Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2404

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6cc47d28c39bef8ac40d30ab07cec82

    SHA1

    da62977841d2e4a85c8c57d0d314502aa3509e78

    SHA256

    8406daf4bdd75d0e5fec5e6670fa7337397a14bba1f5b7e83b6df89a4162f706

    SHA512

    8c7cd21b56e5f3aec1fd10179256815ecbbf0e26d119a8b88807cb3d17c1959f6e647396f39d249053e81e791578dd422d57e2d89e957c46b479370ed142c205

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc8ed4f41174b05f9fa9661f3c98d333

    SHA1

    bfc34d9d2ca02887eae148f350ff45cdd584d5fe

    SHA256

    ca10809dfb9ef3fe8b3a38903f59cf5879397164733b44f8f5bd84295167b409

    SHA512

    43e12936f6f588306973c5b735d809218d3d2ea2fd5a2d18b81e111208f33492eb4755bb256438462ada47145cdac3cff89cc00dca5b79fc00ae2fe91560ae88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6ac6b7ccff31e6302077543fbfc3b37

    SHA1

    2c9adc47d97384d0da60ee3bd468a824bcefdcdf

    SHA256

    0d5608ac532c2fde5d6d71d17fbb2d7108921642ecd8b7b1bce86125644ee8c8

    SHA512

    fcbe711cb0c71d5bdde62fa1293a95a6d0d97a025eb1b20e03510bfb324908e81d5051207f7da6394c78a430c2459491b5d3cc16b7fdeca9e3beac34993d54a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae2ab893718188afda01bc36fd19b200

    SHA1

    b01ce9681670da03d01e6d1fd0176658c6f07d91

    SHA256

    fc4a78203e35b67a74cb080089ee8c1c78282354140a2b2d41d48d37d6916f5b

    SHA512

    609c5ca9e10d0930b7d518b367e89ec1fbf10d2a250b6453acd6bc0153da2a4e80a277626af25fb7c5a732eb826562e5cc5e50f988f0d20a64745f451372f7ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c557fef93fc839d26d0296a1c5b74b8e

    SHA1

    2f56edd966701814312371c0cead3a03d04533e8

    SHA256

    53f89750d120ae8204fc2c722290ad7659b61bd44a4ac2305ebc3dd8ad6074ab

    SHA512

    caf98c200f6a8243a17a4015b4425562a43c96e99ee403b0968f03471c71f3a03b4896c840c4cccbecffe87439e6638345dd57fdce89c7d36010f2c413df2736

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e70dd27305c17c7a65f349d025017f4

    SHA1

    f74db6ec8add38219395b1f097d86835163312cf

    SHA256

    9ca6fc7f678d1096419a417a9aa7edd70a9bdf98d1967b4776219d71eab17b22

    SHA512

    088c8a42ca293a8154079c90900564c858ebb40253786276b081e14a0866234f61d35e4e7d632ac9135f3f7383e034989b350660617d01a2b01659e67a45502d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    091e57932c22fe2e15cd9f91f4769f03

    SHA1

    35ac8b721a75fb5f9cca280e80c4b75adefde1e4

    SHA256

    735a55d31394b6ca6f8403f00f909d17c269ac394e9b33b9facba7cd9527c55e

    SHA512

    92051482636b53e01ad3ce95bad3f58059dbf8b78ee069f8bd503537fc7958c3f19a6e7da9e3751ccb8015229c6634b50e946ce5a3f5cc191194528e924c93cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d413aeb6f7071b9277834753148f732

    SHA1

    6b6baf650f8178b2423babff5ea716974a2888b3

    SHA256

    c2b4b1bc71aff3be95f98c93c566d00c7a647617613e28cadd790201abc0a17d

    SHA512

    b61c3c8549b4faecee5a55e5f93f7bcedcd9aec4ba5628c38a813b72938600368e95e82f3e9aaf0ce25ec07a032a6fbd5e49cb1e97725c9b322ecb2f407ab234

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a04485975193c56ba59e429076a1a4b2

    SHA1

    0a0e970d41387b3b3535213f2d48ca05b63996e3

    SHA256

    7a52c2c1c30719dcb7712bfac92843403b54a688f2edb1b9b5589c92c2541823

    SHA512

    b66ef54848e1700df03e61f345d6ac9a1ddd77a086e7c69ba50a6da6ca416a3e585f0217e36b15b55cd22fa3353bf4861374acfcc09881d161b7708f873d99a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    223acb35fe4bc2fc8c80e55cfd221cb3

    SHA1

    2645f85934a688555b58a0cbf189ce70ef943f73

    SHA256

    4f2604b203f1bc7ac5d5d57e1af688081c36faf8c1535338d96646b5bc3b3559

    SHA512

    372da2cc2130dfab19319f6d42c95ecf32f97d5aace329ea4f93f15e37d4f4827cf6504b70996a04ac1a4aca088d3c55fa5f19493f8fd027a731354ab1dca4d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58891ad846523a708bbed4ba858be836

    SHA1

    e89c0a139c6fc4769f05914bbc6d903cd8227397

    SHA256

    aa2dd6df74009512ef2ab4c4dc2853cc5d43f5441033d4309d0e322a38cdf7f0

    SHA512

    3abd2ad99eb3952bb4ad592491083027cedd8327ceeb1e37bb3447d8d63b911e8abf9166f4caeee7d3b4e6f6ed718173013654ede9b4e3f2030c1f8d1383b5ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffa59b6b617ec6a28f4cf2958fe68f06

    SHA1

    fc5aeefa413740b8c47c02025d6184278da648d2

    SHA256

    8feb5c821804a56fe2e8b65165d80a4424e32073774867f618bc37979f3b2571

    SHA512

    2bc88f959faa102fc6c958619f689c94787b9edbf854b0b0d59e4ed4d71e8ce0a2a48a48bcea5fde7a44ab94afc61319658c91150cd592a8b9b3a469a861d951

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab57B5.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5864.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4IGBPPYL.txt
    Filesize

    601B

    MD5

    433a25644c99c2e41bf69b0ef95360b6

    SHA1

    bb05f36383d65c8a52051d0a24522b8bdbdcb7b3

    SHA256

    e644323d0b1b875b6eeeed63a86a59c32b08fbd93a2930f3cae1956fbeca848e

    SHA512

    ec065a4113c7b8c4c1cb2e1e8e40d753b6a00434ca8c8623339c9a24eabd87b5d9d15b73193b0e889efa2f33736368676b1b296ec885691ccd9bd363f297cba9

    Download Submit