Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c866d2a9901c5575211a4d2ab3cbffb

    SHA1

    c3152ce09bc6484682966b834be1c251ae94448e

    SHA256

    d0f8119344909de7c56838387dddf5dc46ea299d8d4d4673b8eaedc0f8f55a4c

    SHA512

    7cc72cbcb9d864e2d40a2abdd99e9de1cce5a13c78f24fc805fe8df3646c80f198fdba2930c65d3c9dc02401a2097bd720632bee34f8dbcc6b4bec5e2e9dbb6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5785e2c0b2fb563ab6e554945638202

    SHA1

    2da87289de9cdd3e649a62d94eaa190bfdb4b3f4

    SHA256

    1f6c8e4186f75241958b15f9a0de801332697f10b130b23766f468a0828ebcf9

    SHA512

    f5871ae32692a6d9ab93a35d5bf420417ba206434e7845f753cdb86d49aadc5a89c50d5502ad0e252584e4769c70cf1a259842f8eeab4bd061e6c6a77cecd739

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fbb0c370c83891a7e6c4487c6ffc7e12

    SHA1

    4eb764b05583edec2c21a5d189287fe232ae410d

    SHA256

    35d56505b8cfd3abd7f4f4f3739e2ac8ede90838b86768078f97c5adfdcfecee

    SHA512

    2dcffbae1fe50f366512585ebbba0907a7990937a61a619327e3208c6253440eefae1f82c76fd881d24994da8196c50411644b6fe2d1b209794dfe378adc115a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d51b915174c7b63fe44fc94e7ee17011

    SHA1

    8456a7b3fbd0e2798b57269d350b01758f989b8f

    SHA256

    115ec64e679fda097f76d0fbfb16fc70a140cd559ae8ffd94a62c6497fca5913

    SHA512

    94004f383088b7da4edda6d3aeb9c438b0b4cd71a26c51d818345567af4f64d7f2150ffcc5b0af06b95a9b6ee47f9cee80043de76e0ac015a874905272394c7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69f37ab40b42702cb73c2bfa9d3f6a27

    SHA1

    8f959ff9c841193fe2af71aeffaf9e02e824c2d4

    SHA256

    6034740e6c4a99393f16af0f10e4d988f60b732147c0963c781859e571cf76c8

    SHA512

    06fdb251bb18bd1739985f047ca3ed607b258573f85130ee6fd1825f6d2d1704b562ac7ee3715d184507d6a27a656615fed6dfd1f7ffeb69fc2c197f35f69897

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8dd1c3ff86fb964fa017d0950476af69

    SHA1

    017ec2246ac2c88511ca41878585a0abb21d05c2

    SHA256

    d79166aae39d9f23ca594e2bc1737e98be561fd450792c8e7742f54e29529bd2

    SHA512

    8346f8ac2983c677494cd792db183c95f880c038ee274d9eccc1047892700bf441da0c1d6ae247343a68fe908dec5c00e09759ef23ccfe13a483777902b2f35a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01c8f46a2198cb336f78e32f82e5ce0d

    SHA1

    921c1be1a807aedf5e7f45052514d53ca849bc21

    SHA256

    fee358ecadacc27f98fb9e13307060e2a449c857768245d096a869cb36119e41

    SHA512

    0fb963c74c7b8691d06440f4206c164eec57c42b77955b8a30aabec8ba33bcca2a97d2419014cbb566d6a16a935b7f40a50b3a3a2354890f7348849190651206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a464f97f8449e157b2860a33ad541cb

    SHA1

    07c806370d2312722478b10d1611b994a5b085bb

    SHA256

    22a689401471fb3e39d5743f4d18c68364f8f0dc0b5a3f89095ecbc78c64d4b8

    SHA512

    75de5d5ffa60666db8bd88b11bb6a3d20fc77d87fab568d509c7a3ac821431d3dc5b16b62c30e85d7d6fa8881ee27bef7af7543ac24d78876c22cb510e34f918

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84de2ddda543ef2f543f6fa0a6ba8ea5

    SHA1

    5dc545904a4f55bb9fa37f0ca2ec8f34e8cd4592

    SHA256

    f620d8b03adab2511bf49b4c3cb83e6ed9859a3a2166256182c0d79ecebffaf5

    SHA512

    43d7eb2ded44619a6a6903a716c9144932fb72e8a54d30503ca324f7d3eb5bf60dde01687085394e381629fe9ce4d2e9ed645308c71b11ef698b20e9d5c4632c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cab3dc33dbd5a0a7ab2f8d74bcb7685

    SHA1

    d9019f3747f9ffe06b46157ab255f2f827e4e8be

    SHA256

    e840ad1f865e5416190b65c40bfc9afdd6c582f7f429faa7d5d48bd222982dc3

    SHA512

    c4fcb8caca44b48cc4e5e838fdbcbc779e34ba54e3d15a0ec7396f7db0768016635d0218144f02f46101cae30cdc0c4dfaed82faa0c754c07f3f13f83956b031

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4a1f307532086216cdc240b31dcb26d

    SHA1

    51cf541719fb4cbc05296278d6e5d1d3d971e9f0

    SHA256

    2095eb7d5edb1eecf062f4b91b2ec85807a9c4d46d913ac4bf498084870fe16f

    SHA512

    7c1bbe72414cbd0acbaa90e38610e766b232f6d3c18f946d6003da77fcc22112263faebe9d1d30ffa9912c949682fa8865401e190163a104fcd3e16389ad56b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM3TD3CI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4196.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar42B2.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NEP171P5.txt
    Filesize

    603B

    MD5

    0718f554cd766a7c90f330c5b9a1b15c

    SHA1

    5c9020b94126e603666684ec323f5b3003004001

    SHA256

    9d3daaf9a4106747a014b6fdab80d9b31f47c70db5a1f4d9fd793c354a20e750

    SHA512

    72c89c977788126280e9fa74d2fb1ea585060924d15c0f93637cc7edfce636306d7da54d80a88f90607fb63cd2dcddaca93740cce96966a6c00c966b7b8efe23

    Download Submit