Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

5

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    myps_policy.html

  • Size

    53KB

  • MD5

    9a447d84da71684c5c571999f23ea7a0

  • SHA1

    7d4496c5a38316c1d8c7abc93e1f0a5bcafde1fa

  • SHA256

    243bd76153a8c1a1dfc9132afce1a796770dab63b1ce4ee725f593dddeec4358

  • SHA512

    05f394e7681243630b3f1739306fd5beb6677a57eef5f36be847918f9eaa296eb50e3052afd4eb844f933345e9b972deb95f19b20aa46ce15039600edf1b6340

  • SSDEEP

    768:aUuR+6hRBH0+xPZV+YTSFlgK4yFMuMveCn/1N2aj7wlDtXGZ4nKdW3q0C5kubKzt:ruXPZVaMvz7wFkZe3qLc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28a812074e50d5b7e95513bbce18bcf4

    SHA1

    6885772415a79649d82591a3448c0a1714245c85

    SHA256

    65f6d31eaa561f3e4c8d513c1c8b54e8893317cd699a131afb2c0ee49296ec6f

    SHA512

    6bdcfba273260b6450dff20348691eb403a4e54f24b388412028d51965b9ce09347ca1fd7330bf75fd2769363a3da17bc239a7943ee1a37b48d0e8853f0bd3de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18fe4ab835c2c595d863c75314f6daa3

    SHA1

    dbb5e3fe7b0df9729445947994caad1e881ce57e

    SHA256

    2363673266b9d735baa6856faf67da4f9ebe4d4c7f0b8b22fc4d12064d87fa15

    SHA512

    51c85544f752f37f662520990c897cc60966c787299941f8a01421e525838a2b64f59ae12421d5a946a01277a02c2545af26378fbdbdaadf914f02cd9f8a5540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc736894aae49135f764ed2cff3a0b71

    SHA1

    6fe3265240c0a3d5a8946ad11914f33722877626

    SHA256

    fc2a8906839119efbc5d068574d49f657bf7493e19ec8018aaef2471f56314a3

    SHA512

    5089db2912a0a0d0a456fe1c25975e0af12a8df8a8cb1f92f3d58e4a1e71635980ebb47c6aa3882ca377b43ea2c1c59a3654130b066a2437cc37d1db57220ed0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    528844331785d98f12b178a962f80921

    SHA1

    0e3a709a019573a211fe1716f2d8a72582f4555f

    SHA256

    b0954c7193e202472fb62814b079289b3dc652ab7b786621ca44e442836f5fde

    SHA512

    4b2e707c415476122c4a61fcc8a36513768a51feca498a69cd72d80e68d23cc8b03ef259551c323198a97dcb0959662a34c7e47f09e683ffcf4342cca34e09cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a4327051b83005828da934f3aeff8df

    SHA1

    b4ffa07c71100e18f3d927f60d380b0b3acc6970

    SHA256

    f0c077dc231bfc7c117e2cf448bae745def9f062f834136b2f0b41baeb432b53

    SHA512

    981e90e70d697ccd9acb4c0839f73337fbdf63e5e8a7799506d2fe33d420fcf6c94338ab2fa5b89b2246542b530d56a9ecb15327e69303f1956e3cf99872edb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    269422b9dc9d03e7de30379851141016

    SHA1

    0ba06a0351b7057017ba01d1fb376253517637c0

    SHA256

    24fae29c5a00b5c3b2c8293fe3ffdd1d0b8d23f775bbdb4a69843c4bb6e27aed

    SHA512

    6e87a2242d2bb480eff3a6738f5e52c37380f61ebfaf71da2776882541cacf16066ddad8940cb7ff5390c4bd223a4f0955608174183d56f222597b9cbe54a64c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41d78dc558a54845169e1bdf3b5bae37

    SHA1

    994024b661a95998ed0ab59f556c7d36190ecc2b

    SHA256

    04c3ad6ffa5ba665a5cc88fbda204bdfb49e08d683e115a52033b93942c07fe5

    SHA512

    6842d7c5f8156bc67ac6957e7608841b21d22f6a0948958a1d836bc2f690529c3d84ad684a1c2df449bef4ec8d95f6c2d800bdf150e0b6b11f1fb22931480b40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ce37ac4c0287ed7bcebf6aeb783f3e5

    SHA1

    af882bd2538b215d06e27668bc184457809565ab

    SHA256

    3390763ebbe0905621f640be6d20fe8b132a6d71ecf3ff35ce4967a6b9641a27

    SHA512

    830b787017a69f67392957f0e8bee2dd026bfe3f80b4e1ebfded9da31cc343598c8fbe4a6663ae9ab871695dfc44c6bb9138e461ec394097d377f0ecf3aaddda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8d95f62ce2136b9c8625d2557ddacf7

    SHA1

    0f87b12426d3c2510b13f240ba3256557c725574

    SHA256

    6c83668c30de8f05b72860d763bab59029a194c7ec200871f0bdc10404f4ed7e

    SHA512

    5c46f7dbbe56b3590126b005f69db889f55666e5d75b4cfa62575eca37537f9d50d59724c391ccbb48602affd24a6dc002ad450fe8b17fda5175cfd7db678738

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8383375284e703dd1e47f670bba5868b

    SHA1

    53139bde0913d22835cc9424bdd26ca854223c6f

    SHA256

    a294c1eb998e8d56700b9863ca108dd6d1b56962bdbf834e5c681be29dd67937

    SHA512

    126064b89d08777896dd6c858c3e317e5be7ab4884ed9d6e1eaab86f1861130632fc7a42646e16486a33b49f5b5048e9b66b432a6eeb972e42cc660921f610c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM3TD3CI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4211.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar42A3.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XQ638CRK.txt
    Filesize

    608B

    MD5

    f59ded8463b1554d9ff6f92dccacf601

    SHA1

    076a10626a6211f340bb48aeef0f390ec10cf74d

    SHA256

    a3e588f42918ff03de666b57957c91851863042d4d7e2cb013b2d6e3c9b015bb

    SHA512

    c64e8881c30e053cc4f12cc3765af6d10eb4374475ca9eb6d21c2216d8d23f4c1511af622a569b72c9afc7d20a23295717fb884d161272054bda75044cfc3159

    Download Submit