.exe

windows10-2004-x64

1

everest_cpl.dll

windows7-x64

1

everest_cpl.dll

windows10-2004-x64

1

everest_cpuid.dll

windows7-x64

7

everest_cpuid.dll

windows10-2004-x64

7

everest_icons.dll

windows7-x64

7

everest_icons.dll

windows10-2004-x64

7

everest_mondiag.exe

windows7-x64

7

everest_mondiag.exe

windows10-2004-x64

7

everest_rcc.exe

windows7-x64

7

everest_rcc.exe

windows10-2004-x64

7

everest_rcs.exe

windows7-x64

7

everest_rcs.exe

windows10-2004-x64

7

everest_xpicons.dll

windows7-x64

7

everest_xpicons.dll

windows10-2004-x64

7

everest_zipdll.dll

windows7-x64

7

everest_zipdll.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    everest.url

  • Size

    48B

  • MD5

    34a8aa1f07991b29b918886299bf96b5

  • SHA1

    90b11e21e9cfa5d7929f1aa910703a9dc8c82e1d

  • SHA256

    3e24b3f22618bd99c15227b3868d7d7a6bce3f2c735916bb2a1417f0c9f6b3d9

  • SHA512

    4cc1d3b0b69bb8e093d2f6a6b1f4551a0bc254c43ed8bdb464936a18d925d1ff25fa1b9b781cc66c19c409e836676355f6bce253a9a46673fb37f90e73a51057

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\everest.url
    1⤵
    • Checks whether UAC is enabled
    PID:2228
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02470ca050e17b991359ab97ace78948

    SHA1

    e5d225240fd0750d0e07749c567b8260f9e7d13b

    SHA256

    5bd725532209ac737642a9240bbb4a85e676ce9c240baf0098189718854add74

    SHA512

    9f61cc8c18dd33cd77b89fac0de9dd84427f1deea9a96442d5270f33f532d70d01789969079f9baa89c8d2632feb9223cd28e0016d56d41a26fe39ca8b029091

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f11f43131c255abeafd55fc6098a330a

    SHA1

    4e9cd7e2f01cc8e15754f2b5463ac492a6e85995

    SHA256

    167421d002df212d096bf33241cf728bccb0bcce4940886afa3e8bbe5d23efae

    SHA512

    d727cce9ff62cb79f853069d02076d985cc628f781bae0b0a34f6963849370fe3267a58d1529000d8977f5f38b09aea4fce0e6f4ba5c6a7a77ec392818f5c68c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7269924ca044d9f0250678f3d36ab4a

    SHA1

    50e99f1931eac7b10b41a368feaaa147d2d1c253

    SHA256

    79091bbacb130d38ee1d14120335641c291d2b9862df36619d2a23b856bce1de

    SHA512

    70dc9b8b8cc77c293966f28af5e8d9626d76870d0bb180fcc9ab0c2af664c9ae3642883d46b3663c10eb0af6d4fa1d3c1612de5cc92ba9d3ac932a15c39ee4ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c949b71ca1df255173ed6fca21a9c3f

    SHA1

    df1d7d73f01cc989d072a8fac8cc315b0f2a8dbd

    SHA256

    3e84f07818f6681b39120d1d20653d4fa93badf29a2ff9109942366a829e16f2

    SHA512

    d8573f24b30e7f2eea5a59e76de905dbd1d556e4130e8eac301283c309e1c454603ab8e853a6a2f5d46fdab0343cfbc81486e26d1d70070eb8026990d9acf46a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ffbe7d129b5407de629791f4661c86a

    SHA1

    95c79d271eeadc79bc7d3287df0ab551f6d3033e

    SHA256

    786a82288b50481fb8b1271d6cedf266b46ee7f094c4f0ef38a7eb8a88b14ff5

    SHA512

    e4a4952a3411694490cfdfac885e3ea4a50c5bcc67c58c252700e18be7bb7c767ef4f92322dd2a6181ef8428aa1bb8ed2a3461b820366c7987c07e9eab37be17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8eda42be9fa88e901c9f6b723075d4ba

    SHA1

    e14a952d5f2aa2efba3ce85c3805b8c943eb0d7e

    SHA256

    c7f6246e52dff40d899c63ae38c06baec7117b3f08a08189306630212576b7c3

    SHA512

    f3e4f9d007205b0d916d1feaea672cccf43f5e851cdafbdf34f047df794790f25b24857e8460999f46941511a2b0677fbf237a3ae75db805ded458c671a47667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f79d9816d896755aa0d26bcd0b6a739

    SHA1

    174d119a5e6172a6a85b420e6f7e786f81e89435

    SHA256

    90250eb94291a88638c002cc114c964cef00f9a088263cb0ccd02e5201d663d7

    SHA512

    5128e1216be89bba5ab3db00e5c53b025ea14ce99bd75ce00b5d5783359f93e712db074c53a90b1f85bac8b89ead7be47165e2484edca90a529f37f96f89a470

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2dc6cd7c5e8fc6fdee8e5b9e4e6321e3

    SHA1

    2ef892ea4fb154b168274a1114d2fb4acf0972d9

    SHA256

    f69b63e1d5d77731dc148dcd92139598928de845e5b6d082a356f10712047c69

    SHA512

    8cff41dff286687c693dc3876b54b5aec9d8407637c28ea17d5d9cfdf1a81e344ef9642a1de0e5cfc53d982665fe6a7ec6d1efb8455b49f4ab211eaaa73d5c8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f15790aded08b886f771a16629551d69

    SHA1

    8f83fcff8f9d1c17fd043d7686d1d825d95d7c68

    SHA256

    bb8289ea0291fe79eabd9f2e169cd68aa002cf2baa04c2d5b6228248da4d05a9

    SHA512

    366df9eadf485504630b97c9a87915229d3bab85435091ca06a8e89e66390c5a96e0d45ef3a0ea61ec05836f8a55e1786059257859439a9bea7d50e8f6415321

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d28c65337b1b387eed7d025eba0548a7

    SHA1

    9c4e4234a8f6ca296e8b81b2482475ea844fb9ec

    SHA256

    ca0eccfa64df656402231616f5731f2d9623fcf9b713006980426aaffca83d95

    SHA512

    8901b63d0c2bfddfba3027030649a1fe0c459868554605fad8bc5ce735c4a59ce1b42e2277b7d4a2d2a15f2cae711d5e5af8d20f89ff33b188f986a2de8b967c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aeea2adcc8358a40713850690b031e65

    SHA1

    a26e4826bf60941f9228dd2dd4cc224a5f7dbfd2

    SHA256

    6e2fb6b7ba940ea8168dba93744f29bf878cc1f469c99088aecfa3793eea8f80

    SHA512

    b64e5a77f527d16ab682999894ab56feb5e533fdb329856461cd35c36a5cc3c8c795335f035b32c421fb0e6ef316b94ce04eba1df27d6642f096ab3653a17814

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23fd8a9a60da4b9eb3a29a60ef6942ea

    SHA1

    a3c06aa238f8cce3320f0c4bbf8055a81a52fb9d

    SHA256

    0b09383e54f72475261706f5db034b51b3b9ce2cf8e7b712072674052516dffd

    SHA512

    d361533fc1c9c9feecc8c0e6a8545557661c8431223c5374a27653bbdfe9ceb5f629320001737facb18ad215f84c4975ec6dd06010a3f692fff2d79f6baba25a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08e09447456d1a8bbbc0fe713d06b15d

    SHA1

    ee9b12292e642999a797bae2dff0e80ef39ff7e3

    SHA256

    8cb017d20b383f5cd9cfad5b3f926b648beb3c940c87689b72a259f856b2855d

    SHA512

    62fbb42a57479e5ffc62717a835dbdae91b204aabad00c3413a0fd0b09c2446ffbb8d91a9a4b8f4277ca0b4debbd5c5fdacaa159e030eda5ffd0952527eb46c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7082.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7101.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2228-0-0x00000000002C0000-0x00000000002D0000-memory.dmp

    Filesize

    64KB

    Download