Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    disclosure.html

  • Size

    21KB

  • MD5

    57e2258020e513a0c7de0b0b6f1b25be

  • SHA1

    5fd0cd13ee183d294cda93b6b2f4195b8859f3ea

  • SHA256

    75d64bc17c8091c45514e8f4f5f14696953d907e67801711b9ca36edfc6ed84c

  • SHA512

    a435c0d5380ccb075edb1bc16d549c2e7f807bac521540fd4aa6159144e626585ad860b9f22723f63a4c9490d008060b3e2aea3a94a3eb09ffc504bb2aa06a47

  • SSDEEP

    384:OL93PT4oVo91UslHycUEYl3Kn1dYs7ZAlVtPRR:M4H15bUa8w+l3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\disclosure.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c63b19aca43966ffa861c083a776fa36

    SHA1

    93d1e5309e86794f18f9c68215885f3d310a3c83

    SHA256

    0573aaca1f975f27ecd086f627e1128494d43e280e238fe5db7528c3d59b24de

    SHA512

    ff81f1e679d921a65c989e1cfcf6e9736de3d3c5d1f53ca295a9ab4accc22104351dc946b36b7e0890765a5ddc558d8d23d3a1f5012d1eec908991b290b28cdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e382699f584d53519eb5ad3dce545ecf

    SHA1

    1c3f72d21468b0f58e14f34e21bc740d95ce9a4e

    SHA256

    791e68e7419e3a94bdf4b9dd2109af0fffda9f9087ec6dd0b9523b5cd59b1a8d

    SHA512

    f9734aedef36a93d5be88bc2c75ec83508e579ab261a79e9b4d64364d392d86060ba29e2eb78cfb15e3ed50d1a49afc39f84ff8ddb8832698ff14c34f8f2aac0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbdf487eb7ee0fbcf09bef5afb5dc974

    SHA1

    ca095408c5a8341f2fa39d428def3a5ff90c992e

    SHA256

    226878243c9525c145348a187ae733d91bd2e824fe58a72edf60183e976afece

    SHA512

    7264fd60ded5b01073695cd9fa551d8fea0c12a1c1fe5e0f661e90bccca643dc04257fda964f953eb0c849e794422fab1c76cf1aad74a172a8c0c92a8d30d191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb85f02d188235b46f3cb1bd9cb6a0f6

    SHA1

    30f2eb87381e73ac1332d6988e32c45e7cf7d0eb

    SHA256

    3aaaef84b8969b3c51b2b7cf66135a5bf096ec83f71637969961aaa812397fb5

    SHA512

    abcd82b7685c89500c7d8853997b9e33af4d7f5eaa2a136db66c6bf6a3dfe28ea6ec68212eeaca9dd095b50289c9e66d12dbb06bf9ef5e5d61f3adaec525c1b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    636bb3d7be59782cde0f5ab4fb0a00c5

    SHA1

    ce05ed016dbe18d0d21c13f2a43183ac6ca92e8f

    SHA256

    a05e28c08aa5470d2671e0182d1c3bc1c71dba0c8a280c999b59604198f9307f

    SHA512

    a2bac9049c260d1fe9c6e88db16cdbb4d5727134ba6873f760a39a67adb3090575b67579daab6ac58149a70aa129f0d9571aa059eb9485e28cabc7fe90b55500

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c53930aebd7468e0d424f2c1f445dac

    SHA1

    04a462d80fb53d1e0a13a77051db617eaffd5266

    SHA256

    d27de9e8621db8a3b1f90d68e94e68625d3b2b2b84230487a30892edd2c7f5fe

    SHA512

    e21b5e59e5855742ba603f2872f7dab787a73df9e77733729465cad356263d8501af4ff9b5fb5424d84397ce63781edc7fa5720f4c9bc5be4b283fbc4637bffc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb06b0c1cf716eade4d87f424bba1308

    SHA1

    8d566351b5d0fd6020b8c80668a2492b0ea6371d

    SHA256

    fb296dbdf7cc98adb9880868b250a0ce5e5e178ae8d0677719921bcdd92a39ba

    SHA512

    71973bd8094c384387e5dee81f55258bc519450c6be95d55b9e33b5abe8e0c7a06ac1ce755bbc9bd3bf1fea0e54fc9c9a1912d4cf1654a95d9cc2562cbb44de1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97107734516b10462ffed75da0ed3fb4

    SHA1

    d55e593e4c0935f03acc597cc166e66458b14d53

    SHA256

    299876a11f388b7baf4e51099cff749f66ecd7fdcb32185eb0e9b3f7754d3c48

    SHA512

    659ea9981649989e166e8c4ce8e11d84480bd345e8774e06f983a114ef78224dea9587b4e161f8fe987274ee108a64f82e1f75701f2c399950908d3c18f8f153

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8657ec752f565f5072096b4ce329603d

    SHA1

    f35350ef78c7537eafe7a390b53fa4209c2ef513

    SHA256

    f6123cc1be8959bfe130339a58fc2a28c2cd77155e9bd1b5c207c9226a8364f6

    SHA512

    1d928c51ff2dedaff5872fa32175ce2286a070a769f254d0034a30a98ea0ec9969c47084c013c37177ffff8ffb779e15e2499ec76d3e4f95cc275c7323d4705c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZEULFN0\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab48E5.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar49B4.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R0GBTWL2.txt
    Filesize

    601B

    MD5

    8f638c7ad0e2b26aa2fef2de68833baa

    SHA1

    f07e978a2472e18c322a1f70f703c58b1350d518

    SHA256

    10c00172c71db5d80ca9224c6979d4e4da8cb70eb952d2c0a0f882d87faecc76

    SHA512

    3f90b6aa66a23a8d879c5031c960ec57c7b3abe86154f9c0c8ff270d4bef9e9ba5f445017ab2092c899a3a50480a9e68adf9c5f115c3800ab3fc1aa4128858f3

    Download Submit