Overview

overview

7

Static

static

7

419b4ad801...6d.apk

android-9-x86

419b4ad801...6d.apk

android-10-x64

1

419b4ad801...6d.apk

android-11-x64

1

edit.xml

windows7-x64

1

edit.xml

windows10-2004-x64

5

feedback.xml

windows7-x64

1

feedback.xml

windows10-2004-x64

1

no_sleep.js

windows7-x64

1

no_sleep.js

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2023 09:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feedback.xml

  • Size

    1KB

  • MD5

    3700a4f71a8f894e9fa0e31d712d5f3c

  • SHA1

    46a54da48ecbc4f49a91b04504610f97358c19b1

  • SHA256

    53eb1328d30ea8e1689154902449b15d1b4c156c8de4ea025915e3520a897c03

  • SHA512

    8ad6b6142bf9c5933bceee336d0b80fe9f758bcad52bf7772ac37bd45888efbdddec18ce96e220764b44f1d20f6e6bccf8c86c0bf40113526b8ec06d2260b437

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\feedback.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1196
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:528
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:528 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1956

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31ffb0f86b56bf0453f11a810f2d7b57

    SHA1

    555c9e36e936c669967529022ca756376560239f

    SHA256

    9e3bbe432ef79e044e2f6cfa06f7b38a3a0d875520e32d7de781533771536ce4

    SHA512

    2cbb34b0c6c41c4bb884665e8eea3aeda27343965b68097973aeb6cb37621a7205237f5fce6bf92d45ce3124acbdba7debe08f55625179b9136c1007e62dda0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48ad65b70b5ba94615a7d0568a91a468

    SHA1

    c80abbdba5e22c6678c1e32b42f330a0ed913462

    SHA256

    5c521e99e26e488fba9d7158ab9bf2e30674d5a36335878a1a0e5610c8bead2c

    SHA512

    75f76b0962c8d6242ecf2c25cc09603c0a262b6a6500dac4ed1b056b5b812551f18c9583491fa420f0bbe14df563c42cb37a487eeeb59ab70a5ceef298e6c8c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c60647eb8a194b1c46e21cb9532bd2e9

    SHA1

    c9ad0f2dfe29517811410587ca27a4156f044a2c

    SHA256

    f5e2cc0bc08c07371f16880088cac02ea01b16fbe0fad682318ade8c681336e5

    SHA512

    f1e8f4ab095059923358d97417fe06ce4588985fd6a0f7d082a708c378d94f02167d567a1619117d7a033c6812f77dd9098f28ed3d6d5c5872674f2cda06e180

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    baec978469c1f6d99daaca317af4add1

    SHA1

    173d9ee997023401d31785637dd9004f84267079

    SHA256

    7aa663f8622574d5e476d552ed03385b24a192ff54d901c87c8683dafe09f632

    SHA512

    9014501f33e1eea123e753274640e65bf54cd4eee105f5633aeea26d4f9227c7218b4f8aabd9aa3f9e0557fe52173f29c948df76b2147465baa315188e5a8bdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0338d553962337226496362ddc20362

    SHA1

    72f1654102fc7f565f72b1f738d1bb644739c0f6

    SHA256

    58d8972844d2824f8651db3f215240bd9654033ba099a25eb6abc737bff2fefc

    SHA512

    00a3009492ab2a5f803361df5555962469ea15f30bb292ade8ad1ac5563d793b31e3ff76b1f162cacd731945212c5d6d495bb45ddf95a32043734cd4b61ca296

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecd80dc74f1e19da7501682185cc44ed

    SHA1

    0fa26ea4744cc5d3705504c3ed994908082fe911

    SHA256

    5e65e2457e73d3a1587751f73f5983e248a78004a1f6c7ad75468a5bc274f87b

    SHA512

    e243c614b873e283d145a5c39839ebb2ba56918af6df1a3eec113279fa06f7d6af50c2c820e5ec6b4fe236d8cd20623b624ad372f911ba9408f1fc7e921c0ebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43538e58167a51e03da97696c533ccb9

    SHA1

    fb5d17b2cd74c6d925bae8655ae4d3841a276869

    SHA256

    037e3a64933d8ed26db3dfd96531755d3f8b88fabd9b31684c33c503e4d34273

    SHA512

    16480d3e434656120386b84e08e3bbde49aef83f9d619b34bf2e287639cf0d9d2b2c56824d3e44dd7f04ab0dd5d526ff96a18156f02b331ae56f52469b2277c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODRCOPYD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab60E9.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6159.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q337DUIM.txt
    Filesize

    606B

    MD5

    bf659eabd6b05e12dabda2773efd3d83

    SHA1

    5c1a57f5c8574cb7d21ca18ca6afa3b516717fa3

    SHA256

    ec62f04117af3cc9a7987ce53651fbbb6706783e00ba41d46cd3d0ddd65df761

    SHA512

    fc005e239a8f2cb61033112b4cc948095c7c1b250a5472ba12dc250585a7fa022badb2d6558c8ae08efcb136a4c0aca3dfaf370bb754404b6cedd036c13c6a07

    Download Submit