Overview

overview

10

Static

static

7

AntivirusA...-1.apk

android-9-x86

10

AntivirusA...-1.apk

android-10-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

5

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2023 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    myps_policy.html

  • Size

    53KB

  • MD5

    9a447d84da71684c5c571999f23ea7a0

  • SHA1

    7d4496c5a38316c1d8c7abc93e1f0a5bcafde1fa

  • SHA256

    243bd76153a8c1a1dfc9132afce1a796770dab63b1ce4ee725f593dddeec4358

  • SHA512

    05f394e7681243630b3f1739306fd5beb6677a57eef5f36be847918f9eaa296eb50e3052afd4eb844f933345e9b972deb95f19b20aa46ce15039600edf1b6340

  • SSDEEP

    768:aUuR+6hRBH0+xPZV+YTSFlgK4yFMuMveCn/1N2aj7wlDtXGZ4nKdW3q0C5kubKzt:ruXPZVaMvz7wFkZe3qLc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2360

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c343fc772fb6f842032af4a8de7c9d85

    SHA1

    c8a1f2f1bfdb6e01eec6c45e696698f01b376cba

    SHA256

    1a6002079a58be634b37d49fe02cb700222357dfb81b8e8c2e2f21f9ca123d65

    SHA512

    7afb9d1bf1d98bb91d2ef98fd9a55432934b9cb2a0d70253c429b84827757b0517ef1ddce6c0af01636c16be8b46f219ce724335b7abb9be86ec6e6ab3535b0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bff98c4ceed6a849f8145947eb5b7ff

    SHA1

    f3f8337492a72cc14cf111feb663cc6d30e391e2

    SHA256

    547c5d63aa87ba7db19323dc799295036009ac3b191c1e9c8cf68d8eef9ed672

    SHA512

    871aef0178b15fea3fc4d8c9923ba7817e2f0a625e11962e27521dd223132b511691dd2cd21980dff2b85cf7629d58f37c956c8d477fac70f524f7b82ba761aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d85c077b5f0d8abc45a6e58c1b0cf7b

    SHA1

    6626aaef74011c4fe00c04548733c05a342ffeda

    SHA256

    c248463d5d474db81f7bfdd9d29fcfe105c0fbcecf5ba3e61ca49c280b1fc748

    SHA512

    257fdee8cf2a6c10b174290e75ec59fd152abc5dfc5cbe3f1ca448e462f8beebefdffc2363eb6750645de1e68a620bc185e009727eaf6a437be03edf42d02ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f5fec6d1745ab432aec1f52ba1623a9

    SHA1

    001cac26e04641a92b726174c0735db350c407f7

    SHA256

    3cee57ca502ab92788b102679af01f001b162ab8de9bf28b267d45757b34e25e

    SHA512

    42f45d19d663841afb905f7f60ecf36d7795fb2ca9fb7b92e6840711421021e1191c986a463bfa902958154ad8094e96c09a57b378c8ed2e30e10bba4fa859d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    504bcee403d5fb0822223a752c134439

    SHA1

    93e4b398ce259fb594d66038f4cb8e1e8c2adac6

    SHA256

    5bc3355e2098e8829cfd0de22c787bb278b967da4ebe0cf754a2fdfe24c45cd4

    SHA512

    5c9c9dcf6d8af4fc692231a6e2c6499454a9b34227c67d8e97dc7c2f689518bf254409f72b9df099480d3e2178ef154906b5d27c145ebfa7e9b533fb97c713f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a83459ea421fbed81d740fef5994020

    SHA1

    de8d0bc938ee3a843dc224ab4582c09225b015ab

    SHA256

    86e5bc56480622ccbd267daa21ce753362df59ffa91712480660f161ccf20ce7

    SHA512

    b2369279359bb26708b649d02b297d7f9fbbe1f68e6d3ea954d695db257763e9bdf621fca774c09cf95cbfb06a199feb6da73f0bea31ff4f539c052551a6aa52

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab56CA.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar573B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W9FI41BS.txt
    Filesize

    601B

    MD5

    f762d077c0c3c6c92ed55104eb2dd1be

    SHA1

    b8d278b7c417c25dce86ab5c7822433576b037ba

    SHA256

    9f5b6d116c92f8b55f200879a125a7910fab2abb4b8682ca0b3fc08d080bd7b5

    SHA512

    f15db05b7bf41f603def4d64747384b40a37ac13fb3b65fad5f1ab5284d4b9eda4ff04d8187514bb58df9a0a9fe207e39ae81367cc4970a7ad3f60d4181a4e51

    Download Submit