Overview

overview

3

Static

static

3

avatar tool.zip

windows7-x64

1

avatar tool.zip

windows10-2004-x64

1

avatar too...ls.exe

windows7-x64

1

avatar too...ls.exe

windows10-2004-x64

1

avatar too...ls.exe

windows7-x64

1

avatar too...ls.exe

windows10-2004-x64

1

avatar too...on.dll

windows7-x64

1

avatar too...on.dll

windows10-2004-x64

1

avatar too...ls.exe

windows7-x64

1

avatar too...ls.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    avatar tool/Avatar PSN Tools.exe

  • Size

    139KB

  • MD5

    18183e2be4fa30cf4f818c7969e4ee57

  • SHA1

    165306852c3c78177eab02b42bed228e8aa0e2d5

  • SHA256

    3b1076a41323f422a14c4496c370678d3f083d9d731ad9aae6c4676a3f32cb6e

  • SHA512

    c419c0f9c38d78b21d66b65237107cdb791132f060195e60c496e2b0bbb33d1697b4c79e8ae0c5166daaf8020e8ab4d1f995a92a9515bbe0d4e81d06f280cb67

  • SSDEEP

    3072:cIzgaYv9HoBifPBPk0AH1a0yIdi3IQox:cEBqjXs6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\avatar tool\Avatar PSN Tools.exe
    "C:\Users\Admin\AppData\Local\Temp\avatar tool\Avatar PSN Tools.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=5.0.5&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7b9e6c08b80e19acc383457718c9c15

    SHA1

    370d87810a3f648010e8f289048f99f24cec2788

    SHA256

    fb3f0271aeb19d7074c80cc714c61b2346d3532294f23ad5794b074057114ec3

    SHA512

    030c2e9866890c081a0e7a77fd38bcfd464d6a956a0cbfddc5a6519ea8061e74fb65847fc7a7d04bb1b6cb3ccadc89981ca6f53c84cb0ba56ae7c2916cda75f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    165d782e2c136337493af28bfa01d6f3

    SHA1

    2058f60b85b1a0e28df80f524ef7e73a4b849baa

    SHA256

    e7bdfb2e416c02abf98d033f98e3c96dce015a1174bb8ec0ba273bbe2cb18e3c

    SHA512

    999d035cd5f5c093fcc39ce4278343944c957779c7aa5ead139a3cf669ac79d8b289f8c8017cf5c748bf908779490581865a5137accae13a34c941f334f23ddb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5ba6c0173107828785858519052b690

    SHA1

    58d70cf6487ee050f3ce342fe6d525e9c2ed7a06

    SHA256

    b674f2f9ac41ca1fe0dbeffb624c4ae4d55dcb9be9660c8b98e8857c0bb205ed

    SHA512

    555fe1eebf6e4e9d27cfc990f0adebf04ac55bce1ef1a833a45edaf3dedd341ec5cffe0909f8ebdc9b67ca71ffbfc61d10ab77ef9786333d9951682bef91f0c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76f93f3c8998b983ae1f55543de2616e

    SHA1

    112d69f2c19ce35f02fc74d431924099ca652531

    SHA256

    99d8e85babd64a22fab520666143b306c81f129eae15ec7efde2c36eedb9b170

    SHA512

    74bf7fb30097dc3d04e1cde6f6bdf8bbdc449303a05af20adf926b4d6819ad77f10cfacfb4884f30703854725af2e075a4145fa6ee327e9c87d7969820994820

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d9e7b2800c4001e45488c839fb741ca

    SHA1

    73fdeab9fffd35090c92b97f02630aa4887cdf99

    SHA256

    29b367040e6f3ee0a7384366a4376802cbe7c86ebcf294c2cfdb31e7efc1eea1

    SHA512

    d2cd0328af004b2d56eda86dc5a81f7323fe9865a282d27d509cae4b9ccde1357b2422fe0ff7084e3fa3585be4d61a5d5c282aad13ae0eb04bcd6c1847e4afff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abc1d998554f76ef468606f9bb480007

    SHA1

    ec87ce4a1a28ae1ff5056d6f2b0e8918ddff2f97

    SHA256

    2ce966a18fc8e09f119b21dfd1a3bdae3f120407262e83fe9c45f3fb89c6c20e

    SHA512

    76229ee34e70d759e7aac1e2dc07ca275a8faef2bd1ca4831843d9297db46f77261f51bcb7a38c80051f73568e94f56a6485eabd39a68184c223b24232c55fe1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e8c8c4763488355276af0a02caa3e3d

    SHA1

    9f48ad2c13baf9475902308ae846a43705e94c4c

    SHA256

    55679610974823f0b2225df0b5c380aaa8b3dc5e1c7aa1c5afc4753ad004d480

    SHA512

    992e03c196af72eefd7ab1a697d3d0a1a605ce0db789c6a193edbe95295c99dc9b9c00d6927b7736138f137a379eff34ae35edb9f22d6bf9daae1afb8a5c7b54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab542A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5579.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit