Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-11-x64

10

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a9cc12bd3e946251aa8ca8652f61f86

    SHA1

    8cb5b1d9cec8a0d13016425cd35c90d2ddd46634

    SHA256

    94bab29bf90b20e1b40afff8a76f316819637869851462105b21aa5c8e653bee

    SHA512

    9ab516ceba99281a359d793545971d469207dfc757fddcf529511caef780edff92551c09cafed5e8cfbeab7c001958bb9371b91b28e41cf8a3e0072230333dd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc17f00832da93cd650e2d29b45bdc6e

    SHA1

    3cd87d1543aa7a41c2ddfd7dbcf2b5c7ebe9fb6d

    SHA256

    c22a0735835a5c116688330d0375fe61d0b5a142c13266480368067c0d077c25

    SHA512

    e8c85a5ad3e37b40e881c42a42eb92da816a3b9620c8b3e1fc3664e42dc842627c3dd290e8d1c63c4a1cc2f815adfa80f1dbd99d66355b79569f9ab2161819a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f9a230227648722a3d48a250136e795

    SHA1

    5064134e3fde1da2de2e38b463d95e3791d69598

    SHA256

    c1f9fb2201ec7c1d5affdbb0dd9442c5fabbb3e638df8a9544e6d6a68750c8cd

    SHA512

    e16e96cdc3f61ccc9182262dd6203ee62ebc72759f5b651d4b4055da5ce723336d856d5f85664024778dbace9462832da28bde08e220f9f0d63d3e93062173cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b73fe13b213c3aaafa6d481d2d5c9cc

    SHA1

    a18a262d7ac0b0e6621444e7ec37ba0b87bdda13

    SHA256

    68e3a11e3ffe324f7348d5b5e6786acee1ceb48a0790d2ce2e17cecfe00bd07a

    SHA512

    f9171a31ee9d88c3707c805186eb508f8b8fd88ec4aec6a99c654aa3e3a8fc89d87baa057a9530b78494e3c43a6136eecca99a67f3839e41ec4e4ef5ab2be11a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bea7008f4f02171cdc071e766ca88d3a

    SHA1

    9a4fe806969823bc3d39f53ad630ef292621b88b

    SHA256

    fd94323704320389928713bd0113e1e03bf04d1849020216eb4d48c71d097ccb

    SHA512

    098b1ce9f15d31b2b986a3649f4dcb0a238669cc781d8d8ee6407d652402d6ed02da9afd55583de2cbbdf11a9413423fec121ddfdccdc9d6d3def385aae23ae7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1892fbd8f13080a2e824aa0e45f97b6d

    SHA1

    360b3432c12a717bdb57660dc67c9016ed6d6673

    SHA256

    df73eeccea170b0d1f578f77948e3f16f250d9e7b1f73a4e25d90d2874115552

    SHA512

    2f556402e7f6dcef7fffd411c155d67c0d0b8d3b107373d344f744180e797987d98d887e542aa206cbeee3ce8e7fcd2d40563aaa77188098121b2d90dfcd60b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c71c755d51834f17392f5434aea2187

    SHA1

    cadfdccd8ae8f5308fd9a081ef6495f7c36cc15d

    SHA256

    543b2ce13392e8cda9fdb4c09425acf446c902fe040a2ac95448127648774bf2

    SHA512

    ffa1c22a27362b37748b16d8729f1e24ab854bfd7a3df990731c16cc1e1bd2a6cb9515f5db0873bd4988cb2b9c3c07657e4da6227a5856a2152516a3cfe16d03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63fa227889f3972658bd5fb846fd8412

    SHA1

    2bb7a5a0f31fd264ea183b3480c02f6acdb1d9f5

    SHA256

    476839c8970e8e5f0eaa3066f0ad0de938d0eb0376bf6265dd71ea8fade1f39b

    SHA512

    7461b6ee019f822c57f2192121b202edcba9ae61bc51967527122b7e73743dbb60d1bf1ecaae32f47da534f8331df4dbf0fe0e32200613fbf21f69faf46a3970

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    092efbdb932892cfdc9cf913699de800

    SHA1

    f9d8f2db1d24189553dcb561f3fd94f5d061301e

    SHA256

    c55bdb315a8b338bfb769c264bb1045b657372b89de20399013bc4cb09e18a67

    SHA512

    a0fff3cd4c973a35bbcde018c71fb06ae0b8e8f159c2fdae86e7f26744ff09a55ef663573066c223e44dcb5a5c99ddcebca018445880dd84a34974a567f6a52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46e9a565d3f73b0969d791c07c4c238e

    SHA1

    49033558c21e0784b6275585ecc57edb93e516a0

    SHA256

    325b8f040cb92f838b316806a2008c978805b5504f2d7050a9b2a7ea6e1fe4f4

    SHA512

    331ce9b56d06455a7b7fbdcb645e166de1c3529e98ed597a7986a2ecff6b83e69b97f33b99acdd5cafd2319ab98b07cd35d9db11ac2971b6860e51656988ff4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21a3f4f3dbe84474bcfdbdfe53d9cb6d

    SHA1

    fe9567992cfa15b2a0f4e5b074538e95bd3bc496

    SHA256

    758b653caf3fcd07b75563cce7d3f7344141cebac89e6f8f66ac399178c50591

    SHA512

    0de87269e7a942d560cf8f3724c26fcfa64cadcdb94a2eeed93e24bc6a237fb9bc9c05a88e6db36cf853ac77ae67cad18770c2697a94a91a975c5bd89efba40d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab546B.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar54EB.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I48FED86.txt
    Filesize

    601B

    MD5

    8e71160028bc7848f4f5c2aeebf26b22

    SHA1

    45a5c5ea291ff8148d2a8ad38c46dedfdb8d7362

    SHA256

    4f43fda25a93da3ed734b185f73b95f9b0fa2d4a88c7d4abad3bcae552088b36

    SHA512

    2515e83c94505a035e99323ca0bb1c6716f70fc63b7ae25d6e4ccf55a62f4410ceb5c87d1be8900fc45b9c1c85cd0fc124de938b7b8778303b353f2f00919bd4

    Download Submit