Overview

overview

10

Static

static

7

56943.apk

android-9-x86

10

56943.apk

android-10-x64

10

56943.apk

android-11-x64

10

shape_18.xml

windows7-x64

1

shape_18.xml

windows10-2004-x64

1

shape_19.xml

windows7-x64

1

shape_19.xml

windows10-2004-x64

1

shape_20.xml

windows7-x64

1

shape_20.xml

windows10-2004-x64

1

shape_21.xml

windows7-x64

1

shape_21.xml

windows10-2004-x64

1

shape_22.xml

windows7-x64

1

shape_22.xml

windows10-2004-x64

1

shape_23.xml

windows7-x64

1

shape_23.xml

windows10-2004-x64

1

shape_24.xml

windows7-x64

1

shape_24.xml

windows10-2004-x64

1

shape_25.xml

windows7-x64

1

shape_25.xml

windows10-2004-x64

1

square_fit...t.json

windows7-x64

3

square_fit...t.json

windows10-2004-x64

3

timeline_t...r.json

windows7-x64

3

timeline_t...r.json

windows10-2004-x64

3

uik_iconfont.ttf

windows7-x64

3

uik_iconfont.ttf

windows10-2004-x64

7

video-swipe.json

windows7-x64

3

video-swipe.json

windows10-2004-x64

3

videoAdjust.json

windows7-x64

3

videoAdjust.json

windows10-2004-x64

3

videoGraph.json

windows7-x64

3

videoGraph.json

windows10-2004-x64

3

video_adju...o.json

windows7-x64

3

Resubmissions

06-07-2023 13:22

230706-ql86rabe24 10

23-05-2023 17:55

230523-whe2dshc81 10

Analysis

  • max time kernel
    148s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2023 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shape_20.xml

  • Size

    1KB

  • MD5

    4eec7819cf526dc5a0ad47c4551a930a

  • SHA1

    be218f9d9f010eaba1e97ec2b9aae39b913e4d8b

  • SHA256

    df496ff50b4c05b3f18cba321d0e54c6baad4a05e4b68e6bd2c15c563b4ad101

  • SHA512

    bd8497da284d26598bc6b25c2268d9651f6250bf0c26e3c96041fb1e8adc8f896dce19cc4ddffd5dcb68cc0fa2d49db853ed5cfecceefbf8bb6b18145e73054e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_20.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3032
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    884bd63740783fc1044190337e96f3f0

    SHA1

    64d3832561bde1befc0bd394f843d9f8e13783e2

    SHA256

    9c9f69246e2208754e165f2abfb3f986825566b3f856ae59abde770eb27aa173

    SHA512

    d04f4e12f907f9e50e424f00c973c3acf92089e3c83f99fc78562bbb9462020a277f26e95f427621adf0f5d1e9fc31e4314c49ac0b0b342a14a7beb9ffe1afc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5eedc725c31ed78cc336039767e69201

    SHA1

    1d86126e8fcb3adeab83a58bae5becb80cfdce55

    SHA256

    4ebad6720e0180fe14baddce750476e3320cbfdd87c5ea74b2b8f5754b3d32b1

    SHA512

    b813d6c06a98894e2f42963ca0eaa48d00b64134078d08889e31dd10aee36a3d32a72d34aad089bc01013d74657e3ecdd5ffb07c783bb77e24d6ec0d68a4300d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6a25858172f4b30ba9e1cce26b584b5

    SHA1

    cfb89dbfeed9ba4f5a96ec6d4e3763f6b6386b73

    SHA256

    f5a1de654f8155b9ffada9d811029915de2560f786b453d4b2eae3e900f56e37

    SHA512

    89de05d2874a4cee0ad6195ef38e94088c80bfccd98516579ae4a2d7db47daa34169a6b6072af007bd997185de7565419aa20d1bddfbe65be96d8168c9751983

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2204e308ea5efce687cc65fb8e12573a

    SHA1

    f4889dcc092499f5c1f7ea2bb54d4afb89e691d9

    SHA256

    8970aa3a26a9dd26af1138c7db85ce0d119106cfee5153297b54d325c6ffc4f6

    SHA512

    492794adbf4031439f3e00ea7e65a72dd0083d8c13cad61d0793d7f9fc8e6ba7d058ac8b4c13bba3cbdfe0b7012210bd502d57841ecf4588c96e0bb829bb9bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6baac6280b7732f5f9b53df87dca398

    SHA1

    d3d3aa9f1fc9d0ddcb3204a72c3aed1bfcdc3ffa

    SHA256

    88f53650818022a4d8206809e7e23f3560c49329b6511b6d2a5bdab7199ab3ba

    SHA512

    b2311d03e36a92a78b2eee448d431eafaf039b013bcc9547fc4c9f1fc9d922c958fba8a24ede9f2cfc8b2e207f3ea3b375769f4395b2cf2d8a5394225fc76057

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e86848e481a4eee9b900b799a6d214b

    SHA1

    fea297ddda76c0502e7db37bb5855c0fecbc720f

    SHA256

    c3d660dd673e31fdedb9a0d84289625ee3a61fd08c3644a143c8dc5d15fd7997

    SHA512

    14ef095ab106e0640bf12c5043c8d56f74abc1927e8ca41876fe685007365ac146118d902eab30c296f3b9fae19f1118756599f8eb8a4f1ba9dfd63dd9383759

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4634eb28ef581a7a3e598d5ee9e8aabf

    SHA1

    eaea3db5dc4f878afa85dd7f6ad0107dfa0be23e

    SHA256

    71da2f0461cb1802e6ad4181bd802786a7e45bf31d45f75196f85dc5139c3b31

    SHA512

    dc1da33dce7873dcfd9974a552ad28f0695f6a60288aff1e6f4bb3eb252afa461bc60030845d64f4ead963cb059f7d67c589e5b3f939676b7ae1979ba81cb754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bca8895fec9b207527b05f5307b923b

    SHA1

    4985578d2f7c42715691c07b682a3b9894053d64

    SHA256

    5e32429d01de31484aa7f858606ab648f6366776eb90dee9e8021551b395b420

    SHA512

    3cfdff1c33abe0d12ce8c4e226d6e21df5cde75c266c7aadabfc259119da60c610659d2eca1cb3a1bdb5358b10ecccb9e7188a7d31b6b0f9c471d49115f5ef5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dde5759e4047b08bde772f8cb4ee23e4

    SHA1

    af27acc912cb679df9032b6932249e9a9c991285

    SHA256

    2d1bf66caa256d2bd485768950876766a7fb74e0453fe842fb1ba370691d9e6d

    SHA512

    c2783d1cb423f5007ba54ed912a1a66137ae5519d39dd9975d185c6f83026567f557a5d302defe6c431d8d186f4e1f5086e04fa5ad3af8384dbad7726b78a9df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M70DY8PN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4E34.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5104.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5NEXPNOE.txt
    Filesize

    601B

    MD5

    861839f856a1bfbdf66dd039de2f8487

    SHA1

    fc2f2c2ba201a92deb7624f1b32ae1fc354ad43c

    SHA256

    062b6b238c5ea891507694779aa0b5a5cc9d96549f5bac59920307e0cdae8210

    SHA512

    fd9e1b5cc40dfa65d2d2428ab168178e0e00f18b526c56bbb6a166a8b1e7e89d872e5ba29ed4cf040577b879b105dc00a505c2695ec07d921ad19f3af2d6a448

    Download Submit