Overview

overview

10

Static

static

7

e84b200bc8...26.apk

android-9-x86

10

e84b200bc8...26.apk

android-10-x64

10

dt-mraid-v...ler.js

windows7-x64

1

dt-mraid-v...ler.js

windows10-2004-x64

1

dt-omsdk-m...ker.js

windows7-x64

1

dt-omsdk-m...ker.js

windows10-2004-x64

1

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

nopie_open...64-v8a

ubuntu-18.04-amd64

nopie_open...64-v8a

debian-9-armhf

nopie_open...64-v8a

debian-9-mips

nopie_open...64-v8a

debian-9-mipsel

nopie_open...bi-v7a

debian-9-armhf

omid-sessi...-v1.js

windows7-x64

1

omid-sessi...-v1.js

windows10-2004-x64

1

pie_openvpn.arm64-v8a

ubuntu-18.04-amd64

pie_openvpn.arm64-v8a

debian-9-armhf

pie_openvpn.arm64-v8a

debian-9-mips

pie_openvpn.arm64-v8a

debian-9-mipsel

pie_openvp...bi-v7a

debian-9-armhf

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

webview_error.html

windows7-x64

1

webview_error.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • submitted
    13/07/2023, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fyb_iframe_endcard_tmpl.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21523d732a6a6713ce074db92dcb2273

    SHA1

    6ba32558e9cc0df8e2fb9f8d94b5b60f5843fdb1

    SHA256

    bef860d63f458354b6401b2285e2d766328f980e16db862c84e191d5c5aa836a

    SHA512

    815f6287f8e308bccbe35ea9c2f03100ee3c9de78d569d50780d97e8429ab5304a61684504738eb7441cc67117daaff7818dec5cd975b83266d953e3324ef88f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    080dd2dd30f59c84ad8d1a271658abd9

    SHA1

    c6f206688167912cdbc6d1247155c3483d785ab5

    SHA256

    6cb838b4fdcd69ef9bb40e50917eea2fe6618366e577299de96f0afa7838cb54

    SHA512

    2b2be7eb2bfefdb0439bc383829272d8ea97d609a17ef4354a35849268fdcd38cc84d02d02e367885ad68536bf2ae4f4e3c267629df290ab821b02d6337ac715

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1aec99ca5d8bd2117fa84f79e636059

    SHA1

    85428ed2f4334a450b330115d385b6839f89623f

    SHA256

    fdcb69e51bd885153fc02f4047ae4c8b190e92b83bfedfa4bfec5111e129927f

    SHA512

    305b1447f550d2dfdbd529d326c467e0da7188a5cccf0cb7bb509eacdd8d2f4dce114f173f7b6ea45553e23446f1617ae97080289873d6704435511535227dce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4089994a49a4093c73759ecef552dbe3

    SHA1

    e72c1de848d822df85a588f3631b64a5ced20033

    SHA256

    78d91a0fd6e03156acdbed37c15723485f623215585666e73a912e04722e346d

    SHA512

    1f6d986617d61f75057c9fcb425482ca4f32f6c1764bb7b9d383fe6f4b554408472955ea170ff527501f030c9f9d5dbebe0de490296e849330901a3de8bcfa5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f016885bc27c84fe38f392343ee6ab99

    SHA1

    76fcb9a85465e9c988b07ba17b87c4659ae0986c

    SHA256

    42ca57a96dfee5a7a5a59b804e5d2919b49273fe26181f6d265b2b473117f7ba

    SHA512

    63f68586bb1a08a5ed56f2f210e3c7d2ea619d1250c76bd2f3288d44fea8b1e40e6735b3bb599ad64ff234cbc6de0763fb55ad99e4fce7497004e7987748ad36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16679ae3d187b46e84b5e06af036c0e7

    SHA1

    de17aa2b405b8b5b84ec02725226052f8944790c

    SHA256

    7c210501273c6094961db650353a6c2a6feb14d69dcd3092e80aae9e1e834c1c

    SHA512

    97d31a1369c54f2b86322f7bfb2edefa594c6d5a1d8436db14758865f1a5d1c485c9425f3a2b9af1ca3347029065128129fdde1b23c324e494317de8f4816e86

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9A3E.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9B6B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KPMFM43H.txt
    Filesize

    608B

    MD5

    9b0c9e84b536abd7498507349ba8ecf7

    SHA1

    2e49306314831a8c6c26f8689a9c969457ac879e

    SHA256

    ab30a948a47883cf14ad528ded909b64dbde09dfae8760e56a1d5cf1f5ee7805

    SHA512

    39e6f9befb127df17059ef74b0bfb716d17250e1f431c410fdd757762be8d24f98a1d3593cb5c884acbe1a5cfd4d6fe6120a6106a31e8e497e1314a8197e7233

    Download Submit