Overview

overview

10

Static

static

7

eeb4c044d1...69.apk

android-9-x86

10

eeb4c044d1...69.apk

android-10-x64

10

eeb4c044d1...69.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2023 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5591d07b963f0a1bc6f437e8b245c813

    SHA1

    6edbcc78beb9112b9ed8f53433777283fe300bb4

    SHA256

    a25ee5b16512579940123e687c0a7ad8e97e82d8137658378e7240c67d9f3e7b

    SHA512

    3ab1ba787746493ff71ed4edf521b6eb3dba32f4c6f557d39d579567bf7bebe6e48860ad294799398eab048ed89d5096ba87acd5ada02bdf5c87a9f4cf5e9167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b3d2683fcd5803de1350af8fa467a94

    SHA1

    050fea17675324d0c18917ef84385d0989c310fd

    SHA256

    97d2c6c27895adaf28143c3f26d340c6fdd813481aac061aa76ba7874dbf8f7f

    SHA512

    c62ac0b74543d77e468c55d3ff41d5a5d34192abaa65010eb4ebce00b454dd45f16487db4dbc77f2b5acf631a2165bbef06541390607a7cfc279346c18e99cd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75d99eb3297d728eaa334f13e26cdadb

    SHA1

    aecf038f24c6114ba01e0bc27538abd3d7eca4c7

    SHA256

    ee263694b88f967632395cca22d7541a3b6bb7d6e869e25e095bfe849c905711

    SHA512

    aacf5e131ec986daec2e3cedcea6614c45615ce504f2b95252281a4bc900cd2135d625543c539ef9299af890f067000525433b85c0bbfd54f38bedc847bff3f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea95c80e82ec8a8ffca74aeef6ddce38

    SHA1

    88da7e1dc3abf6a41c5fd5c7345788ddbd444467

    SHA256

    5769f17db33ef84d62d869d139ba15e95f7febcbd123a9323b7cc16d1950010a

    SHA512

    cc6420eae5d81071de4ce94f8c63f4461919936f5afc2e7bd152d51bbb0cc862670a0f33d3fd1f2468428df5054fc0feb694e0262a79535db2a0836157894df9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ade5195b9d0861309013f814a6ff4b2

    SHA1

    90475136f55e224ad81e095b026fd5728c4be7bf

    SHA256

    ce912ba43b03f442bec6dd12bb46e6e4a665b440f1878a468e3e79e977b74f42

    SHA512

    2054bdf8b6e5f67988b70157a5fae3f72558382943a514de371e408c7e8d0727ba67938962e57cf187500e3321941644c7d66d992d9b209fa15dd0d873e9c946

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6cb68c57adf08c904f597be7b9e7b49f

    SHA1

    a83e7994ba1321eca2e55c76b85b40eb0fec13cd

    SHA256

    a382ad8b1925509291383517b8895b697acf17f2a4d005acc466cb0298c5d855

    SHA512

    562f465fd3e020225ea3ec969af4158bea3553c3e61b1306bf27d3f43e41d3ce9c26fc20e61edb55e415c04f9b017ed2852024c8ef345d90c2a5a93c107b5655

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ba874b9f0a7494f595d69ccac466f25

    SHA1

    9f97b320acabcf5c4cc3c262f130d1b894494bd6

    SHA256

    bf59c4b2e12f5ccf2aad8d3eeb92397f7f6cae0c319a55c893938b623d55e6d2

    SHA512

    be31f154d6eab68897de556520997d387773d93445928ed30dbb641e03da9dfd113ef7fe0159a304490d8d1ae8039208e975c19dd38c4135a83baf0f687a163c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab545B.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar54DB.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8ZJ88LAU.txt
    Filesize

    601B

    MD5

    de1e4de77136dedd4c2dfda1cda0b232

    SHA1

    76c44e6e3076e3e8539b42344abba46261fd5695

    SHA256

    036698e9df6b3e3207bc45bee81c422c4b10893878b09010b59ae02d9147ef29

    SHA512

    2e10b4ea52e35af759c38c5b66366c73beb76425896333c0a0b4f3b864a8acca73f5d4bcb4f682dcca31c7bc0cb405cc90df26c3d1f52203df9b85eae7d8e3f7

    Download Submit