Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    policy.html

  • Size

    34KB

  • MD5

    5006b2ca11128f570cb0d02c472f5c4a

  • SHA1

    4bc29748b81396285f6df954efb0d708f73025a7

  • SHA256

    efd83e19fe889b7af1ab18a31cd519e27eaf0abea42975a82f15afefb272f08b

  • SHA512

    c761233feb68832ba595a06b18a889a5a79c4f8305dad5c1616b0d88032e2569c95e0d415c9b8b7d4e2d519ef0eeae590d26ffca386cd748d1b015932093a3b6

  • SSDEEP

    384:rWnYCJu/yJMBAK/c9Yn3Y+9X01uLp3XPYsTmem6bs7OE3YZVNCmj1SYSr3QPRz:2YwKY0v9wsxfblEEnx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2392

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    710fd2d9e563efe0e151dcfe9ea6bcb4

    SHA1

    f568b50874183199fbd709525a26b5b842b19120

    SHA256

    663210a483516fc1ce56082f7ab960f2f6be3d1ddc4ad081bc114042cc45b3cc

    SHA512

    74ab614205d89a779ad917419f383bba50ef1906469f282a718f666dc01cc3a4413d8894dddbc81fd02ab138396d249591720aa55b9a587a5a38ee3c6bcb4144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d1b2a8e44c87ea7a81397d3b86f0b10

    SHA1

    3c322752b51f247226c209a30b3566723c4e29c5

    SHA256

    2f0923f179188ff30adaaee8a7a275d1fe8b391bf9f85037f7e3473b30ad178a

    SHA512

    31c59575f57d039c98807a58fccc79683f5073c3fda3e9490c52f96df0972bcdc9208aebe1003a6ee9f18f8826221c937f252ba262e99c2260f8e8cf3b16ba7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfefb183bccc030b1e747ae37efe61d1

    SHA1

    835ccbcf8141c97bb147814b237b9654f05333d5

    SHA256

    c8191e868232399811fe6cdcac78ef4f8148587860f1ad0cd22e6400c2e98a27

    SHA512

    ebdd400ba04a1c3209e3b779bd32777c83b13401c696ef843424c81718ca931c33b5796ff762d277e1eda16bd5ecef0dc031feba7f3439d3a8b4625751a9fafc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e79812854d46eb49b197438ba18cf45

    SHA1

    6ea78a37cc8a547b7e653de833c7dbf167e8da3f

    SHA256

    b73576bb090e0f1aeea0e5201663ca7347fbcddd5ee3fd3a296be6f238cf4048

    SHA512

    198d6924cf098248aa7b5d7c6eca4c665bbb4616607c08b6238a65b5a5339f79ed42fda4342c74a60fb5a37e441a3e929d1c819ce80a122e359b33b5aeb28ad7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    621e890dad8b4dd60d78afd256ffc48e

    SHA1

    48d8524731b78793630b3f059fa5c79b84f2fa98

    SHA256

    c56c15c5cd19ed6b39f9d043cecf67758ac85b3a0c7f5110cdd16336e188f178

    SHA512

    cc5cfbe28e9dc0cb403a8f929413a005bd5e611f075fccc5db14ac3add93bb996055941777d209b893867a8b2bb194cbde5bf42735c87ed31f40cba04cd56af8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1fbb132e0dc3632898103df11419d677

    SHA1

    f0cd7b879a0817040be76b1c4380e4c2a4487829

    SHA256

    3f19d523dd4b8ddb07e266deb10b2ea1471283b329de92a405ba80062a65011c

    SHA512

    61b8b06b38c8c9a4ea63cd6c5027813ef58a16096b71238545f0e130d8daf32356712c2317b084df7183d8fd395c98d6c7e60c34f766eb2afb945097bd621929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1fbb132e0dc3632898103df11419d677

    SHA1

    f0cd7b879a0817040be76b1c4380e4c2a4487829

    SHA256

    3f19d523dd4b8ddb07e266deb10b2ea1471283b329de92a405ba80062a65011c

    SHA512

    61b8b06b38c8c9a4ea63cd6c5027813ef58a16096b71238545f0e130d8daf32356712c2317b084df7183d8fd395c98d6c7e60c34f766eb2afb945097bd621929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39fca72ca4b5ed64efb8c9b846cebb06

    SHA1

    bb4c0e796c04239ac58acd525d4229d2dddbe54a

    SHA256

    0dafb4606b72d98955cc0ba3c5badef80026eda64da34b2f67994cefff23dc6a

    SHA512

    791355225baa7cd5c2333612583b3aab421b346cbd51ecdea68aa106d9166977d8984140024c3064a9676068952ff75a1a5c311bb0d19b9ba86855c841747b9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19a0f74d3247c309ebf5cdcb63538456

    SHA1

    69b10fd1697748e87b0ac4510e2d09e602e4d101

    SHA256

    b7b70c3505c01d6c05f4a7126a7ff17193647f657dc99a2813c8d1a6647cd24d

    SHA512

    f37f777b14ed732c0f5f53e34de313a1c6370323e4dc4d7e04ba0104d1ff13f760225d777cb863d92be202ab223669a31fb998226a7f5b20e972fa8004589377

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7228.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7259.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XCQ2K1V3.txt
    Filesize

    601B

    MD5

    dd12bea0b96f8051f5033b709d1774fe

    SHA1

    1c0dc8376abd67475adf23fecf82491c785f00b7

    SHA256

    bbb2894a4cb600ef3f6f5046d7e21441277662485d8fa0cdd8b6b9581bfaf1a5

    SHA512

    5067e8c10c1d26927061618d016b712dd20f11a0c8eff2fc9d6fab80aa51440437f08c600be91b5a545efcc0a42994a3dccddcd503e9d384fd93dba21ff522af

    Download Submit