Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    disclosure.html

  • Size

    21KB

  • MD5

    57e2258020e513a0c7de0b0b6f1b25be

  • SHA1

    5fd0cd13ee183d294cda93b6b2f4195b8859f3ea

  • SHA256

    75d64bc17c8091c45514e8f4f5f14696953d907e67801711b9ca36edfc6ed84c

  • SHA512

    a435c0d5380ccb075edb1bc16d549c2e7f807bac521540fd4aa6159144e626585ad860b9f22723f63a4c9490d008060b3e2aea3a94a3eb09ffc504bb2aa06a47

  • SSDEEP

    384:OL93PT4oVo91UslHycUEYl3Kn1dYs7ZAlVtPRR:M4H15bUa8w+l3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b4314ad0a8562b984982fb80b46d8e9

    SHA1

    8e4a9b47492bac1edb189d6d1dcb8a5fe688c327

    SHA256

    cb12952669732616a5dab21dc9b1aa01ccefd4fff573094ca23792fe6dbb4424

    SHA512

    846484a5c8ce83adf5d8f5e15a15ed6b935ff0fc5bf34a4da861a5ad2962bc880af5cafa6b2a01a3a18270627ab2f6c6e749c329281994140f8d3acf9de74d5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e54a58c09442c450ebbee5b9fee2c160

    SHA1

    25e6c5026ceac3440988c8795c6ec071d72d612a

    SHA256

    d6876e2fd0a7aba3709a5ebd55a44598a328eb9c2feb0fbf3f99576a126ba37c

    SHA512

    23e9b002e8de127c4e5a09a4dfd6a81a5f3e11042c35ae5410969da7af5ee46ed0ed8b8815e257087b17277345e80c60d7a1268acdd52170693db324d3efb6db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5efee86f288823ec0a73afe7bb4c35f0

    SHA1

    faa9b54af59607dedc47a042282cd6d0fe12c306

    SHA256

    7220026a80076409474064326d87801e13f074b64cb381d1e663cc709ca8e865

    SHA512

    a07edc955951366c0b02a94b20f0886d9a1eb95da2b13fa7b4d6b121d7866561ef9a051c6b85b5ffbaf37cfa302a819e019e79faeb9d577b1564e765b29c29a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa8de6748f2223a274d04885ec99afcf

    SHA1

    1a3e01d59537564f6e85600b0dbf31578fb831aa

    SHA256

    a1846fabb19bc2599b67a718317295a7b8ada59b8cb9eb7b9cc18e481e93bfe7

    SHA512

    45d98e9d7704b6473df9330f96ea83e9a32eb008c1bf8c5cdbbc0d2770fb907b5f3e96f8cc72c08c75c16d1d666331df14925e4ba1de9227f3607807d4f8443b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d120201a23a310d8f0449ba8dec94e83

    SHA1

    8932e6b101f2ada047198a921ed583d7526c3bd9

    SHA256

    739f12c7e0483c42d93d8034eefdc6f676da8c0b276cd130dc7baf0ef0e592df

    SHA512

    0fac7e945fbaef7d04be6d116fddbb8a2f09b0de197ccd1d545f4687f9c122c4dc08baa0274fa3147f002da8bf3e676dbd114576a20ccb59b9c51b3baa920470

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42f159c3fcb6a5a63ebea9d1cf1ef6a3

    SHA1

    68bbdab2d581e9bf85976ed7c3f105fb9e4998c2

    SHA256

    fe2e24ec1f5d468d64441cec5ae2667c133424aa5b937373e3266decf5fe7fbb

    SHA512

    64e8cd18d264e6b87e40676217ff9d70c295b4dc4eac5dfc3d3919278e1276db2766723fbcaa0312f5ecf88c725d100ba98963f057ff2d7ee8d6606fc552fa48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef26706182fd9af6489937533aaa9900

    SHA1

    3a41b546047e35f43e5afc75d5e8ff56af13f89c

    SHA256

    f118a48571b809ca689c6a581984fa3837d366ee91cb887affb0df88a83890ef

    SHA512

    4185b1d9eab8af6159bddf3888c620310d0f89570a05e3a859e6bb97f890ed20f166ec6a1a2bd809a80a766fb7fde9cc728c058de03f4c2b22afb4da539b66dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA539.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA599.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HXQZM105.txt
    Filesize

    601B

    MD5

    9b7270d8a2a7e3e6ce166c1174a490a0

    SHA1

    d795542d0a18e14cab8fd37df202b6c521a1999a

    SHA256

    d561c24d524afe59bc315f3af2ec2a997b1b1d1a49bddd3649bea7e862cb788c

    SHA512

    fb353e35ebecaf60edc15b387c11d0ac35b30a9a677701dbba34de5800714c013594b447c8d679cd44ba7cd75561d2a51de0d79cfa50c6d0265ffe339c2adf51

    Download Submit