Overview

overview

10

Static

static

14dd72dbb3...dd.exe

windows7-x64

10

14dd72dbb3...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2022 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14dd72dbb346aed2705902164c8cef34ff620ecbb410502d198884a9ee5186dd.exe

  • Size

    60KB

  • MD5

    514dc8978d67cc59de775b8b583325f1

  • SHA1

    499d3a758088f86a6aeccece4977d7fc4be1dc06

  • SHA256

    14dd72dbb346aed2705902164c8cef34ff620ecbb410502d198884a9ee5186dd

  • SHA512

    0b5a71b6d523ac623383293043843dfed7b944e055df914556f0c9d26a9bf96dbc1f4b300cf728a1250f6c563cc887cf58b22356dc28b75dd9c0c1d0ebfd2d81

  • SSDEEP

    1536:TkMbdmNYJZ1YUQ4BcDQX2oooD+AyxArAIVJ9B:TkAdmNYJZ1YUQ46QXMmAIr

Score
10/10
jokerinfostealertrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14dd72dbb346aed2705902164c8cef34ff620ecbb410502d198884a9ee5186dd.exe
    "C:\Users\Admin\AppData\Local\Temp\14dd72dbb346aed2705902164c8cef34ff620ecbb410502d198884a9ee5186dd.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.ma80.com/?2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:668 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1048
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 820
      2⤵
      • Program crash
      PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f3dfd10724738ee053f30d568b43966

    SHA1

    508359ca363be2c396eeff385d8caf124ea67438

    SHA256

    0b791fc385deb64fd781eedd0c905551ea086ed91cc9981b80ac15d77416bfe0

    SHA512

    4651ce3949bfeeb86c64b3b965adeeac03e350a0676c17e4a248d7c10994a7a335fe50eec1e2ab87c33ec3630aec2455e6240196977d8656b25c6b617f3e8bd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b2cee5d737aac643acfe0c0b380cc00

    SHA1

    810982652803de1d9a4066b6e7dbe625923092fb

    SHA256

    ce69a5b64a34cea97f226cdbb35c1be54b2071de74fc63a011baa16ca3a43f7f

    SHA512

    84b11fd347eef2d89898edb9cec3c01204ad0e70ba3e969b23fd0cb2ac9bc0fc82c569f57c65f99a19b8d89aa4ad23af3f04a739ad6d5aa984785ae1b0b67f17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    9b1fd5dbbaa617408f67a5db1f8e5ba3

    SHA1

    1257f698256cdc9528a827aa35d36a1fd88f6057

    SHA256

    2b9502ce993aad693f8b126ff11f2854cd6461ff0af79695f94d4c81dffbc01a

    SHA512

    5d64c4cc5b82bcea0b84aa24d2e52c55cfb3e160998793c384b0b6046a3f9a622cb00f88de1f79879c7b09ef82dc2c4e977d064dd94e75a71314e54aef5741bb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ERNB9S3Y.txt
    Filesize

    608B

    MD5

    d30a6f2382a449d4aede356879933e9f

    SHA1

    8de2c7311156bb32433561954cd402052ddcf75e

    SHA256

    6fed4fce4dc518647beb06de9f2c7c334c5449c1dc239651ccbee01ffdc66d27

    SHA512

    7f75c2723ad87e310fc104578d64fc1befca8be07efca9e8b751d4430ea3eab4b1f805a2b6d7f7663c5de1ac5fba26186f24ea45dcefa5fa73fab93df7d58ca9

    Download Submit

  • memory/1952-54-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB

    Download