Overview

overview

10

Static

static

7

a1a9051457...40.apk

android-9-x86

10

a1a9051457...40.apk

android-10-x64

10

a1a9051457...40.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2023 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c3c8e42f9174b0baa722ef6f6dc98e2

    SHA1

    532d5d8aa52c5e89eeece5c58d47c73b2a837934

    SHA256

    bb9b24b6d03e89f7cd831ce677755b948895ada1c2c3d6ebd523c4addb312d85

    SHA512

    2570d85e1e9e32512781f9c474cb88fc00a192ef482aa389742fbd9f0b6402766682fa854d766ae137018439b00d8fdeca67a7df86b349cac06b5c4ef3e9bb43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c459ccc8744ca65119d9535168c66331

    SHA1

    eeed2fcf10b44c32f50d1a12ef24b6ee5e706faa

    SHA256

    df1116687fd8d0da1b75e123153341477e48e4ea654246b826dbff5d4332ee30

    SHA512

    6e0efd3711c72f9ccf4f3fa69dac731e362f66ba4c70e3e74b6b8e1c237d8441d6161e6fe00f354475b16fab9522926286c5521342cd3b86cc2481192a3ead03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ad5e4bd2a945300c96e6c3c63d4d9c3

    SHA1

    7f2eb309fcd95240ad18ca58fa752516d4a56784

    SHA256

    c852e23297f94f026b45edafdab1210bc712be74502f3c756ee198457f16ca96

    SHA512

    e986f0d4c2fc7759296eb619aaf02372c398e1c17f119810516ff6c9f47e69cf57ee833606382c674c708cbdd389b1567a90f9dd1be0338c570e17ea2d15fc4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0d385246e0e9efc5ed24423d43f1c00

    SHA1

    3069c3671928b57495802a79cd347c1009219e3f

    SHA256

    5c7ad57409b24ad0a3e91fabb538e533d680e7c7b409ed7bbda8a809f7984757

    SHA512

    33441d750e5bd789897a8113ab88a4cb5ce0b6bab2e0a36d361e0db1dddd14ee8a08a9680f7e74e86616839942d5ad49d1a1629658d98142e4e7699eeae3dc3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3484d3b144305f4d807948111c47f69b

    SHA1

    2d6228becbf47f9d15e27912d6aabf40972fc40c

    SHA256

    4bacdc1094debf6bf76eb1ac5df2d39bb8967bed4d32271622b66475931bf343

    SHA512

    6274dbc09a869f64d7700af239b786436d5f19f5fe823466e0e3492938e4517a99965a3e7de330e42d3b44bee6c5e2c286ec1cad428abf5b208fcd2cd459bb84

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9M1KBX1\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab99D2.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9A71.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S99GM0AA.txt
    Filesize

    606B

    MD5

    06bc928a571c33e2300f6dbc3c545f90

    SHA1

    024e346f85a646f0591c53e2b1e736dcf89319e2

    SHA256

    3f9910dce6006f65a5508a5a44d0f64c1fda08665d8caf5fbf56ca61a4c8dc08

    SHA512

    587e4a0e7a3d9ca638565d23e118bcae9b9de881e056a20c736069087502e6d884e782d5d43bc88f8413edb30f0b3b5c822259880280d0a3f035060b35975eab

    Download Submit