Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-11-x64

10

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28492e3e811ae88cb49a48bb337da471

    SHA1

    d9f3999e598d8308e8dc8bfefa9b657ec473fb0c

    SHA256

    31a725b86fc9347b8be6cf5da01e1b020e4277943f035dd4951707d87ca48585

    SHA512

    394126ecbd5365ae05d48440ac4d18cfc23c600db55151fe5830911ef3bd88621c44255cc07877a98afc8606433f73e8fac4f94e3e4c7f58a8665d6e3d0948d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a11b4b4bf6a8d3fdfa83f4fd612ab22

    SHA1

    2d34ffd64ab309b1bd3b14cf520b49d338496174

    SHA256

    186459b00ec9e4e8f77b2d3fb3c2e2e0ddc99d4172d4a1b23b96dc515b6a1129

    SHA512

    b8d51724f97529fd9d476ffb07e9d8e50c259dc737c167ef47fe37c90fd4874dcfd046961265a516efd6e7b45abe6d64c04c752d1cad79ce4e09c3875167d4f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5c0745d028ba085f8e4bc8633dafbab

    SHA1

    00a031958e2635ddf7fe87487defa05b680311eb

    SHA256

    4b50cbca2b151c4f04bb95274b1aabff0818bc08edb35150bc2d1753c5dbe96b

    SHA512

    da22ae308f00744260b00be90bd74621bde2f6e5d6922ad92c81a619a5d4900b10eca138ec701ad55f2383e408c37ab3434d4270f8da6de3944f0cf49bb7f879

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7af030fa00aa41b4f8ce16d02f5cd486

    SHA1

    1d95f3edff1638d262711a2a55b2c14b83a44d1b

    SHA256

    0d72549f45453157cb950b03ec775dca1a42d20ce3cf7ce6a650e9a780004200

    SHA512

    e03bf239fe19d2c7fedcb8ab24bc158b020508de34c6ca55868cbcee153f5e55f513e80553002f481ad8652c60c8822f7a0e28a9ee6876e837773810c20d817f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76ed9739c4553857680d1fcba7a9883e

    SHA1

    3515793d11c201a5763817f08fbb503cd0f92b3e

    SHA256

    0be94e9032d9eb0fd0211739e88d7afc74e615fa10a72709765c4aaa7b3717cf

    SHA512

    e6feb9115d477aa134d3caebb849223103f70389fff9776f12dc7e2fd5cefe0dcc621f72b1e5539b8b5da0bf44b150ec34c18037d0b9f7abc1fe9df01ce34227

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84c076a74178fca19c7c1530bfe574bb

    SHA1

    5fde31894fd43a89ab3bd270805e291c641ab7ae

    SHA256

    dc01a34c2a58aafe6d79c1182cd3a20ee2b7b30c401d012a0435dfff5f56c307

    SHA512

    b23969beb287cc4e39feec27fc700d51debd3fb3dde324abbc535ddda52e1fa71401d1844c4be796dfa329e29095d2377da91f818490ef7d830ce11d33fd110e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09c36c99e5a1508c94539ea182672776

    SHA1

    2ef6be1df69357ffe235b7f9cfd45a57ef423a6e

    SHA256

    70a8f85d613a7fa6016a3d9256b0123a052a9d40357e45f112f3762557fdbd3f

    SHA512

    83b7740f50dbd45e9dc8ae1d16493db8ddb356726be2277b4fdeca96e2d83b2004de8a064887f188748a5228972c93d01a63d9edc207d1dc6e81b6618f94d738

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab80A8.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8109.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7OYU47WZ.txt
    Filesize

    601B

    MD5

    d81ebf2e407eaa0393a41881097e7433

    SHA1

    9be2f40e611b4e07178cee35bd8ead6331b19e54

    SHA256

    b42e131917684464033f037e8811a6fb8299ceb24ad06f62aa65cd705925a81c

    SHA512

    f7ac0cab61205be03046bf22bd85dd519491f762a6285afc9c4639e0bfa1d79ed161a6da2b048397ead67d7e84fe3f0875aa8bc5aaefb106c21163269ff1291e

    Download Submit