Overview

overview

10

Static

static

7

8a15f942dc...e6.apk

android-9-x86

10

8a15f942dc...e6.apk

android-10-x64

10

8a15f942dc...e6.apk

android-11-x64

10

FAB-blue.xml

windows7-x64

1

FAB-blue.xml

windows10-2004-x64

1

FAB2.xml

windows7-x64

1

FAB2.xml

windows10-2004-x64

1

annotation-xml.js

windows7-x64

1

annotation-xml.js

windows10-2004-x64

1

apple.xml

windows7-x64

1

apple.xml

windows10-2004-x64

1

arrow.xml

windows7-x64

1

arrow.xml

windows10-2004-x64

1

bear.xml

windows7-x64

1

bear.xml

windows10-2004-x64

1

bird.xml

windows7-x64

1

bird.xml

windows10-2004-x64

1

boom.xml

windows7-x64

1

boom.xml

windows10-2004-x64

5

callout.xml

windows7-x64

1

callout.xml

windows10-2004-x64

1

callout_11_shadow.xml

windows7-x64

1

callout_11_shadow.xml

windows10-2004-x64

1

callout_7_overlay.xml

windows7-x64

1

callout_7_overlay.xml

windows10-2004-x64

1

callout_8_overlay.xml

windows7-x64

1

callout_8_overlay.xml

windows10-2004-x64

1

callout_cloud.xml

windows7-x64

1

callout_cloud.xml

windows10-2004-x64

1

callout_de...le.xml

windows7-x64

1

callout_de...le.xml

windows10-2004-x64

5

callout_shape_2.xml

windows7-x64

1

Analysis

  • max time kernel
    99s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2023 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    callout_dest_bubble.xml

  • Size

    1KB

  • MD5

    5a1b792bf859e656807fb87228b66416

  • SHA1

    21612430725df233bd8bd7e10ae17a33a7923429

  • SHA256

    07c9841559f933977b9448e4ed5e18e3000666faa8768526136bccebefe8b104

  • SHA512

    e908a8dd836b51193f62b60eda3a5371cb9f2548e0b792e90fe624e012c7d64c20c987ead14f591a1e59b7786eec31221f56148447ba8deb53082c7594462b25

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\callout_dest_bubble.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:772
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:556
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3ce07fb5b5e730118d603d22d4ed256

    SHA1

    b11d960e6b4830f26962e9a3015f7f423ba9d409

    SHA256

    a44dd862e6fba1091d242e46fae2b7ded9d8fa04e5535ca524ee0f7719c31ee0

    SHA512

    df053466ec61a83d36ff069be3fb1e6b134789c5498a0e0e85c98cc0a278bcd22273323e4888d81be630fe2af4894f33d3027d00b3acb0b9dd2f771fdd07035a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecd971ba9f5a02fe1b302e805bf91c96

    SHA1

    7ab0798391d7625ee634ff466f2dae8704c9a005

    SHA256

    137c61217a6f0c3c771a2249c52d8449388d65a170643d5dc07df6c924689908

    SHA512

    a7fe59a11108c88cb6ea85514c64fa664fad633e9f3491f341214b2fa710b156aa1533f675c960fa10b291bcca81eef109d14288fe8ff8afb39066bdaefbbab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a9988204821b72f1e7b34e160baf0ce

    SHA1

    15bd303013c121d7098adf4600955a6f42ea6d62

    SHA256

    e46fe2ce0b517bfdc825a8df9abac107b96b44db873de6fd694b789277ff47f2

    SHA512

    c1bc1f5e067a6af45d8ed3c7e160e34f8c936ecd0f4a013d5e0f5428b563baccdc86c0a4f524615272d548cd400e534022dd26e242f4b85a5553383d4c0f3312

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e1278738752632c48f74d97a7d9966a

    SHA1

    a9ed8409528e3b44496186dd00427b83116bdf0b

    SHA256

    21aa70efe4e8754221fcf2c46d329dba5e0304e1b510dedca2491772dd056539

    SHA512

    532b83fda2657163e0e0bac97b553575c0e95e752b728b371564108467e181cc1bbc88f185a5b530383f4e5a12ffbd08f6033b0f30e67df4906d7c2392b95fc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    265321fe1ce422bd47d081e0e4867e6a

    SHA1

    a78db8416dcbcfde92e4e32113aff5c1c657c4e2

    SHA256

    2ee8442e259945d055a261bbe377745b49bfb21e8e6d93f69cab4afc2b591962

    SHA512

    62158a8fb7a82c8531d78303911e6925d1125d199cf0df9e11ea678bb6f4141183913fce6eef226d09549d86f43f93dcc552246057181668205919f5df6f708b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9671af96f643d54595d1571d685528ca

    SHA1

    6cdef4aed9ed93e1660b55a3cbb9c4081f560649

    SHA256

    95f71914d5386e1b1754e1f9222c2b6529f43cf38f98d7b971ad7cf14b5277fc

    SHA512

    fcc8e6d8c87933f47020e2517cfab5d6082279835aa73161395fce74012590377d333e1fdd3e9d54611e2571ea1e122c84a01a20859e9d8c9c5d3a0d549f3578

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQLKSAYN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE13E.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE1DE.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0BTXH99A.txt
    Filesize

    608B

    MD5

    52b4274dbd61cf3409b6edad9e130947

    SHA1

    cee082b56cd9b4c8755aac7fbbe929ec621fc75e

    SHA256

    8923fe86da92d0ad46e24423ddb38315fbd9e06d5d4fc986274af22cb95bfb25

    SHA512

    9b0ca73b4c01fc4d4f11d858e7c59b12b43df2f0ae49f4372bc930753eaac0040818ca0272f341a56d6f36a02312a350446f9674bca3967d37f335a0ea282d9d

    Download Submit