Overview

overview

6

Static

static

happytime-...er.exe

windows10-2004-x64

1

happytime-...ig.xml

windows10-2004-x64

1

happytime-...er.exe

windows10-2004-x64

3

happytime-...58.dll

windows10-2004-x64

3

happytime-...58.dll

windows10-2004-x64

1

happytime-...56.dll

windows10-2004-x64

3

happytime-...ig.xml

windows10-2004-x64

1

happytime-..._1.dll

windows10-2004-x64

3

happytime-..._1.dll

windows10-2004-x64

1

happytime-...40.dll

windows10-2004-x64

3

happytime-...me.txt

windows10-2004-x64

1

happytime-...rt.dll

windows10-2004-x64

3

happytime-...ssl.ca

windows10-2004-x64

3

happytime-...sl.key

windows10-2004-x64

3

happytime-...-3.dll

windows10-2004-x64

1

happytime-...-5.dll

windows10-2004-x64

3

happytime-...st.mp4

windows10-2004-x64

6

happytime-...al.pdf

windows10-2004-x64

1

happytime-...40.dll

windows10-2004-x64

3

happytime-...pi.dll

windows10-2004-x64

3

happytime-...n.html

windows10-2004-x64

1

happytime-..._1.dll

windows10-2004-x64

3

happytime-..._1.dll

windows10-2004-x64

1

happytime-...me.txt

windows10-2004-x64

1

happytime-...me.bat

windows10-2004-x64

1

happytime-...ot.jpg

windows10-2004-x64

3

happytime-...ssl.ca

windows10-2004-x64

3

happytime-...sl.key

windows10-2004-x64

3

happytime-...al.pdf

windows10-2004-x64

1

happytime-...40.dll

windows10-2004-x64

3

happytime-...pi.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    74s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2023 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    happytime-onvif-server/config.xml

  • Size

    3KB

  • MD5

    de899e5dfb3247bbb9ee1a0bc4d25721

  • SHA1

    1e03ca68988763bb4b4323f865bba6170aceae03

  • SHA256

    eca58d8fced06eba3474edd427bfbb706081c9fe0bca345dc218da9cb364666c

  • SHA512

    56ac792fc762b8cc08b0cb775925e5ecee4cd33ab5185ae7d4a3b907f1344f9ae2a370a90b14f457150cc06437882c53d578d1817bb9afadc98d501ef4bfd476

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\happytime-onvif-server\config.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\happytime-onvif-server\config.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4972 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4360

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b011d2725e33c0bae4cc6110f1228caa

    SHA1

    98595cb1500ab32b457063d29a60a8ae5496b49b

    SHA256

    cfb146a5a70caac0842df76ab5cffbb524b9964c4a4250473189d053f24ea9ae

    SHA512

    60e98f54414f8e14185dd66570b6f4e1cee6471648b700391e59042249e9546d9baa19a6dd0c0b6b8ea17e1eb4059303b7a584507624d0634a50d957af21bfc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    b98c6af1a7c1bfb41bce1f6f70874788

    SHA1

    0b1e67b4b75098affaf04867d5544198e11cc6ba

    SHA256

    449efee17910d8f14243fbce3947b11b4b54d5ac1d09aeb3ffa9e1632015a73f

    SHA512

    791f77c73630518c69e9186b8f1da425f33601a76b7b3e6b7932c89e29b470c62acf14dd29c2ed7c8eb6ed5e21bc8f202f877ed9c2d92a7957e37f3eef007c1c

    Download Submit

  • memory/3612-132-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-134-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-133-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-135-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-136-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-137-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-138-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-139-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-140-0x00007FFDD3350000-0x00007FFDD3360000-memory.dmp

    Filesize

    64KB

    Download