Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://improplus.com/

windows7-x64

1

http://improplus.com/

windows10-1703-x64

1

http://improplus.com/

windows10-2004-x64

1

http://improplus.com/

android-10-x64

1

http://improplus.com/

android-11-x64

1

http://improplus.com/

android-9-x86

1

http://improplus.com/

macos-10.15-amd64

1

http://improplus.com/

debian-9-armhf

http://improplus.com/

debian-9-mips

http://improplus.com/

debian-9-mipsel

http://improplus.com/

ubuntu-18.04-amd64

Resubmissions

19/04/2023, 13:20

230419-qk3btace7z 4

19/04/2023, 13:14

230419-qgt62ace6s 1

Analysis

  • max time kernel
    72s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/04/2023, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://improplus.com/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://improplus.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2600

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    f7dcb24540769805e5bb30d193944dce

    SHA1

    e26c583c562293356794937d9e2e6155d15449ee

    SHA256

    6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

    SHA512

    cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    2a7fc714134ae90293fce5a1d9697e16

    SHA1

    c29dab1a5e37def81a3406813587a32001925f97

    SHA256

    0145704170fb3888d08d35dcfe2941c6ead410baab0e3552d78a9a402f682aad

    SHA512

    f41495e458a8b7eac03ad9def5278553784ebe35e05a984892a0a078775c472c03a80cb9c00104da9fd18f8f7bf04dd1c1da119514923cde5a4fcb696082f2bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    cfa8023263edf061ba7ad2b43c261783

    SHA1

    9ca79d46ff1094be379e12cd28b231196c4bfd69

    SHA256

    03f7cff16c482e1b900c762b45f2b41cb9fcb711563bf654dfeac86361582bb9

    SHA512

    8c765e4d43ca5ce878023a39e65a009411df858d157957d8b4100ad4d4d12d59ba857c4382a715566c0b94da7165e2be101e7ff74cc65f8eb9ac6b226e38d823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\w-logo-blue-white-bg[1].png
    Filesize

    4KB

    MD5

    000bf649cc8f6bf27cfb04d1bcdcd3c7

    SHA1

    d73d2f6d74ec6cdcbae07955592962e77d8ae814

    SHA256

    6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

    SHA512

    73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QWGIG4OU.cookie
    Filesize

    242B

    MD5

    47f1cb3e9592ca615676dc7746729a23

    SHA1

    9c62f9ff73ea29808aebed8a284a37d799b5de2d

    SHA256

    e7fca11e87ce50cc9043373f7cb958b7cdc9d22404b18c8499b63ab2b937d53d

    SHA512

    f0851d03565e1f064c8af6f1f1a55157d3cade4b2be0a673e5e32d9d21e7268805a366d5bb0692e2774e34ff24f3f5c33c2df1d85427c1fb3849217b0fd636a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RHJLLDU5.cookie
    Filesize

    609B

    MD5

    07babcef34d36cbed57ea7485735b27f

    SHA1

    f43c6a233f9b3f508c271eaf2020ba1a08a49b51

    SHA256

    7a0cc7455c191ff41d1497d432d3ea343c6db49f1b160dc9c1f0518d1a279334

    SHA512

    9d234f3af6913054acd0cae84a43768caa204fbfe4cf8a98ed61ff91725eb832142f85b4b06a59d5f7290ee9a25b46d3e88cfae10ca262067194a5d146dae0d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZG8IWF94.cookie
    Filesize

    78B

    MD5

    92f47fbd527527ea604d088c10e45e44

    SHA1

    87b6084f39f486fb9528c8cb2b973438ba0a4f4d

    SHA256

    4492402532380913d3cf9164fa08c2c47475525e7c16b05ef4ead9edc153d8c3

    SHA512

    503cf8b87269754c77804b92d155074ae08905aea15440a688a61d3de6081109357f3c2d9939b4a3b650dbce7aa79b95989f30e948e8564cb15953fef6bf1bb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Kno7738.tmp
    Filesize

    88KB

    MD5

    002d5646771d31d1e7c57990cc020150

    SHA1

    a28ec731f9106c252f313cca349a68ef94ee3de9

    SHA256

    1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

    SHA512

    689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

    Download Submit