Overview

overview

7

Static

static

7

Zelda Ocar...me.apk

android-9-x86

6

Zelda Ocar...me.apk

android-10-x64

6

Zelda Ocar...me.apk

android-11-x64

6

index.html

windows7-x64

1

index.html

windows10-2004-x64

1

n64.apk

android-9-x86

1

legal.html

windows7-x64

1

legal.html

windows10-2004-x64

1

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2023 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    license.html

  • Size

    341B

  • MD5

    199bb4ac1652f60d7fc52391519e9fdd

  • SHA1

    cfec6e94a0ab21a367e3d6d46d63ea45acf2d117

  • SHA256

    483abc481b3fffd463eddb954deed3f01a86be4baa7b0ab786f8e47110b61380

  • SHA512

    89eabcba01a6d9c5cb67aa06b6b317a59bebf3275447969d4598f97febd5ba87a3e6b7c5a88b7edfa12f6dedc40641ffd944a479443bb2c3a888202408892327

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:608
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:608 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1644

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    442eee46c7eda23f64f9ff32f931b11f

    SHA1

    b468a3e2389ee6aba4f7f87294737ad312f5b95b

    SHA256

    c4f58f04d0e171d795186a353af5e3364cc0fb5eadb81110425a178bf19cfcc3

    SHA512

    d54243d56facc78125e39ed4973935ad8313a45ca218df76f06bf432ce3e38f34a35c1faaf7b78f9c9f8278537cb5b0fcf08bffd78c2a0434110d26f693022a4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b3e8840a24ac148844f18c0b1e61cf6

    SHA1

    9b2b313d4409eb19dfa8ae3322a6ba0bbfaaef18

    SHA256

    bed81ede67d43a939fb90b4c3fc7b467bc716fe95c5235b1e9b38d2bf6f12637

    SHA512

    7ade14262c03d7a03233cff17e9bbe60a2d897121faed2dfceb17e5d0c1b2ae9c1973b7b2d8b25a9ec9e2d42560ed3fe09994b80999ae5ab5d2a12b56de457d8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ff51e196e4f1d903d46f8f45aac72cc

    SHA1

    13412386231382ad66e464fed8424f1d0c9bce3f

    SHA256

    dc8cb098f286058393841297c7813ddf5837c01a207816824c46d6fcdf125873

    SHA512

    423c379d456bf67d395d7ddaf5a16a9041ae659e02fad54bcef3d02c089923f90ce042a0981697ed3adb8d4d08108f6c46b8443f89011ed5857eca11bc3efa5f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a65f9c7cc656ac755728690fab765ff2

    SHA1

    57360636a6b52d344ab116d8f26e94e2f5b7540b

    SHA256

    2030738ceb2f54d40e0419ed2a8c3dbd460babb89109fe9dc4333d6264e93f5f

    SHA512

    e1f805a23af6993ad14dbb6dbcc0757f5efd46ba2f9372d463f70d5a6e07d6014302cd84b4897d210d83cf53d75340efdc300e3e91047c405c839a59a44da0b0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e44152519e8d976a433fcdbf75acc5fb

    SHA1

    da54b0e41b6630384cb0893bd8177f02eba8652d

    SHA256

    4515638dd82d2568d59269e744b26237dd3162520ddb3fb7af4b6de40eb496c0

    SHA512

    66b389de3342b95c99f5077f115381e598f9f0ce41d1757c28ca0817f1ff6a79a8af5abef869e6382bdeed8ec2957e03ba31a270e2b9e4f639a3389644426b11

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    32ce4c650c01295b3a5f05d8a32e85ce

    SHA1

    272c8701caf2b0f0df58ce5c71902cfdba7d2e3e

    SHA256

    a8b32b1557af4998ba1a5addac713bbbeeba07ed8122476643bb1acb7de4f05e

    SHA512

    8db771da758f1554f2207db5612237a748dd7135d2abdc09cf5436f05275f841581c23588f5e1ffe41ef2ac0285b58f8d11373e7ace1cae23f6ecda8cf2e627c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9c3096df50fb235f42630a78116f23d

    SHA1

    ba602dacc9acc7312faa0f4b6a3c0eb4eaf076b1

    SHA256

    1d4de94dafcd6fc430b78687c82049283e2cdf2b747068b64a6f35d472b97d78

    SHA512

    2514c36b1712c1d11f67b5550f9fb68dec64fa4ad026f609cf386137972bf7cf8a47b4c5ac21d203b97b136ffe928f9000b7a79672f2b3bbd594a01a6e83cd5c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2e258685f215a9d7e9135f1f4b7c92a

    SHA1

    7aa1423c16a98cfcba2c48bf861bd4eb427edae2

    SHA256

    a72149f3b22e0506958e40a6df3b0421e1e5775c4e63c075814a43aec9c923a7

    SHA512

    d87dbc88797d8b4938e8fdb5b5bd079cf2b1bb11414a23dc41c8edf9a465dc747aaebbf2fc374c1124986f3d00ee96773378075c3648eb74f309c740d71248fd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dadb9976cbb430c245a026b03c5653d7

    SHA1

    7063c01a1e86a49a509ad48f23885d192b75a33e

    SHA256

    831a597552f3b08eda45bb41d8558af92868871aa1dfeb7fb7ff2b96c060aa54

    SHA512

    da29cff769f9c56ec52ee541cdc47404a0f6bacac08691d80ce2ee75554dedb0c114897b3c58ef44369b7558868fb65a30eebf23fa8e1d7e3fc1767a187140db

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4C30.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D4WFBYS4.txt
    Filesize

    603B

    MD5

    2aeb301caa1307db4335ee2630f55c93

    SHA1

    eb574503291d0ebd76054d98942892717087f24a

    SHA256

    b59257694e32a7a6ed49cfcf779d8e95481130b1ed7b85903657a600d2bb6730

    SHA512

    b3546faf152c2aaaf96d13af4e118382669ae413c74a12a2d078974f60bc1d090a1cbecb571e6aca0ab25a421598ad57a55534a911e0efbaa5fae08a943df0a2

    Download Submit