Overview

overview

10

Static

static

7

56943.apk

android-9-x86

10

56943.apk

android-10-x64

10

56943.apk

android-11-x64

10

shape_18.xml

windows7-x64

1

shape_18.xml

windows10-2004-x64

1

shape_19.xml

windows7-x64

1

shape_19.xml

windows10-2004-x64

1

shape_20.xml

windows7-x64

1

shape_20.xml

windows10-2004-x64

1

shape_21.xml

windows7-x64

1

shape_21.xml

windows10-2004-x64

1

shape_22.xml

windows7-x64

1

shape_22.xml

windows10-2004-x64

1

shape_23.xml

windows7-x64

1

shape_23.xml

windows10-2004-x64

1

shape_24.xml

windows7-x64

1

shape_24.xml

windows10-2004-x64

1

shape_25.xml

windows7-x64

1

shape_25.xml

windows10-2004-x64

1

square_fit...t.json

windows7-x64

3

square_fit...t.json

windows10-2004-x64

3

timeline_t...r.json

windows7-x64

3

timeline_t...r.json

windows10-2004-x64

3

uik_iconfont.ttf

windows7-x64

3

uik_iconfont.ttf

windows10-2004-x64

7

video-swipe.json

windows7-x64

3

video-swipe.json

windows10-2004-x64

3

videoAdjust.json

windows7-x64

3

videoAdjust.json

windows10-2004-x64

3

videoGraph.json

windows7-x64

3

videoGraph.json

windows10-2004-x64

3

video_adju...o.json

windows7-x64

3

Resubmissions

06-07-2023 13:22

230706-ql86rabe24 10

23-05-2023 17:55

230523-whe2dshc81 10

Analysis

  • max time kernel
    100s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2023 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shape_25.xml

  • Size

    788B

  • MD5

    3eb0a51391ac88b3c15ae205c375d9ac

  • SHA1

    8bf1fd239aa52ccc99e49254e0c9425706f6bd67

  • SHA256

    9f1927aae9c8d5aa8738e323db20cafb6d3b096622dea4e5c6d2043b162bc3a9

  • SHA512

    43c001eb5e303c7e7380f6577dc7e96f064bb815eb830d9cc59a13e7d946c82e3fa557718bee67c81948911cd2e7881e218329a76750a40be33e0adf9ad27051

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_25.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:512
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2384
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9db6eb4c85700752e8518f1089022af7

    SHA1

    c07342aa82397479ba733608bbbbc366e938b647

    SHA256

    8cff6ff7ec4a697639b89b2473321a198915c9dcf9ee99b4840503299741b338

    SHA512

    b2c039bffb7972fdaf67bb645d7cbeef3404ddfc92fb04b37b81f839e16b378f01d647565b9f39efd07cae68b4388f3cd386c2493874e5d6d7fa43d90f6e67e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    946441c42ea10d5b36b69d106d7c823b

    SHA1

    7862a487cec05bb03517d7b0e56e20408652ff16

    SHA256

    2431e8078dbe032d64516d27baacc7cba89fe4e3c76c876e8709e29cac28b47f

    SHA512

    cf43ab7e3a2cff82d4444c82e230f87bdcb6501e93c16cf1910a9bfd6d30cfb05103ae56be0b986a0d289f49241e1b8f5bcee617696337c47a03ab0416bfb7af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9abeff1af4e3077741ee73588575982

    SHA1

    ca77016d08738c58c9675698f767f245cc66a142

    SHA256

    da54716373b150c9ba384156c4396cfe146deade2e851a176bf7efdb989bf281

    SHA512

    fa7858ebac541838f802f71506335f078ec8c5c715729bb60f6788c392571be0287c2313afd73319e2484ddb5fe4a0805134216b09fad440b3893edbd1353ddc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea41c389b3b3851f33cd480d69b1ace8

    SHA1

    bde946a40f9d8cddfebb733695e223fc76d2a182

    SHA256

    6c0b479960fa91fbf6532396eb946373b78c05ca03a3671b608947ec36e5d21a

    SHA512

    d240865083afe293a2b627f5f318471061b2bdc38aecd7bcf3340d6625e5c1d274f27cb7ecd1f12302eda73475f0919b1c65ba6061387a246d781efce94f60a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee0956cff922998de7b627667ee85e42

    SHA1

    57f03df34b86299891d3589840b28dc337d7fbf0

    SHA256

    ed26036c3912d449a5a3c6443fb0bdd90bb46567f82f081aabfcd3edebb58c9d

    SHA512

    c9ef6f8bbb071617ff1b1d4972803447b24aab277b4f1cec66645b07dc408046f0f7844057b4ce34ce6e7200d8e1e79980256a8ffb66359fb25f5070c9ea783f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61580f042184320520dc4f2d39fa0e0f

    SHA1

    c9ee16195a218ca14e494096efd8ec4dc8750211

    SHA256

    ffd653ab9e4d4175b91f1504e16df06fb06424d740657a7bd50651a61a6cb9d6

    SHA512

    fb5658a3602b72e7f7d2934c608efcd3ab8e2cfa80e0465cf2115d8a7a13025d121682748d5daf350b6d6fde21920867549ebd17060ca380d5a5834caffff840

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69cf3347f38fab83f47ee1ce42f84bec

    SHA1

    48c1ae704c5f14e5a9f765e0e88983b254caaceb

    SHA256

    e226638dd2f192c267cd73702ba1ae6247d5c35405f52a23fb3ae0aa0585db40

    SHA512

    bb1848c0a89950c4c2c8879740a643cf5e19179602ba1841647811a0ad400cff43ec843108e4be58e5c37680d4bf61d1b2c1140efe7348fc3009425f2f30f602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9cfa65197eb3309945e752aba15d5b9f

    SHA1

    5b69a7e2cd92bc8be7a1d87ab279e083839ec763

    SHA256

    6fc17bfb0e8e66cc4d0dca9ce6d9473a92c69d02f59c56bf8cf1272ee5878eed

    SHA512

    fba7c29399f0e8d8bd6e97e1d0676aa2f56251c88a443e49c05b639d91007230e61775ea939eaa2d952dcdef816d5fe5d5f0ec18611a3a402b9d40fb2b93469c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e83efbfa342d52427e9e85579ba9ce03

    SHA1

    0a5e6ba8aa58991428a204013d7a6b0c4a70111d

    SHA256

    44cd39b37d7a4433cd04cfaeaf6b5f0ab4c731f4e80bbe54f69b6cfed8ae7dd3

    SHA512

    f335e107f41068bcd678c21a26a49559745c64e5b1964cfdbdce0c44fa2b11abc12f16adcc1f27d4ea45e9edce2c9b33473dccd5b8600c7d49064861d22e49be

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5C56.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5D75.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ABLW9AHZ.txt
    Filesize

    601B

    MD5

    15b6af557aff64cd420f572fd2cec8da

    SHA1

    5a324305829394497bbdad5cb27b5af6b2e97aa3

    SHA256

    7362a22ad8e862a5b755a58c4c5943b927d39d3b27fe26ab49d7525186a04d45

    SHA512

    f262028d5614736509ef352bdc95e35297af20d3372c009cac9c56fb15e2d0371f39419fc16275afcd0d69160213c8c8b4cb6db7108c1d66731ee45be417575a

    Download Submit