Overview

overview

7

Static

static

7

DefaultWsd...tor.js

windows7-x64

1

DefaultWsd...tor.js

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

machine.xml

windows7-x64

1

machine.xml

windows10-2004-x64

1

sdk_core.min.js

windows7-x64

1

sdk_core.min.js

windows10-2004-x64

1

settings.xml

windows7-x64

1

settings.xml

windows10-2004-x64

1

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

web.xml

windows7-x64

1

web.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    13-06-2023 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpaid_html_template.html

  • Size

    16KB

  • MD5

    e276e92e96646fdac5a1988074f33954

  • SHA1

    1a7aa338deba5f148ea18666ec1ec4fbf5ea148e

  • SHA256

    4b8fd03cf268f9cd2f7432e13e8a7862760f7a6ed10bbf96dcc8232d2d382b42

  • SHA512

    8425f53afde718047c310fc74a8d3924ce47f61f33fbb99d52147364244b9252b87ce1ebaac80db9d27151d0969537737c042e0f615e354bf2edaac6b13ce065

  • SSDEEP

    192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTt2:8U42Fn9qW4+EQNuSXIlodoG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpaid_html_template.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:716 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1608

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3514bcd45a8a273308a2bc522d7a297

    SHA1

    22387434ddcac7e9e0da9d86210304727c828274

    SHA256

    329f041f54892a326d8bbe5ada632926b96000d2fd78c610a6ca894d05759c64

    SHA512

    d5dc8ed90723c5da4e4ef1b26b445521d14b45f9ab0f3664f58a049713fb2a8478683697021c934d3e336573371c9445a144446902e254df99ad0dfeb2cadf0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    256f36b6f9aae15e181de3a76be02c84

    SHA1

    bc73cdd9993daf274e8bd65e2812e4e3f26aaea5

    SHA256

    1c204bf5bb356ddea350c03650dcfaf86b64b2c02ff9542b1233d950f8ed68de

    SHA512

    d28f71eacbba80ceb99de96746da3f95c3d9ed83da7e27b3cc4675099745018010d49a400063c676b12ffea724a007fe572ad2877769b248da7aec423c7d272d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78993d6efe110b5b3bffeb913f267ffc

    SHA1

    44cb2291ef480eae29668a10888e97ac610c6675

    SHA256

    ec29fb570539acf5d26e6ed778d4671484cc162348e24720224096dd7908aa81

    SHA512

    16936f309a5abeab65d2cf921815d6127bdc1aa669f9d9a11e58a30d6620ef00f68f252dd0573d0932b5cc8b32783a60fe7d5ccec8b5f5098059eba182570f2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cade7fc3b420750ad52bac2ca315cd0c

    SHA1

    fee253383930483797e28983d3054a1851f2fbbc

    SHA256

    f973f7c9abf97ca259c4ba1985910fb454c474ca32eb071ea09022db4734d6cf

    SHA512

    a8752889e73ec713ecb03208bfc1741dea7ef7e242e741dd3eca0bc24ebf0f67b02d1ad8d232d6291693e61bd3d54b6ed46f22e281683bb30565d045a87cb780

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48d443c9786a047e678c6b5ea53aa061

    SHA1

    83fc0a9a691c470889c7550d40f4ed002ae8b995

    SHA256

    26ff204efa1c213a6471a8be99b4df20e17ad15b7e7e0470eec14c2cf4777d09

    SHA512

    076a507d27f7fdadeb885a616caf5efc5cbc4423d598d1bfcf43fde08a932d631dba3128e9a83f7e18150ce88427d8ca021b26252f31adbb4581010bd78a2cbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fdef4662d6b02a4da915430d2e41215

    SHA1

    2c5a8f8cd6437b292c2f363ca4020c94d585b02c

    SHA256

    e0ff93aac9f130041d9d0dd6927899a92f97368318caef1706cb88de2808e79f

    SHA512

    fdd68c06020280c90fca4e2c8a70b65efc20c3cf3c856ccc39cb57bc60330edcc35c96c52ae9883b72cf57b35c755cd73a738de286ccd81cde7e8595f9f7b25e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b34a3f66a318a382a83c12a9169f482c

    SHA1

    3c52ce8556e033a35143265972d30f1e208f4597

    SHA256

    041045fab562ddd160a6a245721a88afa087b0fd8c6f9432f3d6ea9f822acd74

    SHA512

    effc43272df0930cc93c20de24cc1a3a70f979e49dc29f154d7b680f6983ef893a81ab8c16f486ed2a270247f6fcfbe62870f230798adab78822a26bb3c6d02e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19d968d0509e6122352f68f97f074774

    SHA1

    ac87c40bb8b97b1a80c0a6e9e59e8d343f40067e

    SHA256

    54e0ed21c00eef17f3b5202abdb06f1f46e139b0f2e68a77e8b85f12ddb1a23e

    SHA512

    08f11059b9a4007ee5b5c3711382adb0712e9b6519764f5f157bfa717dd802398d03fb48371c19ad469d17fc219f71295e37f0fc47ddf2f71be082fb3efaa125

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c7f12767eb4751133c7d34eff0bb507

    SHA1

    4778ddc04455c4daa18d7550bed62bd40993560e

    SHA256

    4f42d0b69cd7bb1c532e65b9dde65d40bb36c033614b7ebd449543c3ed1b4f14

    SHA512

    897900c19bc1e6186c321ad321b3506ff1edead92790228f2ec3b8f8477bad8e41435e3fb0855c4d5b2b18f8da20d3ed723bb79aef8b6a012e312589f352b513

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\suggestions[1].es-ES
    Filesize

    18KB

    MD5

    e2749896090665aeb9b29bce1a591a75

    SHA1

    59e05283e04c6c0252d2b75d5141ba62d73e9df9

    SHA256

    d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

    SHA512

    c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab804A.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8175.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8265.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DRLV765G.txt
    Filesize

    608B

    MD5

    821635a23afc0bcc0ae471a6826155ef

    SHA1

    bf17cf65e77e549a20bd4077983b5a773de2fb7c

    SHA256

    d6792a1f3d18da61fce2c250666948b7710d6dac89873f157ddc301376ab367c

    SHA512

    4f1c728115d38e4d0580dba6b76de423f09a33b21b57912accc595e88dc09e1a01848d44defc3dbcde5f5b5709750619c4b2c770c9f35cb53f73e96eab2d9ea2

    Download Submit