Overview

overview

7

Static

static

7

InstaThund...12.apk

android-9-x86

1

changelog.html

windows7-x64

1

changelog.html

windows10-2004-x64

1

collection...age.js

windows7-x64

1

collection...age.js

windows10-2004-x64

1

collection...deo.js

windows7-x64

1

collection...deo.js

windows10-2004-x64

1

collection...ate.js

windows7-x64

1

collection...ate.js

windows10-2004-x64

1

collection...age.js

windows7-x64

1

collection...age.js

windows10-2004-x64

1

collection...deo.js

windows7-x64

1

collection...deo.js

windows10-2004-x64

1

credits.html

windows7-x64

1

credits.html

windows10-2004-x64

1

libs.ps1

windows7-x64

1

libs.ps1

windows10-2004-x64

1

webview_error.html

windows7-x64

1

webview_error.html

windows10-2004-x64

1

Analysis

  • max time kernel
    101s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2023 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    changelog.html

  • Size

    610B

  • MD5

    8d9e3140b5bfb57987ec926cc572cf32

  • SHA1

    10cc07c00b97bed8ae17a8ee4aee51bed28170ef

  • SHA256

    ea944962e34086eee28548914cf2d9aff5c2f1d45806765e691ba20ccc953efa

  • SHA512

    8f809d12359e98d31723a14065e7b54bd0809374126b96b2926b00c5d18885221a3445cab1393e40d26b402d664b95934d66cf94fb70b22f7089bb0308d354a8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\changelog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:892 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:600

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    548cd6ddba49378c07de7cd914eb1dcd

    SHA1

    62db0635b79f11d4e5271d74694ed5346008099f

    SHA256

    1bb0b8fefb7d420d290e861b3116feaaff28f12f8073cfa79f6a94ee006e01f7

    SHA512

    6796060965d9762941bbd3c172d5b5251c96dfac0c47d4f4f431d7226ec9cac8581900a01761aa234ae4b35cc2eed5eb88d05c7df908837a8dca5e6c13ac6185

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1dcba08c3b1363cc51669662a5d97d79

    SHA1

    4e3d741aecc946b7fb6db06f120da748e78e7e21

    SHA256

    229cdacbac2c6ed3291c70f2baa83cfabcf326c3732b1f94fc1622bdce976107

    SHA512

    6796d4368b3fa0a053697b8902d0fb8d80564bf8df63331454b182627fd4598da02fe1c9597526a789943fad18b6dee40f2c0e046000cf7ee6dedce4661daa7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3ab464b158adaa0fae9427f28036cd5

    SHA1

    9c6caa0728ef66598b863dbdb368938434958bae

    SHA256

    804a215222d81a94dfc8b5336e3acf80b07575324d09afcd3ecf0dfb4d1e8001

    SHA512

    0714f764356425a19c4bb8ce58bddcc99a8a92a6e4259a41231d453ed376ca06abc700d279aa20f07d4063ceab4c2b64e2cbe3f7c3db2718b405e128b66ac079

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5149eaaece0ae5a02ca5930a5ac2c878

    SHA1

    f12c70f524800ab50a4f29345a1c5fd75726045a

    SHA256

    2d659b2842ea35562eec7a033435966d053e5f9936455121ccc4d0d48cd69d1b

    SHA512

    0bff8e2a7fdd4a38de54f87f57fd6271bb86f62d18a1f55f511db9f7fc5e7823f65ed4db084ec04d8ded56210dcc07405188ddffd8cfed21bcdcfb8be771d1d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    160e3c017654d6149386554e7a2bde7d

    SHA1

    2b1af7da4575e3cccf1920b076fe4f295b6613cd

    SHA256

    ac41a91eb173bdd328780d885d16dd4243f1034b251252f7efed4bcf9e847bfc

    SHA512

    483232207c6c86e6772af508547ed13c86f3168e7554e2091ec8c6987f9d78deb85567c4fac056db6e43ff5f02663256026a44f48e34bfd05db075e0ff244229

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64e6a574934839448fd1970853612ff4

    SHA1

    0464f689c538027129a83c7f6693ca8de1c8cb93

    SHA256

    c0b42588687135619c969b3e13fa7f8f70de1d2cbc841e1e5ad48e9bc3c29679

    SHA512

    2c9914514e89bb87b9b94c962be7d3962985a01ff6dad3e6043f772aeabdad5c7ed905b0cffca75861f535db9255ec808db7b7b7e804012b409a7a0470b7cda7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a81bc2dee67878c7c291557efb3adfe

    SHA1

    51bd84833f1d2d0404658ab516b2fd8ab9788520

    SHA256

    c456ec25b536808da994491c694025795357419c02c75450f9cd5595dfccb663

    SHA512

    9945414045ef27aa1265fab5c27589cb5d46fcd5a57ec56b070a66e70347c7d7893bdd588d1959bbd154fd2afe3aef8ded304820e7ebaf86d37eddb5aac3eea5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49596c2b6f2d2c05d8f4cda8fda7736c

    SHA1

    ac5819a77ff2b1da23e43e1e5150c3d026ef9541

    SHA256

    be81c4bcb510cfbfbb6ad6b4eec504bf3fc4f29d5b84e065864ca210cb404225

    SHA512

    b5ab49db6368a3634914ee16641e9e45552b70f294039c6f2106d4932140bab365939676d09f8d36e04c82870797dfe3a20df9507fc3a038b568aaef1aa19366

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAFD1.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB2B7.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CLHYSBWR.txt
    Filesize

    539B

    MD5

    48b2323e3f59c721bda555cfb640b2f7

    SHA1

    847a4d8112ef58c8ec636a24d59ba0430ed07858

    SHA256

    2ba088a4b1a7446a0c8161d4ed39002447269e4bc1f2087b9018d75a9484ad74

    SHA512

    87a9e9ec4db7651cf2ddf558d2dfba9c08b37d506097ddf0dfec443673e5217c90c6774d67ed552a001511cf6f9ea9ef72876457a8efe7ade0c47d48be121423

    Download Submit