Overview

overview

7

Static

static

7

419b4ad801...6d.apk

android-9-x86

419b4ad801...6d.apk

android-10-x64

1

419b4ad801...6d.apk

android-11-x64

1

edit.xml

windows7-x64

1

edit.xml

windows10-2004-x64

5

feedback.xml

windows7-x64

1

feedback.xml

windows10-2004-x64

1

no_sleep.js

windows7-x64

1

no_sleep.js

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2023 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edit.xml

  • Size

    341B

  • MD5

    ebc84d77f611f3af0679dac728d3cf45

  • SHA1

    9ca1ecf7b1bffa22b2cfc89b32e9fc8386327d79

  • SHA256

    4706d8496b3db6af3db8289800fefda7c18e38dd8808ced6c25f7ed4af9d892f

  • SHA512

    6e12dc0e70948006a89ce7e857056356b2e41e6df5c6dcc9c335d86ed26ab64ed5c71ff144668013cc73d8c7335aaae9437e88dbc269f23a17a9c23ce1170f7e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\edit.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1244
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2298236f701ab18ae35573032d6cf14

    SHA1

    0af1fb38d1c3b35fea7e0095331eaac008f37730

    SHA256

    090c21fd2d906703619fb14b10eb2458af4a0e83bfc4b2325ad5c0c21f552e57

    SHA512

    f6084658003ae42681004c91dc0f6856c7fac1690dc503f10a5921958906c5c81167e7616319f99eda635b20b74f6eb1309e4aed0311438bcaa4bfe30ca15c17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a64a1700883fc69c06d9c105f9ab098f

    SHA1

    1cd049e147324231614e2562e98f12c18078aa78

    SHA256

    b9b09804b7da95e050e69ba5854bc18c6a0f579c35b45ffd78f1b09a8d74f7f9

    SHA512

    6c89393334d09fb96bb93540cc8e179f823ba19bd5d09ad75e6a195a69c6737a77d0179016a2865ddf67c84b9acc44dca6feaca6d2eca95a1ec35417c4195b3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4012a6cec7cbf10fd8da3b1cc739c245

    SHA1

    fcbfe277a9825ae31d9690868baa1e3e6f52968c

    SHA256

    e42cc1b38b74ec8e8e4ddd6d08f28fb86df436635a8b74c6ec19a4dd818a159d

    SHA512

    480356c3825b1affb29a0e40e46d40bf9f2b491c5298df84d61f81a29aeaa6cf53eb98bdada1ed4fd821001b986011c4b6d66ccff9f2d9eb1ed405d46a5f692e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    408974154304c9a015f75689ec967cc6

    SHA1

    23cf314dbf49d84261717f65cb1d3ba95b40c640

    SHA256

    7b7d760b8fea2a5bc39723c6f6373d9cb606ee98f782d6f447c6cd7ec394a230

    SHA512

    df736f61ecc36f7eefe663239b6b9890471812b5b642c8ddd49426417437788bfa549e76e7817fa3abbbef6283950185f44efd1be49eb12a7d8bce289d3e078c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3de624d62b31ab8c8ec4ea84600be63

    SHA1

    1a62ab50909bf04dc9e33a6dc24faf48123cba24

    SHA256

    d06c8dee1bfa93f4a33c6554b0147e63f6ad420eaf62c2da609b810d5335ce2b

    SHA512

    39618d984acca8a4a64d3011ae4507dfd3480e2d90a8c3bd708f0bc9a2defc3f7371c98b7f6aa614fd59d03b99ca6b7371b2e8fe74b2e0314893f66a1bfa1b1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e545fe93eae7071daac140a91e9296d

    SHA1

    d19e0e121a51e7778d83f75b00665041f33b4cf4

    SHA256

    6b709db3306d362d9aa3298ebc736c7f5a1311a2696d6c12b3af21ce9edde8e6

    SHA512

    3c2ef95c11b9f696398181065cb1694676c98db08b168c9e1cdde37b0e70e9f3d5e6aba1d2f980597d2c443d4cc23b42198e871071200f88c35c2615f94bbc67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f3b9d3e6c57bf1b9206cfbe5916e6ab

    SHA1

    3e28c9e09ca62a0f27d4b9b767e3081e5cf47124

    SHA256

    d90ad6a6f214711c98bbafd884bbafbe7e64c12bfa73088bcfc080a2f62b9ca5

    SHA512

    a667d124fc0de8ba8f20fc8d788a997500c9b7c3d0b3b6124178b1df1e1f00c66b9bb129483454bbc7d5395198c2f83e673272560ac1e6bfec1ad79bbc7ff147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab82F7.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar83C7.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HHLH6D24.txt
    Filesize

    606B

    MD5

    9cf63f8f169a689445c75b449e4402f6

    SHA1

    c38aae08113e8de1c8bc99f17401fb069b64f880

    SHA256

    759f3657a28ddef0b651aef6b66df0142669baacd3eabd249a4462d18da2e327

    SHA512

    92fff63760f02b222122557db685a02432320591db7b7e6102fe4cd561bd681348fb6179e4428b6ce40e77985a0dd052ce8c7d6d950975120b6eacc0188423dd

    Download Submit