Overview

overview

7

Static

static

7

9a02f4f8e6...f9.apk

android-9-x86

7

licenses.html

windows7-x64

1

licenses.html

windows10-2004-x64

1

quicksilve...ace.js

windows7-x64

1

quicksilve...ace.js

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2023 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    licenses.html

  • Size

    1.6MB

  • MD5

    a72c87ae5bbc260b25554111a4578a2e

  • SHA1

    67c6764f8eae5d71f285b614b7630aaaa35b2195

  • SHA256

    ceab51ad9583be062d96c90a0a61389e177c0af6529009343fe4c98b5b1b6b53

  • SHA512

    dee96061bfef849fcf6b2f96dbfa1b1308d2028d5317e24bd2cb9fa84d58ecce5f1b4c8a02484442441f0100d11423a544ffbb90f642ba6f82d94b7dff24f3f1

  • SSDEEP

    12288:43w3J3P353/3q3q2w2S303w3e3w3a343H3S32323+3n393C38303J3l3f3j3u3Ai:br3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\licenses.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1480

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d44986ee3175195fc25b1907f14ddba1

    SHA1

    1a2775cbce40dd529c1d1d05da305afb7c44cbdb

    SHA256

    068dda8048614a09c9ec846cd76444bf4f968af8627b381a77e8be4433a61414

    SHA512

    c61ac5e00db567ecd3a4f6c63a85a336df7c43df5948dca46bcd878fca2d8274102c9195f7960d6bc29fcaedaf4e129aa8f6958ec73baaed2113c45ac94fe667

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    703805124617dcf5ab3eb61a0c42178e

    SHA1

    9cf5f5acd79a06216a04adb13cb2e3b432688e5c

    SHA256

    d28c3db8dcc7cbcbbf5de2acfbe10a72f84ac7c3778b3572dd24a924254a0473

    SHA512

    904d03c2ef1383857e025941c36f39ea98dc32afa6965ca341a9db0a42d919ae4ddfcb7bfccf7e6c8d805a1523fee3a624046ec4c806969585ce47d047976103

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03e9ff6cf93e0dcaf51325a5377db104

    SHA1

    b75bba0862469d1128d32db57ec26299205d1f8e

    SHA256

    5a698fcf9a195393efb1d51aa7bc21c0393384e2a68bfb8a6f62c0e9b5231abe

    SHA512

    723c19b6e24383d0fa286928ef8c75748a773a477ebf088f340b954a48574c5d7a3fc647c9aaa6d507a84795b9581d9d93dbb5130cdea9921501650e747ded69

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c510ee9d17201e8f3eb08b2037c23ec3

    SHA1

    d50a751c0e8eb2ac79febdc91124de91c24f6725

    SHA256

    e0654fed59c950e85a77ee61b1c61eb926037f2fb7c6c13e9b8c08c35f92261f

    SHA512

    e16c1edb1accf5000268d6f004d5f4441e89d60fb99ce6d93fa2a3576ad4fb20644b184e26de73d2ebc253f6daa4c5833e5d145b5ecc28c87b01c8eea201d46e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71451ce9f1b613c150debaa7a6678b95

    SHA1

    d342c1dc3e5f07de5193ca4f8b783419cef2f70f

    SHA256

    b8063f627488ab061c515014b3520d07dd0821c1fb755bf64dde044c1c8b2bfa

    SHA512

    f1b99d4c1b07d23db9e7e312108a17684ee5686cd88294f02791aa360f1fdb5165acd935c37cea24f26f50f59eaeadbca7abbee82c8d193166fa73bc5b5e2993

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa9044f1d8b8479e8cb65c870d7e6300

    SHA1

    5a8872583abb3d605b7288892daebdb99f0dbb8b

    SHA256

    910f059eb851615389d5e8840475c0d10d322fef4aae327046a8f8eb49d5c613

    SHA512

    db0a182d5aa61ff0eb04bba7707272827b1dc5ffef9f248a2c3645317459494f851efa9e4447480ca144a3de5007b99adf84be241dc31ffaac8e4f8fc6cc6dbd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6dd20ca511005b733b8a64269994aa8b

    SHA1

    4e958f272c9b77a623b4d75720a028df49374954

    SHA256

    71eb37ef224c3c408ea4e271b4aa7a0b0903f76016ad029368cc04eff10fe256

    SHA512

    da53c80e06887f08cc7ecc623cb3683e13e350d4085dfcfb5801ce65bf577f85f2079bb480f44b9428a26e0ae4878055d3bc060a8de3dbf2d1b8b3bf4074b3bd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    acaf69de2a95b777fa6e418be57e4f0a

    SHA1

    2d195b6e97e4c21a8ff756d82d82500c7a97a90a

    SHA256

    c3630aad60a34b574686783e40d6d6acdc6fd9ba3a0ea8627742867846f6863d

    SHA512

    1593bdee5dc0bd49abde1ed520353e5c53fc6c3ef57a91f77137c1ab959bdff1a53bc90f2928881680d558d004c1e79a498286438c6705b025ed42ec12e55e0f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4A7B.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4CA5.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LZ8TXA9V.txt
    Filesize

    603B

    MD5

    c5763f46e53cbd8ec8a0d01b9b09307b

    SHA1

    0ec257065cc7162e235919282d7af3fdca20006f

    SHA256

    de151437c5d7d48049f9db5ad2fdfa243125cc2b32cea2fa998cd0ddf28c483a

    SHA512

    372d2ec87d5a873f6b88a2271cff79201f36ea0dc8f6e49fa05925447681a10873890ad8ac0165960ecf4f5d79ef112e4fa139fb19fb3d7e1fc1ccfa983255eb

    Download Submit