Overview

overview

7

Static

static

7

GB_b19741fxj.apk

android-9-x86

1

YOWA.html

windows7-x64

1

YOWA.html

windows10-2004-x64

1

changelog-ar.html

windows7-x64

1

changelog-ar.html

windows10-2004-x64

1

changelog.html

windows7-x64

1

changelog.html

windows10-2004-x64

1

clockDarkTheme.xml

windows7-x64

1

clockDarkTheme.xml

windows10-2004-x64

1

clockLightTheme.xml

windows7-x64

1

clockLightTheme.xml

windows10-2004-x64

1

credits.html

windows7-x64

1

credits.html

windows10-2004-x64

1

ic_content...on.xml

windows7-x64

1

ic_content...on.xml

windows10-2004-x64

1

ic_content...ck.xml

windows7-x64

1

ic_content...ck.xml

windows10-2004-x64

1

ic_content...ck.xml

windows7-x64

1

ic_content...ck.xml

windows10-2004-x64

1

ic_content...ld.xml

windows7-x64

1

ic_content...ld.xml

windows10-2004-x64

1

l17846d7a_a32.so

debian-9-armhf

1

l17846d7a_a64.so

ubuntu-18.04-amd64

l17846d7a_a64.so

debian-9-armhf

l17846d7a_a64.so

debian-9-mips

l17846d7a_a64.so

debian-9-mipsel

l17846d7a_x64.so

ubuntu-18.04-amd64

1

l17846d7a_x86.so

ubuntu-18.04-amd64

1

stella_e2e.xml

windows7-x64

1

stella_e2e.xml

windows10-2004-x64

1

stella_wa.xml

windows7-x64

1

stella_wa.xml

windows10-2004-x64

1

Resubmissions

06-07-2023 18:35

230706-w8fqlsdg43 7

06-07-2023 18:32

230706-w6mfdadg35 7

06-07-2023 18:27

230706-w34kgsdg32 7

05-07-2023 09:21

230705-lbqjfabd66 7

05-07-2023 08:59

230705-kxxdfach7v 7

05-07-2023 08:41

230705-klwmrscg9y 7

05-07-2023 07:15

230705-h3aqhscf6z 7

05-07-2023 07:13

230705-h2e9lsba95 7

05-07-2023 06:50

230705-hl6fvscf2t 7

Analysis

  • max time kernel
    134s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2023 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    clockDarkTheme.xml

  • Size

    1KB

  • MD5

    663e33bfbbb0d14830694114d49c457d

  • SHA1

    3231baf54a3c1f336f1b11d9a7011bc5502a9d4a

  • SHA256

    43b0cd84c7344f57b2656d66d5bf215a4f1d1713a8117e0ecf92226b8ce1a200

  • SHA512

    c116ffaf6c1f8ad9bd6a1d85de318c9ca2c3b6d4931a1aa165dc7ef7351c80fbddc7ca1371c81dee35b3e12720fee2d3146d7a510b54026c3aba9202dee5f1b8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockDarkTheme.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2984
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2240

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3253f643b8d97bc14a62da19de69d9a

    SHA1

    49149bca982974181f6e12c9d01c977873897cb9

    SHA256

    797ffa935b3f3bce81094d88c3a0820cd0e7fb89394c4dfbaed2340100b501aa

    SHA512

    db62f032a56c2d4f64ace2dc4a96fba484c10cff0d486da97867d15d8ab347821341da617e1bb5a4bf37146937e26e31dc07db3dc6f2fc0b831efdc773b63f0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ac59ac1651b268e0e482ec963778485

    SHA1

    5ac01f2ed8e1418f5db5f0f7de7ddc526afc7db6

    SHA256

    1f678b34f78bdd743d86d26f37000442da232945761d76f671b91cd1a468012b

    SHA512

    521d90366f57409a88f49c408b5a82eb7665a5c64201363ae192e2c915827f502b15ce4c3b49e4564e5a4875b2fa7bb86b5abb80be28d18244b2a52eb3b095e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e9d14f1d271c96666898e2885a535b7

    SHA1

    fbb5d0cc9eeceb75f4ee2c1765791f9158a00da2

    SHA256

    2df5156e80df7d5f356134eaa075e723683ea02d2a7f94d60d21b6f4ffa043c2

    SHA512

    07222be5c4c757ff02914c0490e43f0a908e3101a8b758798e1e736cfc097fa759b3b80c7b93ad3596f64b85e66e8108aae9697fb7ab313c2c102c883554a8c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c72b71526eab940c9713c472de606745

    SHA1

    31bb2c39ff6515ca0c633756fdf02cf59e8e1b3d

    SHA256

    f26e8eeacc1038a4dd684cc9d99e0560f1f4047cc82ddb9cba39eb21b1dd8ea3

    SHA512

    80b62f0979f29348182b7cb1dd8bd4d77f4d18f9c8c6a3fa7f2e04524b7491403f405b68b07713a3b54e15e4aff40deb52db04f56e3a80b24559075a1f72a68f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    375cd163339a79f6b60a4cb4eb4d3625

    SHA1

    89713a4799428f3256d4b27af53bb131bb016dec

    SHA256

    a6cbf276a99a32bd743fbfa8cddf7c2f92c5560349f68847deb27d68e744ee33

    SHA512

    1ca48554be21a42b97ab75a8c095a57d14d2b5810a1a7d7480cfa9b7c311de9c513690b3cced4a3cfa03e92dc69d637719880b0e3179dda9da7e07e4ae924ba8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1df28ec0e10ade4e0b4470437c7496a5

    SHA1

    22f86ed48cb414cc95621683bd2c95d2d093dfcc

    SHA256

    ef77e2c6098337e939c5c097fd443edc7fcc1723e3f66859aebd9d96d082435f

    SHA512

    f68d904afd9517a183560deb7db52d2691354c7eb2274aac13112ae5d462482f2ee5890659b7607ccb74ee7c0ca7586953c7ca0337ad865ac9dcef42ef80c1c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2452e9f7ced3897f925a98a001701463

    SHA1

    063b95a81b75c3fe2f3757b6c625c8f59dbbd489

    SHA256

    bb9318ce736556c1d2856953f90c10df4bbdbcdbbb84e5ffd9170b12b45d422e

    SHA512

    bce5744e332cd4ba5371c7a95e4609f54634ca7b48a0bcac17f57fdff96e8b2fd93f2f696754c898b6fa72b19a1f84612a289fee169b04ee6097a360ea5f49b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec1b0d6fa91da390d88ac791331cbd71

    SHA1

    9a0883c049e4f6e61330adfbaf9690162bed8577

    SHA256

    6195e5c23507a53c327fd7d2342c32875fec0cea54d0af5a8e1a9c27c88e6555

    SHA512

    94aa12ec403a1395ab02bb38dd41db30508858fccbd4dbed3e0c524a2e928b7fb3d2db45425a0a5258ec973620570028c14a788be71ad4b7738ab6b7b689dfe9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7ABD.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7B8F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CW8X0VBV.txt
    Filesize

    606B

    MD5

    592655d68025037488b533d7183b17db

    SHA1

    65ad9e07db7daa4bd1ff0efac8506712bb3d6b0d

    SHA256

    0aa8ef11560583e8cb122ba35295b7592157ef5e4e66e3d8c2d544073579b33c

    SHA512

    de59abb4e7c4ea17805fbefdec35eb36601eb5d3b004309bdc8f0e1fe649895e00c5f3b06bd812d931855eefe43c4c7169f052d615fe9c08a503cbcad46d8054

    Download Submit