Overview

overview

6

Static

static

1

christmasl...wn.zip

windows7-x64

en-US/flyout.html

windows7-x64

1

en-US/gadget.html

windows7-x64

1

en-US/gadget.xml

windows7-x64

1

en-US/script/utils.js

windows7-x64

1

en-US/scri...ls.vbs

windows7-x64

1

en-US/settings.html

windows7-x64

1

en-US/styl...lt.css

windows7-x64

3

icon.png

windows7-x64

3

images/background.png

windows7-x64

3

images/go.png

windows7-x64

3

images/logo.jpg

windows7-x64

3

logo.png

windows7-x64

3

vwd.xml

windows7-x64

1

Analysis

  • max time kernel
    1591s
  • max time network
    1595s
  • platform
    windows7_x64
  • resource
    win7-20230220-ja
  • resource tags

    arch:x64arch:x86image:win7-20230220-jalocale:ja-jpos:windows7-x64systemwindows
  • submitted
    16-05-2023 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    en-US/settings.html

  • Size

    1KB

  • MD5

    bdf56fdd66fb5dacfb18119a2e62ad71

  • SHA1

    d86e1a01cae25731dfe33a723bcbee9355967466

  • SHA256

    5a3bfb7a45c44f1d37c4f4a8f9da8bdecd8a03fbbdb7b169a791bb745c5f9af1

  • SHA512

    81068ffec992bb03a4829f7307761534e2c47fd4c8466862753fa52ae84e3b63534ea2f140bb0856f9ab3f3afb444b2817e7ffa62813e544d40df1de40013dbe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\en-US\settings.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bd4668ae57dffd84c079be1685144cc

    SHA1

    5bf412cb95a46fb49c8dcc7087da95f995d13f4e

    SHA256

    9a9890960d9aad6a338b1747457c6564e590d17d2150a7e100634b839cd15b86

    SHA512

    ccf303377beca06f32c1facdf62579f50017eb533fb2f61e706129f704ad09fd5c6395deb802f1f90e0d241a910d6afc4639505bfcebcd467704c40e10e8afd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    795796ed78ae9900869cedcdd5ba0459

    SHA1

    9e05884d0569592f74b34f1bce18541f5cf2dc0b

    SHA256

    6cfb4f58295a10c815d255987963309e629c19cd7927de5bdb5ee7d16f45d36f

    SHA512

    13b4e28a423b0c5d874cb26d7863685b42c1065e9342b0446ba08d47db5a6c418a0058845b9de4b6217e110228a0377e896072561851f9f710717906931a6cbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af1099e26b7224c858bca88c896de04a

    SHA1

    0db6f3f43bc61bd88cc77725f0fa8a01aed6e395

    SHA256

    1fb306408e0619f51beff0374e016862c36bc28d4729c8ef36a5a07b962452c5

    SHA512

    6b96adb9901e278dbc76e2775bdcd1ee3bb6e298025595428adfdd8866ca935de65bdcfa127b7e49f3c60b8615c347191b28e257e94d22ee34bffd8aaeb59017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19bd43d6b5c73050d1edc8129f5c27b4

    SHA1

    19a0893ba0aec20d65f93d6933383f8060c6c55e

    SHA256

    a085fb1b734ec66086ff29f442c8922e45668468d4356647c14e95754bf57530

    SHA512

    227ba34d462ea0d66f9552cfaff50aa07e5d51c05389a24ef24c8b35c2c08badb401d18d8c083d4ba9eb5a1b8673a0e085d1128a1c85487b140f1f87c62f1c48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf94a49c56305267602a45c7515fcdcf

    SHA1

    3441f9176e31edbb0cfd2acb3be52bbcdd0d5612

    SHA256

    6cbb0f3de6244a5fb5b6fff61c58659de5c47a1f552c3927fbac076569b78eac

    SHA512

    e32d0e31cbf05d597a5b0c4fdf707fd15c2adb7ab03731eb5e258639dc6a9a23ce7b75dbe907c09b60ca1a6947d35148c2cb66dd787e14291424fa66a114889f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d398df56a724f6b044b87aee51c9b9c7

    SHA1

    64612443d57d6083d8b05864e6343a9a3c2b2285

    SHA256

    3f41837fed83ae0bc7be3b4542d0be96469c35dc10454981ca980144152dbe3d

    SHA512

    1833fd2ff0e7ce8abd36906c58aa7f08a151c7d0842c58e03c5bdea4166b4b3430a2e2de21afea99cdd85560699c54552811bdf797ad048410d12992416a562b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e7f233f1de45e72502257f9ac10d535

    SHA1

    d4f233c3c09ef372379ae7659b64ebae9140fe45

    SHA256

    a255707af8c66ebdb5e59560275d08456301e4f6f973668c07a8c4575782e03f

    SHA512

    e05156765129cb494809161892875326ba1d9db4103fb936d38028693765fa20283cc73be8a565e49364478ad2fd81e9d18715b7e927e40d50317867778a7258

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fecc746a34e782d2cba2e5256e7027e7

    SHA1

    0c274f11fb8ca3e65988df815ec8905d83c628c7

    SHA256

    85f3d386327d7b8a059f2b18caa9163544602412c477f67d72347f20f591e97d

    SHA512

    868ba0643a2e5a94429ff1aa04c3fbefd93c0189590a9644ebcd2abc3e30dc8e3484547d8614de58cab66aba3efbac1ee26a177d2a4bd704aed1eb34bfa4f9d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06b97e52cc393401ec8d64f0a878c1a5

    SHA1

    6e63ce326fcae821d9a111d302ba6d791e0ec645

    SHA256

    e62ef57abcef9ed065ed60383c680820ab59f3ea08abe920308f8812b3eee94c

    SHA512

    b555b0b14c3a02818698f46d507ef0b2454e978422b0e385ca93ec596e633c7252761f035cfa33601bf630190b031ff0336eb76db9572dc9e0f8e69962630c19

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].ja-JP
    Filesize

    17KB

    MD5

    f0e8351230b562572b4b315a1a55004f

    SHA1

    1cc73361100ce15353f2571a03a5d5a364be87d2

    SHA256

    650de9892142b102c0cd1f9deca25f93d83c0bb8b5434580c77dd4214a82e1a5

    SHA512

    3d7dd1a72a000041fe308828c714ac48c463e0022cad3495296d0eb72a0fc85127b3c46cdc0015da25d41e9d22eba887980c301663f37ad86e7ccbc452934d46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab88D3.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8942.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8995.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EU7S0IMI.txt
    Filesize

    604B

    MD5

    5bc756d5a508734f66ecf9589f2cede5

    SHA1

    242775b16c27a8e2854599476c5c7c01be3c99a5

    SHA256

    13ce6f528d687bbaf8b292a492116c6509cd3f7adaa45ec599191adba6161ec3

    SHA512

    53c4b692b341d1d2a25b7efff0d67f1fd7715bfb1f801e286197bfd9aca6e0a09a3eedeb0aa0b6a6ba45ba0705c471265f2f122384f7f6a8adfb066d4466f2f0

    Download Submit