Overview

overview

10

Static

static

7

e08cb4f770...fa.apk

android-9-x86

10

e08cb4f770...fa.apk

android-10-x64

10

e08cb4f770...fa.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2023 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c98a8bcf9fa605a1b911f29b80ec77f8

    SHA1

    06a81dbba65bdfd72a986836a0f03d64737d6a12

    SHA256

    e6fce09862212aeef16e7ead26fae75e04bcd710c7b67a77bc20f98a69c7ff63

    SHA512

    6ce4130b022f15a4a6edecfacf3c4ace0771828036901045bd04de37df86968faafc49a20ce5496b9fbbe13f5534d62283dbc01ed7ca7233024eba4303ae0fda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f158d7bb7ca871c5b504fa7e54592659

    SHA1

    c3562dd354c9a3fb811688ee22415904262d313b

    SHA256

    f97cf7aaa2d8c67b05bf5557978fe2d43fad3af79136919a5235c31042d0f81f

    SHA512

    129ac29b22ee938b8b35b027389b755605bcdc772d1d8b6398b21dd07f1fdbd504b8094e314c7ca86dbd7e2576d955693f5ed72dd85bd8a9f6dbd0758d5b21b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50c399abfecb9839432dd0dfdbc1f986

    SHA1

    f81d3a976ec764096fcb4b2c449de97b3c228f89

    SHA256

    2c17b4893312f1ddd24071d4c7a5af30d60eced2628ddb02c3e3964c3123962b

    SHA512

    ea466f0316f8c94a3bf8743594dae40bf3c19d1de81009628752400041d40841f260b46238f838afdc317e7e4460c9ec1cdcd9c1b4e2b47921242a8803d91c50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a475f54ed3ba070cf56469710d6a919

    SHA1

    670737f87702e65d46c1f3ab58c4493300b79afc

    SHA256

    56265e96e1a905b7c62a8350ab19be343e343ba1d022ca7d694513b95a150ae0

    SHA512

    f20f0260eb32a81fcf656e438632e721d5a61ae16a666bbaf1c01a4b8bb1e113ffe2847c93a316815c94ea6a120ac02d497787f7df57abfd58f05984c91afdd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71e941476f615d7ead2a9307de491a07

    SHA1

    5cec1e31300aaf1a8713893f308abe429be3d819

    SHA256

    d78cf1d470895450dc4bdb6fc89e395daf3a5e73fe8b8e40aca6c04c29dbc625

    SHA512

    109daf14b1d87b58956f6cd51fa5843ce84e13afda362706b3a18de0bb95d14eb378c12c41323d122d525ed659ede018b3e033e4a4904969642c6e175d02ca21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f653e56e990ec35e8fd94fe1b61fda6e

    SHA1

    959a3196c971b7c7ff7eecc10a8510012f5256bd

    SHA256

    71fb6a68bdd7aa12fac9fab469bcad0d9a4fff95f07c0a79f6fb08f2e4d6bfd1

    SHA512

    9109a287481d6d7a6316aa95a52bd196572dba657319fcbd6d2baf00cd1be8da9f28ba54b31920e6347c759e0c4e853127653b8384cc82bf72ae4071e63ed32d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df6141879dfd9d5c8dbcb60b6040f3b5

    SHA1

    0552123ac87575bfb18d4bc0f9ac61bc684c339a

    SHA256

    0a0d08aeda9f90253b9512713c74bd3c4285bb9cde0a7b59f0f9838bb8090b98

    SHA512

    f374c36ee075d0e5468855ff9d9f3e484164372c3029c52a64c3d76638b5d1b5492c17565bc71af6361d466e3b30b5a2cff6991694385d2621143a176b17adc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0455af980a6650c9a68a7c3ca36f3e01

    SHA1

    655eb6361ccbd561efdb32d604e046f52b601164

    SHA256

    ec8946d14acc50829992aff80b757bd8cf26e116a26b9b22ec6717acd2182374

    SHA512

    7baf5099b70c20e65bf5fcd1196a92a86f4a750c6512b0f4dbafb143741fc98e96178960464f566f649518adfe4fc3e14a5f329dc3f9c7f972eba4ead86264cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63f7452b7e16423a841b84c52bb8ffcf

    SHA1

    a508626b2d0eb58fc38f02e961606757d875159b

    SHA256

    4a211e84861dea992d237815bfa6a5fa4e82a20c9785d9594a8cc7a5266a2383

    SHA512

    36aaa7c0055f533af664db0e975cdc540f39c1c7ec8b8fa741042331bc441cf9ae0c10db67dd26d1b40f28801263acc445a7dfd45afd0bc7dca880b956254b67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61ebe0d5b70d9d9cdbd776ec3c1b8c4e

    SHA1

    93e29e1258181714232e11cddacb5e53bc884ec7

    SHA256

    6d9c563d935ddef261ac99bc46d78ed2c8c19861377d7b6f4ac8b173b090b1b4

    SHA512

    c7ea8c7f728541707b54e5b32ac41cf998b8a556b2ff83d827544a0f7bc3ef0a42cf108ed2ca13d6964250b17b0bfcb7e2333314cac66a306c742219b2836cee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    213073fc581aa3de4e644c82a8032b63

    SHA1

    28156ef77616ee2f7663eb7aa3bdd6486fe26e41

    SHA256

    ec20f59eced135d927a1a7d444ce46bd497c7c84dfe55f5a2735cf3366ab0330

    SHA512

    3c2ead32c3994261125a53c141e73966665e6cd6fd872a2dfb166bfa87bcf6e36de4bb200c5a9dfb53c0bee51c565ce209595a9d3b0836a8cb2a12c68a0fa9f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGCFYHZ3\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB388.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB3EA.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8RPSNFUA.txt
    Filesize

    606B

    MD5

    1f2c9713934570a4f1633e7473b1c138

    SHA1

    d5aa40c2ce5b5d4ddcfa18d431c82dd5e63ea165

    SHA256

    874efe69487d1421dee47180711ea74c60114d7fe4c1e87f18cd0e596ca59080

    SHA512

    6624fe9ca43c31c28b1fef208d80bbac69fb4cac3f8402aeb0b11df9c8733d4583ad4d2dca3371b12da2921f729a32f0d20e2ea684fd2905632963e87d2bfa91

    Download Submit