Overview

overview

1

Static

static

1

Payload/Ze...roller

macos-10.15-amd64

1

Payload/Ze...bImage

macos-10.15-amd64

1

Payload/Ze.../Zebra

macos-10.15-amd64

1

Payload/Ze...s.html

windows7-x64

1

Payload/Ze...s.html

windows10-2004-x64

1

Payload/Ze...min.js

windows7-x64

1

Payload/Ze...min.js

windows10-2004-x64

1

Payload/Ze...n.html

windows7-x64

1

Payload/Ze...n.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2023 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payload/Zebra.app/package_depiction.html

  • Size

    644B

  • MD5

    32fcac54fdfe9158497c1ef2920d7156

  • SHA1

    25b20b3ce262dbd790e2d2c1a1748484c053bb69

  • SHA256

    018737a6ebce460a1a8f29b581450285feabda48260c158b4335b654d2b95566

  • SHA512

    605abb23468914a45ad11b8211b4bc2f1b43b3e2c7c442e8c30e26f7ad2e46584d9133491bb127aa44e3bef6f600546e4e1dbf58fe23cbd768ec423158fe386a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Payload\Zebra.app\package_depiction.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    da07e377c47617b1e20060ea89d6b004

    SHA1

    2f132c196b5a7c34cedc28ed937a345b2cde5a9a

    SHA256

    7ad9d61b844c804861663b8a908f6baaf8b88c3e94707e02b2ee00a77a56841f

    SHA512

    edb31577053a1e7e15d4835d933cb7e6bfd0b12ae8087e538fa21adcc104d80f1138a8371a2cc2bd57b07cda159fb56265301c697a5a7b1d0cdc3cc3c5a26ccc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    bb6ba34618338b69fc29b86b3fc5706d

    SHA1

    3c15e7d9c118d9cf95fc097ea6bd75b829377f30

    SHA256

    6f4fb4130bf09e8f63bfaf4bc2c2a7aa3b6b66eac5d454a7fefe56d19894dbe5

    SHA512

    7d2e6bf77bdb639bec6d79c2aa942cea6a18c1ef167b002c300097c33f53e1fc0f6cf2985fd2bd542045349b2c7551b3097dfb4bf99e4f1c8de3bf1223361be6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b33ab8b19c975d95a676043f03b57774

    SHA1

    8261160264a16b78f820527de3b862738c19378c

    SHA256

    e63afb4451cd88fc7eec31b74d1494e3398fa71199f5f71ca80955d011e509b5

    SHA512

    e2528b7e9cdc56a2a4c1a3177548966e27905580b7957c59283e048e08e9e568c531fbe636e355d8a8ae4753637ee7ee5ceba88193da770ccee47f37b841a554

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b337f0c626650dfa84a528075c32357d

    SHA1

    8d9d64b27d5b475611d1894dc4be7b8de3db811e

    SHA256

    f3d517d8e1d7eff405a5adc63151768993b6ea755db57c054fab6be9e242faa0

    SHA512

    3fab383cc47301f1137189f2e694a7b557dc38299d7a208ca564e2e674b9fb4793fdbaac965232b7041a813f788b5eb112c8fd3c99600a9f22ba5fdee645d079

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    12f5537f97a24f628e830a614a66a1d0

    SHA1

    2296ee8d38631c23e8dc3c23be435f9d4bd741df

    SHA256

    da9be1f58f7cfd7359602cafb33b11b16ac37aa2dbb2dd65204db07d642759dc

    SHA512

    bc47040d7678a20da3f3692de7ed6cf3179a946ef974fc9484d180c2f256abec4a9987a2c29176009daf3c6dbc65e716f5b66c38fd312a2168005367059c2d24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    61f29860330c62a2b8c556a2fe212644

    SHA1

    94b9f2f6ce7880350ca0a571cfa0aa69c559ce02

    SHA256

    a6bd701ccef92d4c3695d95a44642b3f9306791933a541fc7e8b9fd8c2fe87a7

    SHA512

    66364e513aebbd8b4f7cce756d7ddae709eaa8380c6528e3d95b842be01c12c2c55fe8d587b00ef7ca29b252631c286580ff39f96d1e769beee062753f3cfbdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e07e1b3737332e17df2d44372099a002

    SHA1

    5fe84becec12a653591152847dc2da09a6245a60

    SHA256

    8d5791ec6f6345c0c87e84473556444e9b6bc0c87409ffe53ecab0cf8143cdd3

    SHA512

    b5bc0a0904248d0fbc1d2507682f353f76fefd39e179b6e772ecfff7f05da9640432cae7758a902d7b78076ab1f4818ae2de8afb4389a0c86f219f37114ad303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    57a39c85019da9baeea8f98e233fbfa6

    SHA1

    2a8d81630c39a3b0397c307553a9512ac97e1af7

    SHA256

    6e7c059e992063b40ce426bb2819c3622187a8fda066b3e6b6f88e3327b369e5

    SHA512

    21d01f931f97023b473c2d03792e9d2e22b1410498fcac120cdac886c59c63a37c094d89b5d83d3564ccdc57fb1b4bb1f7fc48d15b8d2ef0435da15c4ece8cd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e9cfd519159cbf7047a345fa9e36a2e4

    SHA1

    8539f5170504ea95fc1549f0bb394b6bc9791240

    SHA256

    322f31510e6d54fe40e56a83ca9d01897ff5bb69ebc9b3c34e689128eb2446fc

    SHA512

    2c4e26e35cc30477839769286748904c7f4885c792bd07a523c8a6af5182b2f3a4b73235e035b12e47c7240f5b4f957e7b7677eaff87e28f9a7dd594873e6396

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4AF8.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4C39.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WFJAQG1K.txt
    Filesize

    602B

    MD5

    971a1d4ba780d8a6029e2571084b5622

    SHA1

    d13bc04e18e478a9bcf21cae65f390ecd722a4fc

    SHA256

    13664980ba5dd3bd7546d8ace924613b070e280d44e414711be670eb8e798827

    SHA512

    8444899d2e79a90b6fdb30ed058852a737ad1e2d872ed3ede69bd9116755833ae14c614569cfd7fff94ced775eb3d13b90d57602f093049c1a21480647bdfc41

    Download Submit

  • memory/680-55-0x0000000002D70000-0x0000000002D72000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1544-54-0x0000000002040000-0x0000000002050000-memory.dmp

    Filesize

    64KB

    Download