Overview

overview

10

Static

static

7

AntivirusA...ap.apk

android-9-x86

10

AntivirusA...ap.apk

android-11-x64

7

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

origin.apk

android-9-x86

origin.apk

android-10-x64

origin.apk

android-11-x64

disclosure.html

windows7-x64

1

disclosure.html

windows10-2004-x64

1

myps_policy.html

windows7-x64

1

myps_policy.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

policy.html

windows7-x64

1

policy.html

windows10-2004-x64

1

vpnservice.html

windows7-x64

1

vpnservice.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    10-07-2023 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    policy.html

  • Size

    34KB

  • MD5

    5006b2ca11128f570cb0d02c472f5c4a

  • SHA1

    4bc29748b81396285f6df954efb0d708f73025a7

  • SHA256

    efd83e19fe889b7af1ab18a31cd519e27eaf0abea42975a82f15afefb272f08b

  • SHA512

    c761233feb68832ba595a06b18a889a5a79c4f8305dad5c1616b0d88032e2569c95e0d415c9b8b7d4e2d519ef0eeae590d26ffca386cd748d1b015932093a3b6

  • SSDEEP

    384:rWnYCJu/yJMBAK/c9Yn3Y+9X01uLp3XPYsTmem6bs7OE3YZVNCmj1SYSr3QPRz:2YwKY0v9wsxfblEEnx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\policy.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:280

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    286e1170eb49f911502144b66454ba06

    SHA1

    b2586bbbfe83f743b4caa202835f0c5cfaf0417f

    SHA256

    620b4d026851b832b3933b9557317f7d3d236dbea92af3a7bb6f2cdb9012b536

    SHA512

    d930997c365808f4b1983a7c1f1d1b1caae07fba027d80ff7a169c9107bf540c4ea42f9a34fd6b30bf45e4262271e722503ab76a103d567bc3f696fcd9e7981c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27b1efda377576cd6c10d74a888ec290

    SHA1

    7b2cf71961245822aaf7d0856158fbbca891fd4d

    SHA256

    f27678d088645e60888b3da4cb5a58c915567693026f2f80f3843d22c3bf067a

    SHA512

    04571a462697e3cbeae42f8df58aa469edb8ec7c2d3341216a354622797ccfb5fbe5c17d532cdddb9ce023cc8e1af169b057e8ab0b2ab8b7afc8c2d48cd439d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f95a91f904b35e9165c592ab1f0d735c

    SHA1

    d0d1705ff2fe620713d925192a25b6620acb38dc

    SHA256

    9a829ebb5159d132dd63797247de4be99db2474244646e5600e4a34bfc911cee

    SHA512

    d388e5e5146cc029f3855e814833ee912b8cb8d5e2fa4b558ace935cb8e2b214e41d1ac87e6d6bda10ab69fe679f3dceb319da127a0e9fd366a3ea79429c2602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    51c5b2b390404d611e6790a4ee938743

    SHA1

    b6282b98fa98c064c8007126c09c2ceb0ab8a9b2

    SHA256

    488209bbba9c657b08d11e1d06807f2aa8de09e5eb0a9e2c018044fddb2a734c

    SHA512

    5c7dde271eeec16d0a60493226d0ddd0a3cf994eac117ccb58fb274f26e317454c2dc9e535c8c67aea6048254c53c8d025340143e56e2636de4df195cabe50ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    894b92441b692f2fb07efaf8ab1666f5

    SHA1

    438105f3aebd6740d1acfa7cda18ba2eefc6cf2e

    SHA256

    2d81a6f0abaf73f8ce4e98adceadbc4de59a8b38fb36b510efb905d2e2761bf3

    SHA512

    0794222335632bb2a77ad8c026ccb20bbedd2c8d7571f4767bc28e3d6436dbd02bba8eb5a1312d1ee6eff882b976f797ef29e7c9e85d938a1c53d504a22b9a19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    924f2212c494f77fa268a0d06996c8cd

    SHA1

    29431e0c380e174a97a16afe296af6475a78e4fa

    SHA256

    574c2f53dddac340fbd8fa6ab885454a62d25192e8cf68f8aead5a49c39ac0c6

    SHA512

    447fa7efd5cedd1e514fb324dd6f43af0af86c4e2fe657257f5ce696ddf52f099d8ec761248e9f27a6ecd7f9b697324e5f2f5587c2a9553801a9a4f28dbfe0a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c007bfb512515e27796fbc724ebc13d

    SHA1

    6b77fcf87e4ca11fee4414e702ef96548ae4d7cf

    SHA256

    c3c8abec0aa040d2623447fac20ad051fb7d8647a6c24be6b3030a5552601f4f

    SHA512

    6d61afa86dbee3a13db1f2626e5c56443c1701d2ec4a4efb24976e8a9133a92dc4bad8f1b29f1bcb1b4a684490f2448cc48b958aea9e7a4adc0cea32771fb304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    812268112ef1cb7974026c02b6a6a1cc

    SHA1

    e02452d294999a01075cafe1429a78f105c76508

    SHA256

    13b8260813719ecd544429bf0aeb42c4a4c6bd4aeefa88900b13d02eca8f6ef7

    SHA512

    fd00098baf1c34c91c312647367cc33b78f587148d641be1c23c0dce8045fed568758cb0ecf878023ffddde004ae1a036f4d1fd74d79d17a9a79712e21c6ac47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bddcd88fc7ec2851330a495c9652ae7f

    SHA1

    e81402881e8eedb9d88d132ea8554025c4c25c64

    SHA256

    11009a31cf2970ba15672ba37d4f3524a76654738bffc28665e485e0eb816b74

    SHA512

    c839b8d34cfbc312dc98835d7053642c20177e3502d22d9937e2164e0916ae37bc2a28999cf99019384b33d3405484dbfa1795c94b4cc9f9624151faf47d5630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26b8bda3286a3f70c78cd05ec5cd4c9e

    SHA1

    7871c556d36a87de98eb55d37273740bb3116060

    SHA256

    ffba4ba59db84ec8b1fbe47bf4aeb712efc4d52a2d4cf0d8d4e9cae6c01991c6

    SHA512

    2acb8beb1fbd730ad4fd61702d33bd7006cb3edb245b5efe8aaaf1a958c4ab7dc1b179dd6d2d6a1bffa5e812ef83bde3822b83e25013fe7655106ffe75b8f5b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52262f5d4871df605864bec43b6f5a1d

    SHA1

    b7e4b91eb095aa2a9e4c6eda351556da4ee74f06

    SHA256

    f4aff1e45a068c9f3b5f9cb23bbedb814faac0b3834459ec4968e874b07360fe

    SHA512

    72895a08b771c72da488f75d305a33e521ebd93378e317c66b325605ca1c35696952188d7a6dcd9882deafff3aaf951947597cc1f0626da8e88068b27f6dfde0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0799cb5555b9e58c1056c0c08e734d35

    SHA1

    bb5e948d147a53b59011d2726be73ba9bd79c5ec

    SHA256

    06d1ec5e983f5389381314351b726a553b67267bc94b22df2a07bd7681d64bc5

    SHA512

    af290ca89d3bc6f141d215ae47101f4c22c052d9a43287782b5dfd50ba6e103976a5f8437dd915d5b8d09e88ff13eff9e2e106cc30a604ef568fa3391f3f3710

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a4986e5c753ec21b7ebcb43ac1f6f13

    SHA1

    29c05c9abe02206095f11aad8a6bf6a1f6caa703

    SHA256

    c708e74a51624c3e658942a7fb4f3d0c77795c6eb52fac0841da5667277c0c1e

    SHA512

    ee09477ef53625cb02e28d43bb4d4546a678f5ba36dd7774bbef2c4e1bffc3ee716635e43512c3c7ca399988a36dc8d8c14f226fbb8090abebf89092fa3161ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff0177ef1e9478eae50e71d56c1a5746

    SHA1

    d122b5b9e61bebb706cc08becb0f5377a273d250

    SHA256

    1dc96edeafab834e7f66536c25b86615904ffe051e964517f5acc680b5f0ffef

    SHA512

    aa6a92ec6c8d9eaed9bf10ba0737b96aec293e7005411b318d6627d7e0b8c25f3daffc5905caa6dfb5e85b0e1fa97f1e647cc2a6a03b27a8eab7286002a61905

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZEULFN0\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5A15.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5AD4.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\31B1YLT5.txt
    Filesize

    601B

    MD5

    fd99c5ce31d8e25f03056a0be2a8e93c

    SHA1

    ceb6a5f8466ad624474aa8cc3c7e23d06a0cb14e

    SHA256

    c72ca5c3ee515043914f0ac3f9a10451945f923613861bab6313f7a44162c5d1

    SHA512

    fd4bd5a5ba34704b015ea5fc1110aed0465d6b472b7d1d64744d6419988b1b1380a0dd7d35a897348ff2532db022d0da0c1c6c0116ea7c786bb4e5be07f11f9f

    Download Submit