Overview

overview

10

Static

static

7

AntivirusA...ap.apk

android-9-x86

10

AntivirusA...ap.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2023 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    myps_policy.html

  • Size

    53KB

  • MD5

    9a447d84da71684c5c571999f23ea7a0

  • SHA1

    7d4496c5a38316c1d8c7abc93e1f0a5bcafde1fa

  • SHA256

    243bd76153a8c1a1dfc9132afce1a796770dab63b1ce4ee725f593dddeec4358

  • SHA512

    05f394e7681243630b3f1739306fd5beb6677a57eef5f36be847918f9eaa296eb50e3052afd4eb844f933345e9b972deb95f19b20aa46ce15039600edf1b6340

  • SSDEEP

    768:aUuR+6hRBH0+xPZV+YTSFlgK4yFMuMveCn/1N2aj7wlDtXGZ4nKdW3q0C5kubKzt:ruXPZVaMvz7wFkZe3qLc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\myps_policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2400

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6c76e03239c87ea7c432f283dba2329

    SHA1

    5b5b9b7db3d5f5bfd9fd608a578ea4b634aa228a

    SHA256

    072b102ae48b00134bed7b5be29ca5d4b689c6e68b6acd65f4c57bdee51dbee4

    SHA512

    270ae512a20e305ff5db03db7427d5165a05f797b8763e0d5add2ed4e81ca3d0d443447696f793cfeaa3e5768ef7f388475062c3bcbe8660deb4649feea383a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    363205fe95db3145eea3b13c69615bd3

    SHA1

    e8a8b4f3fc045d453707d809b7bbfcd14cd30cb9

    SHA256

    38761a4dac2d6d261afb791c9aed229ee00bf5fdc932cb94359fbc8ec0a3d2b8

    SHA512

    c131a919f4fc0912862d4f68a0d2be351b74b1f2be26de302b764449b58381b2c68ce8789c8267aeb820251411b8683be26e3b31b2460d26c4e10b28a04beaaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0ce92b217bea23f676f0798266f02bc

    SHA1

    75741d88247b5ce20bc0a58de48160d6184d6e5f

    SHA256

    65690f012832fed8013466872c67dfe986a9b8b37a54448660b2ae8129b3d3b2

    SHA512

    2d67c76dc708bbf4196b89b05368a4332ea05c42b25bdb1dd30cd93ca5a639a2b85d693bc7b637cd178ac49c47feb3a5c49877de5e3dc5315e8bae0ca8e6f42b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48f37f5483cb1d71cec75d884db99069

    SHA1

    ded068116c12d6e550c0c5c1e8bbbf8a60031961

    SHA256

    d771dc261cd1d9f925978fe89753ddc6f5f51ac15d19a166f72973c3d6395d14

    SHA512

    8937c56f2d88f8d0582e0d93bc8d7f6a26489bbc7216707d961b8bf7b736ad3dd6980e95b7fa295723eba2cc0fc7e9a2b35ad7c0ddd09a268ef71ebfde546917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69385e7630f5de60757e9c3ffcff11af

    SHA1

    4be546e3677e1242d59d8d529b4c843201b90a6c

    SHA256

    0c5d67d957b8340927b10609764eb269f2098163ef0d8cc07b2e75f482e715bf

    SHA512

    883533da3d86521f1bc879bc54b54493bc1a84311e878b06ed50c190f2fd863546ae84ffa1023b6013269f4b506401d532f0a910b6653ff03748e525cb55b0e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab9c78d2ccb378537a7ef41a818648b2

    SHA1

    493e5825191a6201a8d450547b0a0a3ca2201ab4

    SHA256

    7f2f1484f3b751d4bc7fa180344e7d778666f42b7c217d0c0b0c77eff5c26a1f

    SHA512

    19211d9120a2f356238452fa1f998fa1c7b3f480884d829de792470ba33efed7b0c96bf1f48766e62ecdbe65bbab408163fd844dc6845306acec3482d750c908

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55638f6173331cac535866fdbf64e8f2

    SHA1

    8384f92271f0097fa87783a09043f40605db5750

    SHA256

    e361215ac60d1009f66353ff007ceeec1efdd2109de299537159989113d0dd68

    SHA512

    04d4700ccde5ddc69578c261d3f0895de8c89533367b2aaaa21eff11fde2db298cbad08bf9b863ddc526b42a573950a346e0bc89a360f7bb0ee6d326d6e81baa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69c5d5de79bab91db99182be7b20c280

    SHA1

    905ede1d1f25995789792f310f8ff11b2a86c383

    SHA256

    cadfa0306cfa8272c87a1dba26df2e42062549e618f35931f03672ae80f82ff9

    SHA512

    d5e904bd5fbe700022ccc793d1f35814840657b6a275529ca19c3576e9673c54fe4865cd8bd0ad0c99727bd7dcff7d067ffa8bae9b42a37af93f93050e687c79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34af83a12b4206bfd566c61d28193230

    SHA1

    ddf22138bcd926623e28e0e40bee85d09ba988c1

    SHA256

    f144278f3d812944cd4b9e93948077fece0d63f447cec3c5d27b2e48fd3eeab9

    SHA512

    e51e583f5976b6da6112a7a1600c3a069782d0924da4aa0860c2991b75323414806ccc9742c7b03c50ec3f71ae8ee8ecfe869e3ccd655aa90d01e51b6dce4822

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c904e243e3c296d5eefcd6f29920baf9

    SHA1

    500381694c891c930ace4d89f1817cad8340ff47

    SHA256

    a1d7d66984dbc0a41d470b28fe235fa04be5cf03efea19a55d379b08831b40ad

    SHA512

    1a406c2b5aed54fe326641eb43823c262eac5c93c8ed1e8a8645365c6c95ae925dddbc28a735f3a284bdb5171fe8e9f67421f1cde3c64e2eb59bb19bc7f49e90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c78abafa3714358a8750994cca9f440b

    SHA1

    f78d8750eb3ab4ce268a88fb68813480e9d52a9b

    SHA256

    f0fefdc7d81205b3172ea32d3e947d943293f5d38336662fa4248736db977479

    SHA512

    b7247bf83335d98f96ecbfc31e0f3243389e154643fe87e8cfdb314853cc7e4646504a2bf22a78544daf0113cfc3a06a94fde7f63bfdcb6a0a15aa31b51ee09e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S593MPCP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab544C.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar54DB.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EXLO5EJC.txt
    Filesize

    603B

    MD5

    b7b2523dda478c412a132aac84669404

    SHA1

    d4ee79d75f976ce8fa7d2952930bc81a6319f0b6

    SHA256

    a50a30bc3d6cd09f0346975db1109ebaea304644fd3681fb9445a4029f971c4b

    SHA512

    cf91c83a926dc71ab59b67f996ec4496f6b7b4436281116627ff6bc49a9778eb458f5be8048cb620e49226c1310c729304b8d67193dcd503c1cd2bc33aae99fd

    Download Submit