Overview

overview

7

Static

static

1

ALTools.exe

windows7-x64

7

ALTools.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-04-2024 19:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ALTools.exe

  • Size

    851KB

  • MD5

    8758b8fab32b20113e8b4c7f93f1d359

  • SHA1

    3a3b0d7fc1f166c496c8072c17ebaafe1f382d1f

  • SHA256

    b2b439713b9b50f447e07ddbe7a3462f7bc129e8e1e1b49c4352a7c396912381

  • SHA512

    88ae2901e5860d802ef38fdaaf76ee936ba475973b1b5a047fb2811167689a6d48fb9c03353fb50a5f22f77a0f271ce01d3cbd97a2cffa83c7f46204f8aecb78

  • SSDEEP

    24576:1LpbSucGILJ4PVTxFMY9FYFKm5nhd5sG1SvQZ53l:1LpOucGILJ4PLbiFHsGkQZ53l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ALTools.exe
    "C:\Users\Admin\AppData\Local\Temp\ALTools.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2300
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2816
    • C:\Users\Admin\Documents\eventcombMT.exe
      "C:\Users\Admin\Documents\eventcombMT.exe"
      1⤵
      • Executes dropped EXE
      PID:516
    • C:\Users\Admin\Documents\aloinfo.exe
      "C:\Users\Admin\Documents\aloinfo.exe"
      1⤵
      • Executes dropped EXE
      PID:816
    • C:\Users\Admin\Documents\aloinfo.exe
      "C:\Users\Admin\Documents\aloinfo.exe"
      1⤵
      • Executes dropped EXE
      PID:620
    • C:\Users\Admin\Documents\aloinfo.exe
      "C:\Users\Admin\Documents\aloinfo.exe"
      1⤵
      • Executes dropped EXE
      PID:2244
    • C:\Users\Admin\Documents\nlparse.exe
      "C:\Users\Admin\Documents\nlparse.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Documents\aloinfo.exe
      Filesize

      1.3MB

      MD5

      bae3b4de715013df2c739eff3fe6010a

      SHA1

      e0cdf2138db8b65515a2fc2230fffd620fa2c138

      SHA256

      47ed995e3239b8e11a0faf6205559368cba851ccc7f738266f7eaf5e5df5ab20

      SHA512

      62113a501edfd5c8df74d03a52dc56dd07c4606affa989f9e35ed0253f254a727cc11301b03ec53fc354da84ee3fbe98dcb3382b1909968b4e4576a72f2ce626

      Download Submit

    • C:\Users\Admin\Documents\eventcombMT.exe
      Filesize

      797KB

      MD5

      b8532ebc109723c7dd0d9857fad9e9b5

      SHA1

      828b9b6758222ff0ea369cd540df5f2b1cb8e976

      SHA256

      4abe75b1a2dce146edbd3685259f91dd441c041d7277dec541352751a1d75b90

      SHA512

      a7e20bbe66aaf74548a5901a537cc8cba89fbce201b5e83743014e77614e859f8f069a5e161659f20d3f310d17b4e7a17ac59d5c8c20c4e47b2f2cd59c8b1500

      Download Submit

    • C:\Users\Admin\Documents\nlparse.exe
      Filesize

      40KB

      MD5

      fc8f026039fc95bfa2f8d02371c7d537

      SHA1

      81aa7cbd56dc96f8e850b4293ff87212eca22c5c

      SHA256

      7c347d64fd583bb71b95cc3e2cc61b488c097a28327eed98597107bec396e802

      SHA512

      b10ff676c3331f2342e7596149c2e6c1c9d5b8d2cf6d699b6898b4de2385963981015fef88c8862aa59c3d77158f8b913463f0be67773cf53c34276ad3bf6069

      Download Submit