Overview

overview

10

Static

static

7

AntivirusA...ap.apk

android-9-x86

10

AntivirusA...ap.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2023 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    policy.html

  • Size

    34KB

  • MD5

    5006b2ca11128f570cb0d02c472f5c4a

  • SHA1

    4bc29748b81396285f6df954efb0d708f73025a7

  • SHA256

    efd83e19fe889b7af1ab18a31cd519e27eaf0abea42975a82f15afefb272f08b

  • SHA512

    c761233feb68832ba595a06b18a889a5a79c4f8305dad5c1616b0d88032e2569c95e0d415c9b8b7d4e2d519ef0eeae590d26ffca386cd748d1b015932093a3b6

  • SSDEEP

    384:rWnYCJu/yJMBAK/c9Yn3Y+9X01uLp3XPYsTmem6bs7OE3YZVNCmj1SYSr3QPRz:2YwKY0v9wsxfblEEnx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:276 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec98e006059749a525d97a3e7c28d387

    SHA1

    528a85408394b4ad80b3d18a87f2f122da0c9a39

    SHA256

    6fc6c4655348235d5df196bb93b1790f15344f5211b04921cb141a264c4cf1c4

    SHA512

    f37b3a5f6e0333b73f89f30b9d202798e2d8056b2230c4bf060fa1610ebf06236901e4d80437c3692c511c3c5aa05c8e230b33acdc6d051f2b85296b53b93de6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0415b80260f3df4c9ba00e1ef65c55a8

    SHA1

    c3a629402ecf47feddb0b2c259e22d4f178172e1

    SHA256

    0c1641676454fe7ce146134a298afb8d9717c13928fc47421d867765bd474c03

    SHA512

    2486a30cb5e592a0a1e9e812f84eae0735671fbcf055da2ca7c6bd4ea35063539c3126d726b30a2494d274b8288d66c2eab9807feba957729ed585a6998c4480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9ca6696f1604efd998e62b99fb87abe

    SHA1

    315e4b6f544cd99f89ef4efc403a228ea16e06a8

    SHA256

    16ae28a8d1613341165aa333c1ea1212adbd1301d769662b021922ebee2cfe51

    SHA512

    653b221497429f9563d72642525f76e971bd84f25fa045d7aa7e5fbe8d81e50f60742048dedffe671cd47d9a77a722446d35a1e7215567303e53e5eb0d1b5f39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44460e835dbbb67f86d58a316fea671f

    SHA1

    0d5769abcd129becc4930412c94b649cd7f6d777

    SHA256

    a2ede3434ecb96af65e22485a2411d6bf338291eb8a5051314267cb373f8c158

    SHA512

    5ee7768aad0635f2388d8bc1d930af82bf2df1858b293020e76cbd9561741ecb4fd6dec9519c4b80318a4730a765415e7459edb750d5e3e0332910743c3c5483

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    555b26ccd4a5d9a982974253e678df64

    SHA1

    5e7b4d0de9124e22095d7fc4c0058166931d44dc

    SHA256

    9afeef5904ed8073c72356a161d1f46b1ba4ff3f7e48baa273f5471d31fa20fa

    SHA512

    47ac6fb9ffbff976eb5ff0e35c8479a536165bfd5b8a783c33cc241cdf1e32c82976280b00b4760d68698ba62f88aa9f5e7f18c91e5d2f5ac5af4054c75b6667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7930cdc5e110f97c054776b77693d39a

    SHA1

    3bee3644711ec265f7169a28f07a254c9119df7b

    SHA256

    4e75cd23aee855f07332351841d033a91979a7cb4b69ac3488103d001b995a03

    SHA512

    8702a332158ff793ce75628268a27bc5c8ef31b736fcd742fececd1767235d86898d3cd201eeedafd3169cc39cb47be05137dc46b38708165b43c34f7df8b704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    826f6e025097aaf9b4b983a510ccbee5

    SHA1

    b1bc6864aff2d73b80b04bb366ac7b13d04a4aab

    SHA256

    57c6f71776c79290c8055c4f0e1d33abd06223dc5b7a51d433fca647b7b6540e

    SHA512

    1716b4ced21cfa88c92cad6a76913e172176e1d315ce56906bec68a52785632fbac1ad3a9946ae9d64d3b14a7daa472bf7e93c177cc2384a947b816499ecae74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9dbc22f54f5d38cdb4fa3e14dc957cb3

    SHA1

    2d33e649060f28715edaf0b79e27306782d4351e

    SHA256

    2c4432fd9b700c02f6fb469457b659fbf829441f7bf48250ff78ea4ca67634ac

    SHA512

    88a541ddf17d1942a50d83000ef7cfc1c2789902716cc354114ecd8da691f84ec0f382563cd27881bae1294dc3dc6d314ded37acb0f5ab5d8e449345eadb5b87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa7973e8e4e9a9a06117c4129c6c3690

    SHA1

    61ad90bfde684ea8a3e140b74e3221b05b31a357

    SHA256

    4a3f530804d3be91e3ba77ef99b3b3b372bf4515ff78e81cb448d58ec2863c61

    SHA512

    fa1def6871aa7cf10bbd63abcb0e3c9800af2a41a45fb2e9e5eef1693a212f70ec3c16617f5ac5b705a60303401c8c3aca587ced3802bd9d2cda67256983dea4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3bf83d4fc964abf2d4f137dc6b70450e

    SHA1

    65202d2f7580507014e8f28c985137f925713c02

    SHA256

    9d54cf94331fd0e478863b346b8d9dba120245a6fffa2ea2673185a670cc33b0

    SHA512

    42258f4dd05e43c753920a59940429d5574eac903afbe1c2f0afadcf6f01287934c5cc7643db17eabab67c3f4727f7a019b98d5282bd2ca2cae469436ad19eb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CM3TD3CI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab57F3.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5895.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C3J95HXU.txt
    Filesize

    598B

    MD5

    dd2a9e7395160537f1ce2c01e865c6b6

    SHA1

    4f120f7eaa401abce55b23903fcd62b58cd0e5c3

    SHA256

    01fc5223d737512d21c4dbe252d68c4b981bb585e2e5f25324067f34c459ea84

    SHA512

    e80713bfea78a7415988d580909fb4a86ba651cdc0121b6bea669e806bc2218881629c9594cab1c1b642d011ef24e635eae53240c6c5bd728cc33f2866a9835d

    Download Submit