Overview

overview

10

Static

static

7

a13a34cec3...fe.apk

android-9-x86

10

a13a34cec3...fe.apk

android-10-x64

10

a13a34cec3...fe.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2023 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2056

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe32ea8220fc16e51f08125754f76170

    SHA1

    a94f1d50c07dab9c20e0878439c7f6a4fa543247

    SHA256

    40369585e3f515af68b4946346972b0cd6b3cf6c5ee81667e5a29e0eda572576

    SHA512

    ff9418f64f1911c64e5c0a22bef8594257b56bade1891ff2210e0370521936b7280bad4a473768a35e503f5f3e84497670c3ab0299b79f4b575fea786d08b0fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d64d81fa5767ea05305191d50dd29cc8

    SHA1

    7fa52331a3301fed198a2fe047e7fedfe5fd830f

    SHA256

    e4b4d567f7117c9e1a8ed9817926d13966dd11c16f16d8c87855076bbd770ff7

    SHA512

    e2632bc3da37f5f1c45dac0c230fcb1147d10a9fdf747f157ade9a6ccb83ffc0e85e1586528a5e167b89e2a2aa513814519f7ec39a59874d00504d77110a51e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cc7eb806e576538469208cf11b33884

    SHA1

    0630351bf086e9e154fc5de9431eafabdd345dd5

    SHA256

    b25368759e61983fdfa112e09129e28a221ecde204aa4958a243ab030c2b013e

    SHA512

    7957dc7e924699137cc58d2dc09314c767146c8fb1836d8e7c454637ced53642035262d7b2f38f6dd6b3d289907c94d08f11526c1494493516f80ae78605b03a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    866c2d6e888a9354ce2ae19e028eb42c

    SHA1

    9dd4c6e7b316131ade0d918cdec10140ffda7468

    SHA256

    3c770c94f128ced4c1936a106b3ed553320fe533a40fb6e418191976ff63b61d

    SHA512

    5404a7f2ad6e0e3380c67e3792b7f60be0d4a15b3a5c5c18042fb5831b44e04ceb752390495dd3e60eaa1bf34069f5f0695a116992c27c64a69be3ec6afb5c4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed3590f425c455fc931449505790d7b9

    SHA1

    16a04c923681901d882da50c1f41e9826398cd87

    SHA256

    f946c567a3295944a4016929b8e461225e6e8da44ca4e09eba30d55eecd8cfd8

    SHA512

    2576079f07b0c5342e9925b00bca29399243cb5ddc04599e2361861e33edb99fbbe5345493578dd8a52871ee6484b0fc788395b23554585b03c8777012564c28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0fc8a1baa8025c1c2a527b88d866b00c

    SHA1

    4f86a127f0c1309ef454c3799fe69ffd88e91a0e

    SHA256

    cc13d6197ef3dba3ba36c4e5a920274f0facf498e829695d4d0d825f09de2db3

    SHA512

    2b9a29d009e2945ebb0a2a0c8ccf94fe712e03c06aa6170391e468ba9d83c97db3ec940247a6a26c1f4ea6cdc909b166c3bd7f2c4332e607aa2757b2c11137ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4049504e35010e5f2becf4a834f15429

    SHA1

    80a81c0b11b6f485109072dfd22d92b75a06877c

    SHA256

    262ab3ac92cdb59571321c551cd471e375f44781f46c2f7728028c263dae4810

    SHA512

    9185ba334857143fbf0d506e65f4c4408fee952271ee39eaa4a20276f362565b21e6365768677e2798d0e874d0babdca2aeda7fc421834adb5dbc1f463ac7d38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb70a51e484592159037e772df10df3d

    SHA1

    a81837c690c9164c4698148994240ace04b17ca3

    SHA256

    6d23ed1e33e442bbbcee617b97811fe47b38e3d69af3c5339aaa7ad508f1b971

    SHA512

    45d767c19005a47170152be83d7ecad74576d0d9d880b972b20975d7feb58879d5d36e2c4c62b927f51711b5d41cc78298defc8b526c1e106c8cca372485148b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06cf725e82f6a556e5afd2608ab931bb

    SHA1

    dc036a11c3ec524698088ceb38b9592cbe78c44c

    SHA256

    8049cf9db274bd14d050b6f90974fd98d9b3c2fa7b30a8238bdca254c0e9e98c

    SHA512

    a32ab2ac7c39c1de2962c034b205fd82e98ff7270e4d499a9c4fc8b89274aa85aa4736cb441388e3479c8b9bb842165a7cc043af990b5be3bc679c83b7878169

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5df46023dfbc44e820d9bf954449587b

    SHA1

    ba25fa540fcb754c94423328b7923db43fa97c24

    SHA256

    a425aea12e66299b317882adce5686eb89dabf771fcb4302ce1f1f429d23375e

    SHA512

    40fd64b8c08114057a004318dbfd69633e50c7705d7f5b022e183c94bd577203dbc02228c96fb873c604e48658be27eca12ae2bc5e0f36241a05cd69f0458a96

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64WRFCMO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E83.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA193.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BWNLJ38T.txt
    Filesize

    606B

    MD5

    b0aa8e338414c7689036a84f395e3a3a

    SHA1

    dcdad6838e1599688acbf189f4355e9d2457f944

    SHA256

    ee948b30df6fbb6f337128109eefeb15b78b9fcda86f7745a490a8e37b4a3f69

    SHA512

    72bedd5b809698fc565ebbbbec38a27789639eed22db729dbf952e6223b45f8461f5faf2a1ee90473d5fe080119bac50715c5903adcf349b8a484c90bb1021d5

    Download Submit