Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

5

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1884

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc962549e30ab8ce96f399106f4ee518

    SHA1

    d241967f3f4dfe46b99da4c0dd253cc7b0abd143

    SHA256

    71596c511c7daed31b52c9e296018c0380717e8f1e7feff0f97ae2419d7f18e1

    SHA512

    9ca8453e6a8462a98545fce6064545165ea7cfe2c30c3a33cf65924e25cc5f82bce736f00d784ca88d132300410dfd6fa7e3bd47bc2fcd11028fee627078ec1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77be19d2f5f96a88b37f7c0988febf1a

    SHA1

    75a8650348c69654eeadb2543cdca45454afd8f6

    SHA256

    eef62e5d228a37b07103c0b915dca36e42ba8fe3a852250b4aaf06949a0fe323

    SHA512

    b286a52ff4050e9f010ba9fa96f42812fb2133d094ee3095a94a050e4ca0632dbeb91b7451919b67185f07101b5845f74956889865290380690142ffebc6fad0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    622a2a38142de465ce13cb5d46b5b7ad

    SHA1

    baacfc228957307bf33e31659112809798478f06

    SHA256

    a259d60b8741199bc480d7521640deb67e20b743a328b27735871ab8173c184f

    SHA512

    7ba7e7148f29bf89959cc516feff4f5868729b17a8a522b4130c5694548ac9f7777e42df2b048420031358a24549b6447902705cf61aee839b9a5973929c574a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9fc088ba893c3c1d32e1c316011b122c

    SHA1

    4858917e3473afb909a88826f9799c551f1c8e77

    SHA256

    ccbf7f5d2462103d5cd10ef27c95f37929884d690de80e92634d15b44230e0fd

    SHA512

    877facd34e64a809d7262a26dc8f622e7c03d2ead5a4cea9271f162f802a016a7e5206c4a55252b8078a2642cdfa9a699e2498a6f46f632281d0bc2bcb72f364

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad0cf83ec0743d46127632e1ed381b8e

    SHA1

    d7457e98c2d39ec549f80160a98ce1731a39405a

    SHA256

    88fff36f0be83999a56cea2649a0262de8a34c3c063e38661c49218d67106836

    SHA512

    a5b374474a2d86f80cdc9038bbd3deeb117111e9fd50775d7b464f8515212282684354fd00508a7b87da4f5957a29233b3b23454336cc25a03f348e325b3973b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5d0036d652863d4e8017e3e1bb5d07e

    SHA1

    cc4f263108b2f51d6eab38846682cd972e29212b

    SHA256

    937f43197af2866084f31f700cba92684e106089e38ee0beeab997a37041f992

    SHA512

    b82481f923eb902ade17a326b5d5f48e82fea9e89ed282a53bcdacbb0c68604f9729edbf93a864c71ec8882c67f782dfe71111b673084aa50fe638a2209945c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53440f559e2f75cfceb497e8a64c92e0

    SHA1

    d2c88524974ea172b22ba933fb382de7ed01ebaf

    SHA256

    d7db4883103d414c373c24af79dfbfc058b22ebceec845e29847812572303cb4

    SHA512

    f692dfc16aaff54c2a9f0d482f0a70c5ddb1f3b743e2377fbb508fe9e83a13c2a3fb8388a4f0a75ea754f9dc493abf1dd09f24f54e04a068f51960d0093d171f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0bfcb2ad049caf66773ce6ba712e3fc

    SHA1

    9cbbb76a393d22a656e20542a440c12de87d6e8c

    SHA256

    e68185d26b12c0c98263c6f09cc534b9e302533ad2cf17d3e44da917fefe31c6

    SHA512

    295e4f422de71c040ccb58b136840758ca0304ad701d14033222e45a210c06f023a113b4a773930e98d0636ead41461b6c0f1661461fea17586f05a873d7b585

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19695354df55b6d14e07f9ec1abaad23

    SHA1

    5f44e17cabe4c812a4cb5937bb29cef765253507

    SHA256

    0acf5541a8be5084cab88656dc166930d8b70a7fe87dbf51c412b6d9e0a6f156

    SHA512

    aa04366181eb7a9fc39f22f79cfd1c37534e193b0bd0198b4226eb3d50d40255c95ea59197f437324ff8b6ae6d32901421e3971888f1afe2ab0e324ee74308a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab53CF.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar544F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UMQ50FTI.txt
    Filesize

    606B

    MD5

    1ef6ea024434a2079d060a3496fd1781

    SHA1

    0c9e6d86eaca3451c40c5b9288388d57bb3876da

    SHA256

    1b611c0b5b2f2d228ad40e133bdb4d35b584bfaafe0ebfc0e3cf03ffb8f6dd2d

    SHA512

    1645ac7d80e4c652ad687cc73c304bd86892e34c1c627893a44b87445211dd738a4fe694ee1911cadb34679ed090f75079ce13e7f4904f744ed9779fe8ac1a7c

    Download Submit