Overview

overview

10

Static

static

7

56943.apk

android-9-x86

10

56943.apk

android-10-x64

10

56943.apk

android-11-x64

10

shape_18.xml

windows7-x64

1

shape_18.xml

windows10-2004-x64

1

shape_19.xml

windows7-x64

1

shape_19.xml

windows10-2004-x64

1

shape_20.xml

windows7-x64

1

shape_20.xml

windows10-2004-x64

1

shape_21.xml

windows7-x64

1

shape_21.xml

windows10-2004-x64

1

shape_22.xml

windows7-x64

1

shape_22.xml

windows10-2004-x64

1

shape_23.xml

windows7-x64

1

shape_23.xml

windows10-2004-x64

1

shape_24.xml

windows7-x64

1

shape_24.xml

windows10-2004-x64

1

shape_25.xml

windows7-x64

1

shape_25.xml

windows10-2004-x64

1

square_fit...t.json

windows7-x64

3

square_fit...t.json

windows10-2004-x64

3

timeline_t...r.json

windows7-x64

3

timeline_t...r.json

windows10-2004-x64

3

uik_iconfont.ttf

windows7-x64

3

uik_iconfont.ttf

windows10-2004-x64

7

video-swipe.json

windows7-x64

3

video-swipe.json

windows10-2004-x64

3

videoAdjust.json

windows7-x64

3

videoAdjust.json

windows10-2004-x64

3

videoGraph.json

windows7-x64

3

videoGraph.json

windows10-2004-x64

3

video_adju...o.json

windows7-x64

3

Resubmissions

06-07-2023 13:22

230706-ql86rabe24 10

23-05-2023 17:55

230523-whe2dshc81 10

Analysis

  • max time kernel
    100s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2023 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shape_23.xml

  • Size

    3KB

  • MD5

    f5435cbc7107f6ca5ced160662cf7e4c

  • SHA1

    6c57386e93e4b427f372d79d895e8448c773d505

  • SHA256

    a6c337992c71d6b3910c6f3f5dbb9ef071e70df9f5d639ffd275ba3bbc7678c8

  • SHA512

    729cda9e7174f2d183bfd38ed9a9cf7a81e21901e2a975dc84b53589d68fc466ec97de03a089346da8b464778ef73342467b3e55e544dbceb91cbfa8cda1e5ec

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_23.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2248
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2286eec710c2d73b518da8ca762b80e

    SHA1

    eef39b53e16611a6acb90fa3333635e8e782a187

    SHA256

    67d0f53d3783ad253935dc9b99cf556beb318b79f2ea7fd31697cc2a0b9fad24

    SHA512

    d1cd67e550d98ae89f2e949bab65166e8deff78ce057c3c77c346113648425e07747c73f3d7606c7f7180f5ec9253ff22f70b88fbc9700baf87f34c6b0adf9d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c68428a69aa225c7591ccbc47d8d8d3

    SHA1

    841da386b521f079391767eea35708878e9a9206

    SHA256

    353cbfe76914a658aee34303da72ff88e668d8d97b12be42ff50b79594eeba2c

    SHA512

    d868a4cfbdabc7cf5304f6bb2331a1b32bcc157030b7cb22cdcd326c0b2759c7c07fb878db2e4f9d3011ced4b5dd405e3bc634a23ebf7bc0f4b1a9931b9ef2e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    757c6bd3c93af44d0fca75a47413179f

    SHA1

    ca05604f8324ed5014a44f805dd029b4a514558a

    SHA256

    7a4c6971c5ff7902268ca7a547d60f249f1366734f32a65ab3b139aff1ec08a7

    SHA512

    be9c9c0096c6dd35e4a7a0d7dd39889e83ebd0ac31d1f79aaf73d631fd3d345eba07d65df1c967f9f33d8db666f4018d41bc272c3eeb63ae459a1c85d11acda7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b6b74ad9d79e151636182931d56a18a

    SHA1

    b0d471411d0139c4e96a5d4206350468b3cce563

    SHA256

    d2f6bf86b2625d217e66d61939be56bfcafa604c1ab3f2245e853fb9c35679e9

    SHA512

    2e6a9201e856a9978315ba07d4c9f46eef895d4fcad32439f1f395b90c7e06a021e688af21775bf1094171ebf5e65096baf53653f971439c51af02325241246a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd7bf5936160b6ee61295845b591d48e

    SHA1

    080e601c35912d6841e63ca4e92c76f6d4caeaa2

    SHA256

    2ae9e0774416fa64fcad8c7fb65b437039de478c71850f1afbb3379f1a3273f6

    SHA512

    9332bc642319c640c9cef348606fd52cb94e7db71360d04f982b9839d511506350774638d07792db20308440e3a2ca140548e8e33da55f53a0e98fcb8b5bdfdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aae98d943176aea2f17b19dfb19ce865

    SHA1

    2c71a183d2b3fb80c97a256ff29176833b0387dd

    SHA256

    f759d4025c2f23edde968d60413e93f33e0b5749f58634a860ae00a94eabbf8e

    SHA512

    16200a2838b181996314a4967d10b18281282cce37b53dc6e96ee49b512608435c5d0e216a5caec27a284e189329d3bd01c40cc63a3df56688c06eeb2e5705e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6614dad4b4f78b5edeca200dad625187

    SHA1

    e0e1da6f1a361272c54cb9992f330466a772ba75

    SHA256

    f359d9daaf193cc2122e824f82bcab4772c663400ba1ed2a5119dfff3292e4c0

    SHA512

    f2d2a97cf0a0525d4dfc93bf52ee02b5fc4e54d99bea1ff6f235c80bccd7dbcaca5f4859b91a7d9b4b409999d9876f7963afe044845fb38d9d24d2f931191689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    70c50600d7ae6005d86d7857739cf4e1

    SHA1

    0bb525dee453b38b0c829d0bb5b493678696baa4

    SHA256

    ff527d6fc8f98ad1bdad2ea1ff896ccb74e481887b4c1320ebe5edaec4d76797

    SHA512

    5320a38eb6fdb0deae17e225f02a3cfc5b67c80a10118556d130d2f35192a6be7d054dcf4beb4a0618747269b5405b94507a48ad2a13099ba64a669691c083b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M70DY8PN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab55FF.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar56AF.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NZEM3J3Q.txt
    Filesize

    601B

    MD5

    082c6742639cb42f675384dfa5fd8e82

    SHA1

    6603915709c00f09f16603bc595592db938d58e7

    SHA256

    b2e64a84e7031bd3bc12eac2913db2eb4c0d3a333b6d048e4963c2873e9bb4fe

    SHA512

    6928b12251ec43a664b23595ae5f9f9b73035678e6ab8c701a71f4129e61c7846e5f54e74be2cc3a308d6279588803396c12233519d8ec13c1e3054e5644f344

    Download Submit