Overview

overview

7

Static

static

7

DefaultWsd...tor.js

windows7-x64

1

DefaultWsd...tor.js

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

machine.xml

windows7-x64

1

machine.xml

windows10-2004-x64

1

sdk_core.min.js

windows7-x64

1

sdk_core.min.js

windows10-2004-x64

1

settings.xml

windows7-x64

1

settings.xml

windows10-2004-x64

1

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

web.xml

windows7-x64

1

web.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    13-06-2023 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    settings.xml

  • Size

    2KB

  • MD5

    ba17ade8a8e3ee221377534c8136f617

  • SHA1

    8e17e2aec423a8e6fb43e8cbe6215040217bb8a3

  • SHA256

    ce1db1ad8a9512073164e3eccdc193f7eda036e1a9733caec4635de21b2865c8

  • SHA512

    c18bcbcbd4b9a20a72b1a934d70db1eafef047f34f3ba2c6357d8e3afed07ecaab861e5571ceb58c22d4d3e5ebb34b51e366a0553c3153fbc263d1d80472e297

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\settings.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1168

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c61b35f7008e8fb21340e9b457f70731

    SHA1

    21895ddeb3ce771ddbd08ca7757f66c8df580fd2

    SHA256

    7f8a6e7cb64cd9a123802df78bbed03d19e3c71e1d820dbb08f958433c21ab80

    SHA512

    e8bf5e0b893e8f8c268f4dfabe3e5624a9877e59a10fdb05db5ba4a245a879a530028b7776351987bbf553a31e245d1bdf9a909d5cfe99bcf6f207547f07b7a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19385591654975ca0387d1bb55cfa325

    SHA1

    3809eec4283c1f6bdf6af563c913cd61ceb00103

    SHA256

    aee923e824e9fbaeae1a4ce64c0a0ed65c3b7e14b9dacd82eba6fe99ac7fc1d5

    SHA512

    2fe8826a1cc8280540c676a8eeef78d742be489fe0cc633a0661e94f4a8463026fa14eb612695484ff3e07fc3673130557c280a5ff5414d20eb9d6a8657f60b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84f497d530b5d33b78fbb1620454e738

    SHA1

    a399351f14df8f5b7795597b431ebf0e62aa5835

    SHA256

    e1e4436de62c4eb908926d4530bb8477f684a8fd40df9de1ad0c7375473d1003

    SHA512

    df4935cca60545618cda376a97b67aad598e96497f592879ff3e95a48fe687b5ab02feb24dcd9c948dee3511a9ba4154bfc6f6a88411bd1548c8fd4ef0c40a35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    edda029c2dfe6efaec0cadcf319cbfe2

    SHA1

    3dbf75f549db0406a3c13b42e9c97b0b224e4313

    SHA256

    1e4cb5aa5324894a57d777e734ff22979600a5a81c74a56e52f9f6cab78029a7

    SHA512

    a8717b698c81d33b3052ff6a8d201c4ea7b77f3d60f6646dd73936f14ee86b905d2981adc8e4230b240cdccef6fb8adddbbd7633e37b1c92e0993543676576e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a77f5d9f27d0589e8ca6d8005d89243

    SHA1

    5f12f00c96fe9a7e438c21b6e3404d24cbdf32b5

    SHA256

    25d393efdebdd955daa099f88fa351fc933a15d2cb9a347862168424f084c71c

    SHA512

    74656c3fb268deac3380ea01067d5d7a84efd470d7058a638a93169df3df1fca223cde8aed853c321b596197d2f2ad146c2c6c8c8c6a08dc0df16d443fbf3b10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e631f59f6c912eb88a5ffb6fce83964

    SHA1

    591c53c535b2ccc91c5a1a84596934184b7fd27e

    SHA256

    91f58cb4878ee1e5e46fd9e2e1648d51e74e1aed14917500955708729150631b

    SHA512

    6de454bb8fb4cd3f660ea42f5ee1d1d86790760cbe0380c3373d1f5d506b51ec8f909690edcf6446b0a1c59a074f3a09550ee4ac2979075576264dd2ef09fde9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4955dea95417608ba18781f91960d56

    SHA1

    3fae7b1571d6944a5023749b9dd57f61116318d1

    SHA256

    8f6c56bdb10c809cb3621b64f1f6fcb1fdc715a32c60e53f91356468accbb1de

    SHA512

    fa4bdf4c76176c85e5b42c9ac8917caa6aedb0809ebef4613bb212df36ce108ab190894f7c56d3d016e56d449a515a4c8ede71596d11fb342e47855b803b60a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d180ffd52c39dd1ac915f733cb5bf7a0

    SHA1

    6ce46b21a31830e61121ce68fecfd81d55ae524b

    SHA256

    61e5e194d5ec6b0438ad5ec816095a28567f01def427962c6bde61d889da9351

    SHA512

    567f9d252b0fad7fe62bdc90cd3c9d3ce9463a9e3ba97a849e37299a17cc49bdd9cd05f08ff13e89cd3fba88ab7a733a8f068513c920c42556e126552a0e7696

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d78577f7dbd355de05a4f6558bc9ae50

    SHA1

    6dab0be7448223d10d05dfcd68bd753ffbf02055

    SHA256

    68f8ec7d45c8503c058d4c031249d5a1ba7d8a3eff02c1256f36a6a83ad7bdec

    SHA512

    ddef090caa7b9c43c2786cd565bc0196ea2d17eece8c980da2bb456dacf852962e6104d38b7d98f527321e7e148ec0a92cd1a33842e8d04a19267072882429fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\suggestions[1].es-ES
    Filesize

    18KB

    MD5

    e2749896090665aeb9b29bce1a591a75

    SHA1

    59e05283e04c6c0252d2b75d5141ba62d73e9df9

    SHA256

    d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

    SHA512

    c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6980.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LYAJPEJF.txt
    Filesize

    608B

    MD5

    66288dca70d6dbee2316341382cd56a2

    SHA1

    6d73d71407aa49ff6435bace43092e60969bab90

    SHA256

    22543c32d0628b96816557b2921040ed2a2c893e2ea756af7cd137e1f8359656

    SHA512

    23812bbb982b4bcb468e65367ac464d849a12f7c6df4b2a3b397b71e2bf54ce5a8f6ed19a4b6a6a2908da7c1fc928e032bb2fd74f18a2da5f42f2f41ae06c331

    Download Submit