Overview

overview

10

Static

static

7

AntivirusA...ap.apk

android-9-x86

10

AntivirusA...ap.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2023 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnservice.html

  • Size

    12KB

  • MD5

    387c369588d9f69ecf8a300afa3129ca

  • SHA1

    c01f17a03d11a3cac63fd71cdea5c0cc1191cc35

  • SHA256

    54de6b26b37f4a530a301cf21e3d29d20ed80247022d3ae37b74a66f0af45107

  • SHA512

    45a0e48c4f6212c7aaf4604d8a6ef0f67a712aeadf47f1c9e11e3a1011e8527c2cb1ce70dfcff65d0667df9e5559f53653022858dea069640b88d133d93730c5

  • SSDEEP

    192:8hHWlmerWHv8VwNXBx9UccBmcENHJk9uP8s9AdVvPRb:nEHvTNX/9QmBpKs6VvPRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnservice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2320

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7395125e72cc2f8375c372b023093f97

    SHA1

    618073b3f53c34688f58a731b8b9e3275ba4e059

    SHA256

    ff6cd8ee3d4cb17ff8a626395dc00dbba8b5a861d1ac6dc2c88fb49e9af87a3e

    SHA512

    17538a8a8f2b461ef3ff8b742237a4c54db60363a3b4fb690a88a0e3a3358e56e16f9487d9a7ddd81b91c01fef34946b606ac775c872e5aef921c01c087a23c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c565adc45cc01d889f22cd85d720a1c3

    SHA1

    a7bee3dfa1ec6a406305314ab0fe25a33c12967e

    SHA256

    befa37325712108941863781593e14700019dfd81991784d91562225aea93ffd

    SHA512

    c4ea69e465534b644ae164dc8037c3c5a2894f2cbc616d349b1548ca41801c13d4c3a793e0ee7db35af126486f244ceda0966c82c67fda880226b2107f67b231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be98bfd63c6ed04abc7fb1200c8a4d0c

    SHA1

    608219da94369de3d3ef7d9d334d431f1a1d2ad3

    SHA256

    ede01368a13fd1171a764c0c317eebdc64d802074ee96e834823bf591d82ec14

    SHA512

    d4d52bcd83f999452bcac2e9e436d0fc430f22a1679f8dc54773505b5ca0e24e10f8af3d3d95dccf86c74b4c0bf019351fef5ab2a653dc2f6790dbc05b8ee4cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85e325d3f5ec3c972bef6c959a8f2f13

    SHA1

    71bc45472ffef92ceb50c11a4660e33a71709f14

    SHA256

    9796bf6d3a4e1e71600a5f9b058cb6e4ab740b393d5ef9642913125974a53de9

    SHA512

    03c83f4f55eaecd0a8193ab9b1d1c1cbb2e651618ffe68f8e60ffc12f04bae2031c7e221a23a136ece870e5e2ff345a4dd282e280a328874f2820ab541eb7846

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    245ce30b36eaebd15d4c05d9a53a84fe

    SHA1

    970abf66639adba84a97024c6e652e22d36b4dc1

    SHA256

    cbc205a60a9885cce97309d41146d3a1c4eb7604a40da717dfc0319ce2da86cc

    SHA512

    ae7b44c156135e1f6ebac6f8fb15ef2e01147599cc3a2367151b92ca37acd1faebf6dd0b03b5ef558d12f3c0c9f1bd90c3b3815d9942447b62f02c974ce3466b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f96273db349968c2fc61671221facd9

    SHA1

    2aab1398ff0c887eebecdee8479b266b14d82626

    SHA256

    5dc951bf0ae3d669682285ef061ba036b62b24bd09e7b9cfc49f5e6fda5fd5d9

    SHA512

    5804e6f10426b64273f4cfab0af89706daa57a15ebe16466d26d121e491dc34e8f35058c23cae52054b85ac96861a3104071e603eec4f50bcea567dc875ef664

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84dcd4a3abbb6425596ca5d73cd96200

    SHA1

    0f2a9c574bb628d809874eed99d8826edebd764a

    SHA256

    4b3f6607868d9e9d4dfe74b180312d4da4c1710a25c7598d1fef9cbc3289296d

    SHA512

    c9f713c114f601e3982e743dffc17888931d0da3c4685201c3058a2fd7a35e0f7ea72ee88cda571de4fd90f1105c59ad88940ef7431c8f98bb795e6005121033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dd530b2003f58b67823d0669675e763

    SHA1

    29035c626bbca697043b770d7d0de072d0038eef

    SHA256

    acb525c18c6db910284dbbaf9d9d398db94a357ff408b2e724711fa0026f4492

    SHA512

    d9ce38eaab5059e2148cd90c066cccc354c9313ea883816e3e3dfe1e907ef8d017cae91271bee4b81bbb6227d9e1362855cb40ecbc1363764ee09c56c9162a5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d3371342b9a14101ed4be3fcca572e9

    SHA1

    f251580b931f382bb9893d3a1cf9b5d20687bce3

    SHA256

    c270a4deb9ac0829da955778d08767f42c0ce09f72a49c4e7138ddaf6eae1ffe

    SHA512

    9e94aecef08800b89f88ac36650733efd0b6ac9ffc009fe8d50fc8d0a51bb4303ba93c3ab6ca0d92cc8ffca972b1fbc45484fbaa85db85f5e719f4bcb29734a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXTVO3I9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C3A.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3EBC.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RA1FVPAH.txt
    Filesize

    596B

    MD5

    a643fd83f959bae4b573c7086e82fadf

    SHA1

    12369443f8d52fc248a0da3476a982175fa409bd

    SHA256

    bf024d2dee97db114077d707f4e5d1e5918212836b6e33f489d7fb20c1e16cb4

    SHA512

    7cf31108da3d40ea97e15bd2e635fc700c6d0fccb674ff9238e3a59826ea7fead5470694e18a40bebaf26272c1311d98ace6b4395244af6074f1dab8e94445aa

    Download Submit