Overview

overview

10

Static

static

7

b3ee8c90d9...f2.apk

android-9-x86

10

b3ee8c90d9...f2.apk

android-10-x64

10

b3ee8c90d9...f2.apk

android-11-x64

10

cupcake.xml

windows7-x64

1

cupcake.xml

windows10-2004-x64

3

default_paper_1.xml

windows7-x64

1

default_paper_1.xml

windows10-2004-x64

3

default_paper_2.xml

windows7-x64

1

default_paper_2.xml

windows10-2004-x64

3

default_paper_3.xml

windows7-x64

1

default_paper_3.xml

windows10-2004-x64

3

default_sh...le.xml

windows7-x64

1

default_sh...le.xml

windows10-2004-x64

3

default_sh...rt.xml

windows7-x64

1

default_sh...rt.xml

windows10-2004-x64

3

default_sh...mb.xml

windows7-x64

1

default_sh...mb.xml

windows10-2004-x64

3

default_sh...re.xml

windows7-x64

1

default_sh...re.xml

windows10-2004-x64

3

default_sh...ar.xml

windows7-x64

1

default_sh...ar.xml

windows10-2004-x64

3

default_sh..._2.xml

windows7-x64

1

default_sh..._2.xml

windows10-2004-x64

3

default_sh...le.xml

windows7-x64

1

default_sh...le.xml

windows10-2004-x64

3

default_shape_x.xml

windows7-x64

1

default_shape_x.xml

windows10-2004-x64

3

diamond.xml

windows7-x64

1

diamond.xml

windows10-2004-x64

3

drops.xml

windows7-x64

1

drops.xml

windows10-2004-x64

3

elephant.xml

windows7-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2023 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    default_shape_heart.xml

  • Size

    679B

  • MD5

    d042722236980ed9831030fa34b12285

  • SHA1

    b9639db7dfe552e159ee60fb27bbdcedfdb770c7

  • SHA256

    c045ccb0592752c40f2f26bfe321916970235675421601d90dd843ad7b5f5970

  • SHA512

    a3900bd479f48a4cc53864922a4438fcc15cb30ffd0227642f8420c477e5a4149f32c5dc7f364220336783d12f3d836b486936793c810ec7bafa4ea63d77d172

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\default_shape_heart.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2996
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e7a0bfdd0a6ab73f19287baf217d145

    SHA1

    054a1dfb9c51a18a5c2aff549d9486d88e7a0880

    SHA256

    26ecedae51ba4f6878a3376f00de17345a3809879f5c638544b62bc047f2f5be

    SHA512

    f0d506549db93703344699cae5b7e64855aa124f39cb721d8ba9a2d7b0e9c545cbcd342754b3fa2cbea7e52a5efeee61228beeaee2c4c26443d57d3910b1ebb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b43f32d6bc5eecd078ab4d08ebc90d61

    SHA1

    dbeea55ea22e628a3fd1f599a23a5e850a66544c

    SHA256

    055298950e61c45ae01f29751f0947dec74ac99a35b6a16851204a9bd206778b

    SHA512

    e848a5d0177ed27e2b0a6b6d881c82b9d0fde2fccc6ce73e61ce60f45528d92ce04e28bd6fafe8e5d7395a86b997ddb1a508ec3ee97cc46d6aad1d27a760343f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59f917bceb5c359147ed018091df3afc

    SHA1

    f8b69a36541dc9d8d77006b691e66a0cf4da5256

    SHA256

    b88a6fd36e9c9ef3b3b6155afa0e93f3414ebfac94817a947b50935d5a88d0d2

    SHA512

    33a505697041300398e0388fc03cb97bc261a3882dbb8fc98ab71cf5dffb0fb45200a311a236ea569bf8bd792dba5001a33c2ca5617b2b658972ea0701ee7dd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e28fa087d7aca00444049fa26c7bc6c

    SHA1

    02bc0ed0c018853b2f03e796d8a706c3ce14c738

    SHA256

    cb4d2f1b10808245159bfc4fc434ffd60a53a39ddb14f5e7203c4665739dc65a

    SHA512

    b4d2ac33a1ce21de6a4ff89f76dc0ccbf7b878bb2c6262561d4ac84390df99b344728477f13fa74a93f97774e1e27bb558cf0052b776ef93a7f34c00f9441951

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d16c6762eacdb6ab839b636383edae50

    SHA1

    f4477cb313aac1e5bc36f36ff4768cdd7584fa50

    SHA256

    40ec3ff2c9359ddbbfae998044900ace19a903b6eb23c3edab5ae2f97b72be69

    SHA512

    9660808ea60fccd366347ee669b800dbe1819709dd27606b3ffdf15ff03859a79b5fc68fbd9d4d60200be67696b81e0c84ccc2d07d2443e108e1f8d42abe425b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5cd4b1c6d5991f55dbd7ad05391eb6a3

    SHA1

    3605922a4ce9159018b5517419db8b2e7480d820

    SHA256

    4851784aeba616d67f3d33528eb802a0269af979512a8c57979ef748e85f7ea0

    SHA512

    29410f5bfdbf8013a399bf677aa6bcf8258adb0ed191b5710d85ac983a41658b66b35082ccf1eaf8550c9a89b4f026e2c0fe914436b0d0baba1fb3d2e4c3abdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6fc30015ca8d0db345ce90db2f9eff8a

    SHA1

    67cb78e0b11ba503bbd61d96cd28c8326f47ea4f

    SHA256

    185ece40873fcd7bdc33594b7305e7eac22c0f4302585b288efc19e1db0737c2

    SHA512

    252a97e4a6b6c20ca31799ddbb2d77395520cf37867b917d58c92b3689594125a9793ba75694cad6490cb1f61c1cb8c595c42c32a2390b4dfd6626dc5a95db18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82484f9f930c0afb3b555e1a4d578607

    SHA1

    43aa913647b823252861441493706f795a4f4549

    SHA256

    4e9a602a4d451923a6a6034907aab7f09ec5194562a42bbae5ec3b17613cf30f

    SHA512

    92ce56e4c91b9725927795af952dff5e5e48a557a54595de2410e33c4cf6be90daf72990770e8ac1faff4f24b6e30962ac8ec34da36fc658e27cca5a291ca01e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab95EB.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar969B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YPC0GVLU.txt
    Filesize

    608B

    MD5

    07152fcf4b7ca4e30b2f92f1b9c431b8

    SHA1

    d6d5ee4c9d01a4e4ee6a1d0a92ccafff12ca0253

    SHA256

    576f0ed9d8904ff16a48db99667e45199cf6f047414ed3f668fb948c9c49ffc0

    SHA512

    aa879520aae4862b4eaa21e57a78099a9b8e38dd8e0e6aa30c55e038cf56c299b3f1119c992d8e8b2121d2607f0db69f74e69b5a74bf1bab9c7e2a97d0adc0f1

    Download Submit