aa5eec83a47ac316a7250d448bade6b0704b15cfa5976bbe9ab736f2d3de604b

Analysis

max time kernel
149s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDM Full Toolkit 3.7_[tienichmaytinh.com]/IDM Full Toolkit 3.7.exe
Size

1.4MB
MD5

e22b4230b6d2004c853aa5fcea60a40b
SHA1

d268b24e71271c8defea791396e3d5a0fbb8b8a5
SHA256

5982eddaebffe583182e319188fee78196086ec34c51b3b40550d345c8a17537
SHA512

0644d72edb02fe48b0ac92538568958c115b976dce8b400ace3ea4358040b5d957e98e9171dec958d4ed27a2dbd386713d890d21497b7377e519e5b04f2c0c6a
SSDEEP

24576:g4GHnhIzOaGGLIVTEZlTLAm5a2HgJ2A8+3doe/ALDq5a2HgJ2A8+3dklMJlO:HshdavMAZTAv3ieEwAv3ilMJM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000015cf6-12.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
624	IDM Full Toolkit 3.7.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/624-0-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/files/0x0009000000015cf6-12.dat	upx
behavioral1/memory/624-14-0x0000000010000000-0x000000001000C000-memory.dmp	upx
behavioral1/memory/624-32-0x0000000010000000-0x000000001000C000-memory.dmp	upx
behavioral1/memory/624-31-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-93-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-171-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-173-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-175-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-177-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-179-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-181-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-183-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-185-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-187-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-189-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-191-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx
behavioral1/memory/624-193-0x0000000000FB0000-0x00000000012BA000-memory.dmp	upx

AutoIT Executable 14 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/624-31-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-93-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-171-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-173-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-175-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-177-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-179-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-181-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-183-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-185-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-187-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-189-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-191-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe
behavioral1/memory/624-193-0x0000000000FB0000-0x00000000012BA000-memory.dmp	autoit_exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
624	IDM Full Toolkit 3.7.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe
624	IDM Full Toolkit 3.7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
624	IDM Full Toolkit 3.7.exe

C:\Users\Admin\AppData\Local\Temp\IDM Full Toolkit 3.7_[tienichmaytinh.com]\IDM Full Toolkit 3.7.exe
"C:\Users\Admin\AppData\Local\Temp\IDM Full Toolkit 3.7_[tienichmaytinh.com]\IDM Full Toolkit 3.7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
47e7987b8335e5b6cf20111cd91a84fc

SHA1
762be9242ec0e6f6b2f58795a5bd647db28784b8

SHA256
b84f32d26e39083d9d362e4abac8ca0e1c8df8da6c0916064f2e5953c5810a90

SHA512
bf2b7bcc0b80e0ee9e746579a6fa6b39375135ccff7e55e39fcb1021f9029cba5aad396a44bb54222abdf335c069165dd5f013fad7fe6e9be23c57976c8c4d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6482.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tool.jpg

Filesize
2KB

MD5
027411051fd2cb47b7e283994c2e3feb

SHA1
f06bca81d837ddae5fe05f8d81a5c95bb60b5fb6

SHA256
f4495c14985d9b0836b6f556bd03b39760ee6a8f9ab2459bdb21a914c0a5180a

SHA512
9ae01e914eccdc29eff6656c4bbcdca51c38adc6e4316f540d20b459316c1ddcaea45d20d494e0ca116fa386094133dc63a6dfa064fdbb5eb98de25ae7c13445

Download Submit
\Users\Admin\AppData\Local\Temp\WaterCtrl.dll

Filesize
11KB

MD5
bba691a0e242d39187ed84e004475c29

SHA1
a5da2291939da15b08cc622827f17b76c74df6f1

SHA256
fa8dee782548b4217f227aaca2b144909a6a688a018970c5f9105e2eefc98b23

SHA512
474f8284be6938d51e12e7d1d0c26d0405935ae294770454018589e9540fee07799069ce214ba83c2dc95ead3cc46db9c4799bd88a429621dc6009b48a46339f

Download Submit
memory/624-93-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-179-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-32-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/624-14-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/624-0-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-171-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-173-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-175-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-177-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-31-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-181-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-183-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-185-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-187-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-189-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-191-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download
memory/624-193-0x0000000000FB0000-0x00000000012BA000-memory.dmp

Filesize
3.0MB

Download