Overview

overview

1

Static

static

inj/alior....x.html

windows7_x64

1

inj/alior....x.html

windows10_x64

1

inj/cl.and...x.html

windows7_x64

1

inj/cl.and...x.html

windows10_x64

1

inj/com.bi...x.html

windows7_x64

1

inj/com.bi...x.html

windows10_x64

1

inj/com.bi...x.html

windows7_x64

1

inj/com.bi...x.html

windows10_x64

1

inj/com.co...x.html

windows7_x64

1

inj/com.co...x.html

windows10_x64

1

inj/com.fi...x.html

windows7_x64

1

inj/com.fi...x.html

windows10_x64

1

inj/com.ga...x.html

windows7_x64

1

inj/com.ga...x.html

windows10_x64

1

inj/com.ge...x.html

windows7_x64

1

inj/com.ge...x.html

windows10_x64

1

inj/com.ko...x.html

windows7_x64

1

inj/com.ko...x.html

windows10_x64

1

inj/com.mo...x.html

windows7_x64

1

inj/com.mo...x.html

windows10_x64

1

inj/com.my...x.html

windows7_x64

1

inj/com.my...x.html

windows10_x64

1

inj/com.ne...x.html

windows7_x64

1

inj/com.ne...x.html

windows10_x64

1

inj/com.pa...x.html

windows7_x64

1

inj/com.pa...x.html

windows10_x64

1

inj/com.pa...x.html

windows7_x64

1

inj/com.pa...x.html

windows10_x64

1

inj/com.te...x.html

windows7_x64

1

inj/com.te...x.html

windows10_x64

1

inj/com.to...x.html

windows7_x64

1

inj/com.to...x.html

windows10_x64

1

Analysis

  • max time kernel
    74s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    25-03-2021 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    inj/com.konylabs.cbplpat/index.html

  • Size

    76KB

  • MD5

    8697c6e62ad1fb525b405131cbf22c7b

  • SHA1

    f66b7bac97338fab02ba45cb30f8231164b3c540

  • SHA256

    c78b7d09530d982499b4c2da993a8aad0e66a640a7c05c521e460e5e15c7152b

  • SHA512

    3fb4c4395399bbd79ce9c9bdce347184068bd30afab09f6abc5fd5c24b398a1371c3536bcf0b32b2dac7e14ccb68ea9af2a0a3c61be961df4f2f4f18708da80a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\inj\com.konylabs.cbplpat\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1380-2-0x000007FEF7F80000-0x000007FEF81FA000-memory.dmp

    Filesize

    2.5MB

    Download