Overview

overview

7

Static

static

7

BitLife_v3...om.apk

android-11-x64

7

DefaultWsd...tor.js

windows7-x64

1

DefaultWsd...tor.js

windows10-2004-x64

1

GoogleServ...fo.xml

windows7-x64

1

GoogleServ...fo.xml

windows10-2004-x64

1

aps-mraid.js

windows7-x64

1

aps-mraid.js

windows10-2004-x64

1

dt-mraid-v...ler.js

windows7-x64

1

dt-mraid-v...ler.js

windows10-2004-x64

1

dt-omsdk-m...ker.js

windows7-x64

1

dt-omsdk-m...ker.js

windows10-2004-x64

1

dtb-m.js

windows7-x64

1

dtb-m.js

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

machine.xml

windows7-x64

1

machine.xml

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omid-sessi...-v1.js

windows7-x64

1

omid-sessi...-v1.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

sdk_core.min.js

windows7-x64

1

sdk_core.min.js

windows10-2004-x64

1

settings.xml

windows7-x64

1

settings.xml

windows10-2004-x64

1

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

web.xml

windows7-x64

1

Analysis

  • max time kernel
    101s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-06-2023 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fyb_iframe_endcard_tmpl.html

  • Size

    520B

  • MD5

    7844cba73b7b4b439b587dd501e92d82

  • SHA1

    25a452bc6886d0e05d4a73da785021fd4c477a04

  • SHA256

    e042e304cecd19bb6816de0150d3895e2717e66dda91f7e189610687c049dae6

  • SHA512

    f54c2d7c0b265aa7c6feb18b8fb6740e01c9e3aeb19bf420d39832737fa59eed8fb959c8aa8a99c0efc87ca3399a244a918f0b4e90b0ee831a87e8afefdf2711

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1168

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39f695afe3d99aa930dd902839f603cd

    SHA1

    b54385088e851e2af256ac335ed1bbcc4025763a

    SHA256

    a48492ba722af669a236458c325e6be87a9fd260d49439e37627d901486a63d7

    SHA512

    f9ec2aef38cf2106806d44c9b38cf162a7c276a45a743146e39bceedd3e2a8806f4cc49a78359a459bd35406564d07fc4cd472c03b0bed19d94abb6f05c5b386

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    896e5aa5df383a9e2d3a1712a3a30e29

    SHA1

    d888f3f341b30503b0d7d7639961eb2bffe6f29d

    SHA256

    0f915c40eeee74b5aa5608b5cc14f056f9b7dec05a72cf6d7dec8da15afa129a

    SHA512

    966994c48afd89a7be3524da87a55236e6a7baffdd44b6df0385a02429843586a41276e6794c41daf4bd1194de17317506dd821f98d6fbd89a4dfe987dc41fca

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0759720b62a7cf21e33da7335a72dfa8

    SHA1

    add2e57f0b2f54692f3d433943d99e5eb047dba5

    SHA256

    51990a22b0affe4244853286133cc37248153d7e95c85220224dd01e1ba6441d

    SHA512

    491f31574a059933fba26306a3c367e16d2f697ebb804e71083a81d6370a3f2cf4362a6fb836602014878745732e3cd718e93c113a0da7627037671916d5eb7a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa5b36a122b84e13a19ff60a63bbe400

    SHA1

    db521df6123bc1f372a541a41683342c305dd37e

    SHA256

    d34e16993335cfe1aed6543373e1be4e84a5ca7a9f28a8cd05f157c5412d21c6

    SHA512

    b28ba984cfeca33bbe4c2bb1ecc6926ad1b47f12a81d0200be84989f9a65736aa9721841bc790a2e01589f391d899174e358311330d648b39e1b8a6f00faf35d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68401b49ea8b8d1840519eec5fc6c8a5

    SHA1

    222feb3096ba781435ebad78353d80b666acb0d9

    SHA256

    5d78aebbd5f38b391c1a95881360f5903e48006abcf71cedeef363601ab7dddc

    SHA512

    3cfc5ba4eb0818db83063286b167b555bf39130b708738fd920bd18cb9c071f617075fa8fe6f05828d0653c88f7b52daf001c3a52560936ac1d8eb2d518130fb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af923a9b463303d4eeeccb031526c326

    SHA1

    bc8e24531dc5f19ed93365acd87ab80f33e427ac

    SHA256

    22eb71ffeb1fc36001e8190da6e57b516e0ea123e9c12d416046ccb7a3fa9296

    SHA512

    a0e2a38a2b5232cc410d60c141e325b3c39fb6014e73592a40b8762231f9f185f796f01efdb848948d4429c89101c5d8ea057b871b2b6388a839cd65f3c6b2ca

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca287330f68dd563226e511ac9fc9056

    SHA1

    4e3e863f2e320bfd8242b61230f29673c46ff1c7

    SHA256

    224cd8f19f4c295b28982cbab68f04747b3e5146207aa0a9c6a4fe73dee06f4e

    SHA512

    73ccacd29b3db1ec1da696c21bc29484113d4a8bcfab09eccba7193ca179f01d35a25ff56a9fc33d07974620e37e71f3a25bc51b333cd457c37bc81b3a0c9bb4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab6CC9.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar706A.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YWU1GCNM.txt
    Filesize

    603B

    MD5

    e572c1dc5513b46fd6071dae401be217

    SHA1

    dfffd0e078c2e1f973609dc40ce451e98e6737bf

    SHA256

    757147623ec2d877cb98dd42f19687036f61fe07289c0d59c2b37e7239da68a8

    SHA512

    78f3c8233a6a533749a5190f076cd52f9ff24e561d2c10b5d2daf673ade8cab378fa1b35befd06a2537ec622c8e3da4ad7bc10ef8ae50d646eaf087861e98614

    Download Submit