Overview

overview

7

Static

static

7

KMTR (Comp...3).apk

android-10-x64

BG07_1v1.ps1

windows7-x64

1

BG07_1v1.ps1

windows10-2004-x64

1

classroom.html

windows7-x64

1

classroom.html

windows10-2004-x64

1

sticker_alien.xml

windows7-x64

1

sticker_alien.xml

windows10-2004-x64

3

sticker_ba...ll.xml

windows7-x64

1

sticker_ba...ll.xml

windows10-2004-x64

3

sticker_blondewig.xml

windows7-x64

1

sticker_blondewig.xml

windows10-2004-x64

3

sticker_boquet.xml

windows7-x64

1

sticker_boquet.xml

windows10-2004-x64

3

sticker_bow.xml

windows7-x64

1

sticker_bow.xml

windows10-2004-x64

3

sticker_bowler.xml

windows7-x64

1

sticker_bowler.xml

windows10-2004-x64

3

sticker_bowling.xml

windows7-x64

1

sticker_bowling.xml

windows10-2004-x64

3

sticker_burger.xml

windows7-x64

1

sticker_burger.xml

windows10-2004-x64

3

sticker_cake.xml

windows7-x64

1

sticker_cake.xml

windows10-2004-x64

3

sticker_candy.xml

windows7-x64

1

sticker_candy.xml

windows10-2004-x64

3

sticker_circle.xml

windows7-x64

1

sticker_circle.xml

windows10-2004-x64

5

sticker_coffee.xml

windows7-x64

1

sticker_coffee.xml

windows10-2004-x64

3

sticker_croissant.xml

windows7-x64

1

sticker_croissant.xml

windows10-2004-x64

3

sticker_crown.xml

windows7-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2023 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    classroom.html

  • Size

    517B

  • MD5

    ff28760867f416f792f570022ac87974

  • SHA1

    01b2dd0349eb737ea3d43be36e0f610ddb7eb70a

  • SHA256

    cc055d1486aa3f323ee3a22ee16e343619b98e538b5cf7ff960bc53e0deb72e0

  • SHA512

    829f8cd106f8532cc7c5a477d68c9aeb440af3937ced4d82d49289fce786f64233dbff9d722f8d47d5b8eb0714e49832f53053041ec3e27345ff1ac345fcd0c3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\classroom.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2620

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1947f0f0d5c22c0486cfcf574e38e45

    SHA1

    53529c5e7bfda72c7b708d0222e5e01d0bb7f268

    SHA256

    038b65065b1638a33ff60834ca5a8424304f829bf6aa95c2ed74d153bf88784f

    SHA512

    d3bf09dbf13adbf2895284270e38507e88028f5d2d9b68ace82b5d52cf916f2a6891a4c80b703a92d1fd5f4dd8723dad907c8afc4dcec25df333295a84592269

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5fa75282e5d5dbd79542a21ea9d412fa

    SHA1

    a0d7977473899ffcfc9aae7e96f682f48bcace78

    SHA256

    856e0b7aa84709cb87741db3877e7ad81b4aad803e5b2ffbe6aa88539048e5f7

    SHA512

    d0069e14b101ac2583e43c1b67faf6eda09cf037325f544c9ed3cca0458aa05552a65a9ec6d38423d53a8e43b2a6aac32da945fe646b60c4823640db45860584

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc1373edeb6302548efb3acc71e0917b

    SHA1

    15109fa0a13afbd8431daff57201cf66ddc474e1

    SHA256

    712d01e1f7b36522999542ed12bd2dc2e670424c266843741e8dbb62d51b6851

    SHA512

    900c5532e6d0b7613ebd95f6f5ad252c8fa293f374adb977bf2b7d63de73a3a89ce7021e59421e1dec8c565bc79abb60afe09e5756329558429e101d2d21985c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    048d541b37ae783a04b2277f6df57b2c

    SHA1

    407346854b72ecd71c29c8f6104b2432ffc4a658

    SHA256

    ad39092c3ea3dca6f1e5d70f06c85b136fe834fa7743270b6f0659ec6514feec

    SHA512

    7ca73c543772fb12a4c8563cb08cac0b28689511ed51378e859fc8514b18e99490d24166f8b2454aa4c8b10d6a66ca243dc91738a54f229deaa23c8f34901928

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b57e252104b1bdf914859a68b471bcb7

    SHA1

    30149d7e856bc24f3029351210aca0bc590207a0

    SHA256

    af17b82005b46cfd85f901762f04459320ec7a343c581e2e45635859d25b7153

    SHA512

    f3caf990b3b3adb5a6ecb58008144fa66b1537e351c72553acbeffa3cac5ed66f687e327952198f34ecb2a6b1f0a1423feb237de1be25d3ec19fd1c0904066d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64b35c7a3ddd640a5de17a3f65c7ab72

    SHA1

    b592183d05e87c58898949aee3d8c8ce02ae8e8d

    SHA256

    1ac282aa8771f41252068eccb2672798035c8145c96e604d426768009b6fdb49

    SHA512

    d308aba9baa468f0fc3a2999a568d70990782c574d5e8e5c499d34116499d5a4b0ac9785502caf16be42d94441a93edb3a4ecfe07e5efe734eff680cb28cbb7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d49010dddc599a547f19bcd5df61eceb

    SHA1

    a99d50f34311c5c5e97ded16da61dcccc29854de

    SHA256

    0cc779be9f9392e5a76abbd8ba1357250498fbe6054c394a6528e7d124f3b5b3

    SHA512

    8dc444b6fcaed6f4ba2ee900d4c42a2bf40e882c27676cb87859abbe9c8025d62841de392f995f289d38d15ccddc5369fa0aedd6d2731a6991f10feac7d6b945

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    040adb3db905299b623e9ba63fb3012e

    SHA1

    fe6191101a80c7511aae366f43165c829380f1ec

    SHA256

    12fd6752f809ba2309839d124014a38705029453001374cf4c095b936b8f23e8

    SHA512

    0786c45fcedea1608ef0cc306be62cd7d491306693518bd13c93d83275957b7219c6114f21d97706065ba3c0a40a68ebfa179e8a1c77605d194a573892d490b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7907da7aa4cb7c2178f45e755e6d586

    SHA1

    8f517a4acfeb62a9693e3143d1b161cefc14c98a

    SHA256

    76282a4b0e4d85c31f0a63a1b9d63aadf3d01f2c03ccd9e8cd9f043e81b70900

    SHA512

    142ae9937e22d70f29baa23da242d8686aadb58638762eeb91c28c37eb6b0033b37642c51f982a64085b2eb719cc768b59f57c3989cac2ddb4bd431b426cc5ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SBJDRU3\rpc_shindig_random[1].js
    Filesize

    17KB

    MD5

    0ac770aa6d065c4f7ea98177e9420420

    SHA1

    ac286099bb09b1b3777c23d662282cb7c1fa1bfb

    SHA256

    fbd9a7627b8eee732c7f1393a8736593b27824b706046f38c4a444093165e561

    SHA512

    7f565af0595892c9737e61243194bd721657416227c18dfaa3e62e2fafa2f1b0a7a12ec0b4af7885e0d2e607006c46c87660e3d2c9fe2d6117e5ef567a3277b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJMXAU3H\3698212825-postmessagerelay[1].js
    Filesize

    12KB

    MD5

    e89f3c34bd849d5b959045facdced264

    SHA1

    6a4ed30e37cf844b1f56d5d81dc6dfec1c611476

    SHA256

    37acf5f6aa181790c9f46f7a25b5c89ecc46c35603b9b62c3086228faf72b26d

    SHA512

    2049d0baf05f0a8214fefe3abb2b4c6e104dda723d2feb439313114922887045cdabb08e3cffb5a624dc13a3c0b2fdf28114098b8c8ccfc3555ea43f19f20f7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJMXAU3H\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\cb=gapi[1].js
    Filesize

    63KB

    MD5

    8448c1eb40e855ff3b5de9fd4513d933

    SHA1

    fc2bb63a7d81e649a78408f942d1b5367485e349

    SHA256

    63aaa2777db39521dafa0ba3815720599151adb12b4105f8848f597f97918d83

    SHA512

    b6608b64d71e94ecd68566f118708926af490c5f9f46cd051d1c6895b69bfc88a37171d47df8d00a4b157cd3afc57538260842e92cfd062bad819051c283d5be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE765.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE766.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ABA192DN.txt
    Filesize

    608B

    MD5

    c8bde4365ecf6ebcf6d197c22956b899

    SHA1

    0382f9c413b2dac017e3ef9378de1c7ee0d7f2b1

    SHA256

    0025274008224a3cdb82464edbf23ec6d6d5243834e1eb052fe18f7b592d6f33

    SHA512

    07d266d4e901203f23d7cffe7dbcafd32029e53ab7eccbff007d6a9686f11e99498d7de3eb931fde9007a8491f9b0dc5b2da9b1418f6bb05d65ad92bb8cff8e9

    Download Submit