aa5eec83a47ac316a7250d448bade6b0704b15cfa5976bbe9ab736f2d3de604b

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDM Full Toolkit 3.7_[tienichmaytinh.com]/IDM Full Toolkit 3.7.exe
Size

1.4MB
MD5

e22b4230b6d2004c853aa5fcea60a40b
SHA1

d268b24e71271c8defea791396e3d5a0fbb8b8a5
SHA256

5982eddaebffe583182e319188fee78196086ec34c51b3b40550d345c8a17537
SHA512

0644d72edb02fe48b0ac92538568958c115b976dce8b400ace3ea4358040b5d957e98e9171dec958d4ed27a2dbd386713d890d21497b7377e519e5b04f2c0c6a
SSDEEP

24576:g4GHnhIzOaGGLIVTEZlTLAm5a2HgJ2A8+3doe/ALDq5a2HgJ2A8+3dklMJlO:HshdavMAZTAv3ieEwAv3ilMJM

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000800000002326a-13.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
3812	IDM Full Toolkit 3.7.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3812-0-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-1-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/files/0x000800000002326a-13.dat	upx
behavioral2/memory/3812-15-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-16-0x0000000010000000-0x000000001000C000-memory.dmp	upx
behavioral2/memory/3812-32-0x0000000010000000-0x000000001000C000-memory.dmp	upx
behavioral2/memory/3812-31-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-33-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-39-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-41-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-47-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-51-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx
behavioral2/memory/3812-57-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	upx

AutoIT Executable 9 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/3812-1-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-15-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-31-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-33-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-39-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-41-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-47-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-51-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe
behavioral2/memory/3812-57-0x0000000000AF0000-0x0000000000DFA000-memory.dmp	autoit_exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3812	IDM Full Toolkit 3.7.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe
3812	IDM Full Toolkit 3.7.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3812	IDM Full Toolkit 3.7.exe

C:\Users\Admin\AppData\Local\Temp\IDM Full Toolkit 3.7_[tienichmaytinh.com]\IDM Full Toolkit 3.7.exe
"C:\Users\Admin\AppData\Local\Temp\IDM Full Toolkit 3.7_[tienichmaytinh.com]\IDM Full Toolkit 3.7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4468 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WaterCtrl.dll

Filesize
11KB

MD5
bba691a0e242d39187ed84e004475c29

SHA1
a5da2291939da15b08cc622827f17b76c74df6f1

SHA256
fa8dee782548b4217f227aaca2b144909a6a688a018970c5f9105e2eefc98b23

SHA512
474f8284be6938d51e12e7d1d0c26d0405935ae294770454018589e9540fee07799069ce214ba83c2dc95ead3cc46db9c4799bd88a429621dc6009b48a46339f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tool.jpg

Filesize
2KB

MD5
027411051fd2cb47b7e283994c2e3feb

SHA1
f06bca81d837ddae5fe05f8d81a5c95bb60b5fb6

SHA256
f4495c14985d9b0836b6f556bd03b39760ee6a8f9ab2459bdb21a914c0a5180a

SHA512
9ae01e914eccdc29eff6656c4bbcdca51c38adc6e4316f540d20b459316c1ddcaea45d20d494e0ca116fa386094133dc63a6dfa064fdbb5eb98de25ae7c13445

Download Submit
memory/3812-32-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/3812-15-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-16-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/3812-1-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-0-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-31-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-33-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-39-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-41-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-47-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-51-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download
memory/3812-57-0x0000000000AF0000-0x0000000000DFA000-memory.dmp

Filesize
3.0MB

Download