Overview

overview

9

Static

static

7

CPF10.apk

android-11-x64

9

clockDarkTheme.xml

windows7-x64

1

clockDarkTheme.xml

windows10-2004-x64

1

clockLightTheme.xml

windows7-x64

1

clockLightTheme.xml

windows10-2004-x64

1

ic_content...on.xml

windows7-x64

1

ic_content...on.xml

windows10-2004-x64

1

ic_content...ck.xml

windows7-x64

1

ic_content...ck.xml

windows10-2004-x64

1

ic_content...ck.xml

windows7-x64

1

ic_content...ck.xml

windows10-2004-x64

1

ic_content...ld.xml

windows7-x64

1

ic_content...ld.xml

windows10-2004-x64

1

stella_e2e.xml

windows7-x64

1

stella_e2e.xml

windows10-2004-x64

1

stella_wa.xml

windows7-x64

1

stella_wa.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2023 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    clockLightTheme.xml

  • Size

    3KB

  • MD5

    2235609a58ada82f2110d941341a720d

  • SHA1

    d3b06251eb8f131034ba1ea3b0db982cb31bd813

  • SHA256

    d89ab1d4bc636a73d64ef1d8976d517f13449a11af28d70e88ca3d0c40e114a7

  • SHA512

    ff7543b27941add4a92579f1a55f3b40a16cd8ec8cc43b678b229be38a3878267fcdbb80b040e91132fd938082c47e6e237f62ac3903422ad9499cf7164228d5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockLightTheme.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1256

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db45f8647322894a92be7c3a0c39fb96

    SHA1

    6c870100d3da8772d30c826a468694274860ffc6

    SHA256

    08b229eb6176db5bcc51f79a245671b5f4cb732dc7c64a8f9bd2992be667bff1

    SHA512

    a5360eadb1481b3d1770aa08f97b347a2a1cb6831fc994eeb404d3e7241fa9916730e502defa44af11ffac31ed0e5614203b464f2ff00658507e5765c69d44dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3145db1af12e65eec54f028edca3cef7

    SHA1

    d5967e3b40fed9e4b505565fd738d1f1640f4a80

    SHA256

    0bc170e54640c1d96c358f80a84e865dbc906a3592664bce4e74012ddb0c1623

    SHA512

    b3070a8c3d548f13268af513f77cf4497b87554674779d97a82ea13eb8b598ed1cf1ed2e6d4e678f16e1d3a8b68651eb93f391e838f873cc3db548f60ac35076

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b15aaef7098698e500d96eff429d68c

    SHA1

    2f63571bd99dadce578d07fb8e4f9dfd5d65bb0e

    SHA256

    38a6ea8aa668c8db839c16ab063f96583de09d35267f7f811bb226fb5dab32f0

    SHA512

    01e2377872cdbc7dabda8b10afe10675c3f11be753cdab3d4842c5e25eea8478ba1a47391e59ba0cd4c13d9b94d21f83dce69a55e836bd3874edc2e85865a850

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2a8d40ac80e5bd35bdedd119be80826

    SHA1

    4617772b44cbc902b2a45ec1d8e4c868a2c48d1f

    SHA256

    65b4105f0211e07a1904de9e616ea3b6b84cd4e1b7cb438f46ea8cde5c1f576f

    SHA512

    2d062656efd5a2361bded084b6a2df67f02e3785b4b093eba9c27ca9c1a034aeb63813ebc37b8c592d7571b6622bce827eeaba64f70a749a8ee36c2ce103e3c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19ff86cc72f6fdf6ef1788d8aa964416

    SHA1

    31e6a3f6194a7aa51a2a21d2bb3ad32421ce32ec

    SHA256

    40527b58077626f1c88e7f491cc306acda6e6bbdba7a5ae247463f4b14d3f66f

    SHA512

    86448387f2601866152ec6f5c6f0bd7bfa0bd2d975e4cad0b3ce36aae53771300a9946f5828d9c1daeabd9e25580aad87fd16543607e69294a1815721a9efd65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd2f879569a0b21751ca6400367abc85

    SHA1

    8f2b80ae6241ba378e4582afef1404a1696b3433

    SHA256

    27537009bd1329e204fafef44ba62bced18f02037863669a466b5a1c9a621329

    SHA512

    eef88f191be23d14c9ebae23f50914ab7bc9bedea2e5a8a6200f8a3e28ad1d73577b25b3552ebb32e7235910a93f10f2d0b553c479cd37961ac2b97c0ee6d990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ffc7a8b6e70856d2cc6b25e18cf0976

    SHA1

    974b73cc97ae379071b3d065d69f95c16b2a7304

    SHA256

    edf026405bbe2f36c61efffddd13a0fa3cddc883b5f7ec8bbd31a32ccf02b47e

    SHA512

    a35d22636045a6a9a27b15d22fda8dc7dc9c1347db5524da892b45419e156bdffcc14d0a95cadf18d837503ceb75ad98a3d53337dce2f26b9be8f67449853325

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    141791a933f03e5c8108fc3ece709c90

    SHA1

    72aaf22dc61932e0d57742f9ae24a0f29d28795b

    SHA256

    9e16ddaacbb1525bd5a5cf31253437c1582a2869e662987a0bd8b44071f69d46

    SHA512

    d99f0eddf49f09fc2c7be88eeb8551797b89d6e38fac966917b2f4011a8443ee50a1e63819f497e98fe60a23a8089f484cf31aae836c115a6a1cca496dee9a97

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9DE8.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9ED6.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2QDSOA1J.txt
    Filesize

    606B

    MD5

    0b604875bbed749bfae25e1017b8170c

    SHA1

    67ea1ad5441d9f1452667fafe845733d039c32b1

    SHA256

    c0923ddf17a73509d12d6fb040a938f4db0daab0caf23bf69adc48309ed0f244

    SHA512

    027c46e0b455b51d12f125f722ee1b9dcb6deeb4f5467269377bb8aa8b9687dea2b6273c2f1166ea853e1ac66ed8e4833a423f157934675917493d8597ad8553

    Download Submit