Overview

overview

7

Static

static

7

2b0bd5645b...0b.apk

android-9-x86

7

2b0bd5645b...0b.apk

android-10-x64

7

2b0bd5645b...0b.apk

android-11-x64

7

index.html

windows7-x64

1

index.html

windows10-2004-x64

1

libjiagu.so

debian-9-armhf

1

libjiagu_a64.so

ubuntu-18.04-amd64

libjiagu_a64.so

debian-9-armhf

libjiagu_a64.so

debian-9-mips

libjiagu_a64.so

debian-9-mipsel

libjiagu_x64.so

ubuntu-18.04-amd64

1

libjiagu_x86.so

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    100s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2023 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    index.html

  • Size

    2B

  • MD5

    444bcb3a3fcf8389296c49467f27e1d6

  • SHA1

    7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

  • SHA256

    2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

  • SHA512

    9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1524

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a09c77ad6be5f7f85fda66fd83ead67

    SHA1

    f5c9b786ddc0ec40a9408976295301f408f78a31

    SHA256

    7194dc6666e05ad432b724948a2c77a1dcd122a74f46c7e8f9b1e85a6131a699

    SHA512

    8f5222230859f3a2dee58d59216c1c8b6b6846f84111b6785bb37e336cbb1b9995973668e8bb6429f4740d53c90416e13be56fb3edfc8c62f54d2319ce189bf1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5535a8850435ba8f3d1203c00a17fd4

    SHA1

    4efaaf15dd1ab9cc5d716ec73bf42e60fe2e1572

    SHA256

    60754f2d9b543e68ce3a3e920c1f8f9e9616c9e4832f2754b4f327d74fef30e9

    SHA512

    726cad84e5f09394203c4fa8be38fc044e2d3a420ed73bdfea4ba0fdf4a4e74616a63a3c844e3d3b13ea2a898fb36327245e8fe2d92ccd0c65018b8cc1b9a59c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bba106bbb0e901f3dd3ac9c3c63183e5

    SHA1

    1e09caab7792420347a0ddc763d6320a58ef70c0

    SHA256

    89444b7b44b6d4d4cc1c7a0f312abf4ff763872159e1403daf763d5353adfd8b

    SHA512

    20cd63605bbc32ff25deb570da67936aa9f837964fe6e1a46e122ebde9cc51fa1cb584f7b8e4a8f3bd801c122270d13ef7303fa9c00c5e79bc66de7d533f0e5d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74734af081bdf5666402d3f1fb6ef32e

    SHA1

    d1e9a7d355566878551cb7d33e7186725fb72c42

    SHA256

    ed3b1f2dd49ff6532f7b8b728c2917301cebd9230e282020cad2c33dc098b853

    SHA512

    b28eaf8362094ccd2b9e782235aa93a8bc31f17b9d34264dbfd292ec910ae5919b00453b1951db7bae64ea7f97439cf4103ed6f69b699ef20691b3623bcf2b2e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    becea33013448e6b63fa7657e4bf1051

    SHA1

    a0cb22e84ec2418b4c433731fcc8493396e248bf

    SHA256

    877d750d8904b2393c99d7dbe30156a81b1293a7a77032393cb546bc7991b7a1

    SHA512

    8ffbe5f618c4b57b910fac3c875cf730657e19d0b84a6249e492b0a1e2e56eecb0d258443b2f129bc1f999cd0bca18be29a3c2009f43f55e47761206c612b410

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4647.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar48CE.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W3U0XWC4.txt
    Filesize

    600B

    MD5

    6dc05ab870db364e781f0853a77a2bea

    SHA1

    5e20b1e655ead8a97a2bd89272209ebddf58b7c8

    SHA256

    28b70e2f3543ffeeff5e0fc50ee26c42a42ed14ff11b3c04d9aff3ab0dab3e04

    SHA512

    75b54243d68362d0e6518aec019f068566bd7204251cf543e38e567cc98043eb3cd37a194fa78489ea4ae9776fa356c8e6bbad76a54c24b69f1592a4230e4938

    Download Submit