Overview

overview

8

Static

static

1

disclaimer.bat

windows7-x64

1

disclaimer.bat

windows10-2004-x64

1

install req.bat

windows7-x64

1

install req.bat

windows10-2004-x64

1

main.py

windows7-x64

3

main.py

windows10-2004-x64

3

setup.bat

windows7-x64

1

setup.bat

windows10-2004-x64

1

start.bat

windows7-x64

1

start.bat

windows10-2004-x64

1

web/gui.html

windows7-x64

1

web/gui.html

windows10-2004-x64

8

web/index.js

windows7-x64

1

web/index.js

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    web/gui.html

  • Size

    8KB

  • MD5

    951d9d6dafedc809c079b0a1417cdce0

  • SHA1

    f97243a5c605517f3880b5538f3d3a2ae0cb2f63

  • SHA256

    84241f49dc4a21584edfb53d3fce0554ca7a01d134f8911b827fd511ebeafde6

  • SHA512

    90457147ebb361cd12d19b0a1a7ed9e7b6c88b686814cc201770a7312a036b11c8612bb5f56140a6debecbc65ac74ce8de7662d9a471803caa7bea9e6974d8dd

  • SSDEEP

    192:75KUJbVGJJbpo/MJb4C6JbBcJb9aARDXEnL0Jbi:lXujIcbh7QII

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\web\gui.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1588 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4715cb5f20ad78ec882400e52db0cc55

    SHA1

    5a0b577e8a19f3ec02d83b4abad7b61fb97b2881

    SHA256

    ec228e05f8093271af3ce3b3452369efa12df3d43c199d319f629990dbbb9c89

    SHA512

    a1d8331e1248ea5dc970fafc4586d2aa2cf5d7b9423617651b9899b11bea45e4ac9c350caa72dfb38d736717e41be1fd7d73f8693804824e14aedca51ca9eb76

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb6fd16b312bc6dc78832efaed325e32

    SHA1

    6d6ad5c0b62953cb91ea749a01860be20f2ab202

    SHA256

    1352afa3c2c78fe6a56778e186f11acb52a1f348c365c68bf6eca5ca71ecdaa5

    SHA512

    d6c9a63cd6f68154183221c9cf8703aec99927f17166a17623f4fb39d4ca4092ba6874073553b71c768d074baac01d0cfa50c16b1eee8a1f06b72a0768b5b354

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8620625b3089ab0fcc0f6221dc04e550

    SHA1

    6599ff37f9103f4662da8e82198e39f87875be57

    SHA256

    948657d85b68c28ac989d1660d82e6f1d5360ae18e0c106ce6186762caaba2e4

    SHA512

    9ba73461134cc5ad17475101961c3b734dee1545000ce115a045635cae74673e96047b64f0cac8b3b0be02f4951dc7e9eda7f2bc051316f16b2ef7ab18c70b09

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90faa69aaad7585a502dbf77c9fa20ed

    SHA1

    9b6f2735af869e8673a3b4f500cac7b7ca2450be

    SHA256

    2df073c3ecfe6a2ba0a145516f674b24c833471704b6fe4d6e617532b39f2150

    SHA512

    ab54ea5bd38c04f02283dffb6b40021a51a6cf2af3ac0efaf275a03a134ab7d9f411a0adea4bfbc39fcc2f2b9537e552d7512a9d57d4e46dc9d1e446bca56713

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    129007287584b0e87b5fa3a707654a8a

    SHA1

    80732e8980d621785393d0f17a1935e5fa9a511b

    SHA256

    33c57585716f6dc7311637fd8de1054008950d19581a8a934d47d3aed25519cc

    SHA512

    d577558deaf5f508f8d10cf64f995130d8b04a96b89eaf560fe233887f175289bef8a5833d52f37d8e7f69369efd57826382b104b155afcaadcccf3e241b037c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1abbdc2c7f201256b56e969570c43ace

    SHA1

    e6cd0d765fbad9e2a5c801f2104b9126b7642987

    SHA256

    887016b5bb73f2326503b9ce9efd978f61e2c97facd6fd92561c410d504ba09b

    SHA512

    70f04b59f3ff805aac133bc98040b2d21e004e51b3d4eb0dbbad528cd86f6604858ac76a2ca54b4bacf7dbacd0a82671780efcb283bd8bcb4df8e1e1382d1b8e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7163f77efe4eab4c8c23b80dd3763442

    SHA1

    14e297d2c701e3267e5a4b9b2757b6537cf9ba46

    SHA256

    64cb6e124498a51ab3f3fe941f65f4aa802997c993c1bea8f76031ce8649bac7

    SHA512

    b43612c88d5d3d5f8eea46d7625b108df382168826743c243bbe663626816af7232d8e62231cf6b0d5c81a2dcb8d8e4f3646e5c24908db3f352918e5cb487611

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c84426749b071310171371fd8d3eafd

    SHA1

    00193838ca3a274790d31769dc367e94e94f55fc

    SHA256

    fc90307bee5bdb7baffff313798470817491bb582db3c3850a8b1c5c510498ee

    SHA512

    86157443ebf173b1ddf6ed64703873657bcff49d7ae5fd7fab842c5064f02fbdfaa8cc8545cc28a265a3f75ef758c90df7d88f29b5011174819c5bda21a841ed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab9705.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar9B12.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B2TBXBZY.txt
    Filesize

    604B

    MD5

    f90de730b2a611d9fa09683810537963

    SHA1

    a0e2a59bf4808160271cc22759e5291b149e416b

    SHA256

    5c3859621bbdd3454b1b493b6e162df958abe19434ef0df837ecbe5c1ef33bcb

    SHA512

    2ebcbd3e969236f0362a9f8f6e32c63452d95b2e13656f157bcbe8ebf65dfb660dafdd9e2d49226f62de6ee2984d05c654473718252e6dcf7a031552ebc0201b

    Download Submit