Overview

overview

10

Static

static

7

8319695f2a...64.apk

android-9-x86

10

8319695f2a...64.apk

android-10-x64

10

8319695f2a...64.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a1e22afbd7012dfbfe89736b5285136

    SHA1

    49b8652c8a1e3e28344ae927c6ee85c328fba4f8

    SHA256

    22121d94b9c2ac647b89cb841e99b59daa920cbe1b46f1c1db5e643b10a1e35d

    SHA512

    14f9889ab236a3a6e8453304391c1139684c410a882f60ddd4b5c3cdee27556535fe16a669ed207024e4dd8b820f20e1a635fd7892c1fbf23ee84c134b3682d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd32d3b87ca59b900d9a317773a88991

    SHA1

    9e697a8309f9907cf4af2c036effb4713effb28b

    SHA256

    f416a69683904544c573842c788ea8094476b7bd101e3ff635983fb6deadd241

    SHA512

    1ba80b7287fa3b35f049f6bb656e937edb976fcb6781cf1ca8afe00fbb18af8ce38cb65b51215c25c6f211b08b3ea980a70b9c9369781b312020cea0fd323605

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c7ab01481d9139ad912da583797f863

    SHA1

    025591caf22f1ef4bc50d126db37d9597109bc35

    SHA256

    afb62d64510710b7b59ce3cabd75cf68075b45c18f7fda1d45c1d569a2b7bdbb

    SHA512

    4f10ba3d35aceb159579e7a3a25ad348381aeacfecc9de2e71dd74387c4519507f1488fbe0e293cbaba6cfa79f01849bf2d51853396bf27be17a01488fb888be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b451ccd8570baa616c9acbf2a30c12d

    SHA1

    6b95c7766d749443172c77a23ddc2c7ffc17cbe3

    SHA256

    e9010aef51930362935c03d5c39da5b16adf5c20e8f766e08541952687fc07f3

    SHA512

    de25e77f1e68b0b37fffdc733b6ae21c673fbfa3410d42304b7b6d079abf672dfdf596220b508c90fb0f14bbc5762e9131bdd5cc60de4b5b1583c5a1b3a3c4f4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3742355bd7abdb4e3d8393ef43643e3e

    SHA1

    0deed4852a2d5f3ac4c5589d121bc229cc4fff6a

    SHA256

    4c1839e6cf43b2805c7713d6a7e782d39baa6319f9094325b303fe320dabe1ec

    SHA512

    f22058e01bc1c630ee523da805bfd1300189321e02a218684176565c7b75909070f82fc697f991725ff9004df4bf96e39ac0ea318402e7eaf917d19c6fbfa53a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74d3745aa7a803b405079dfb544a4c57

    SHA1

    4e3420794ce829ae297a7e8253bb9017fb74c159

    SHA256

    a4ab14d99eac378e6bf6636069302c23b7b76a7de50af36fa57bc0237048f060

    SHA512

    3fec76ea7bc3eebead088e3f19a0533c1fe9436972493537c4ab92ce5bf547719f0e2eb2fb0345122b0edea0039ef951e5e960cb0e4d166e28b41153777f1448

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3f6f6734bee2ae487de28cf7949afb7

    SHA1

    43bafe6191caaf74a8bf0e18edec7e3e725c6b52

    SHA256

    d0e4010af49c6e010a32a5551facfc53e96028bdaf38edcf88faeeb32593946f

    SHA512

    080ce29d0892669644f4897721ae1552472c03013010a04f6bb73f3d9b6c488f202682dbc98249c94399246ec75191da3df969886e694153705b107ce968b848

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6cd72c60947ff78b3ffe5dc4e14672c

    SHA1

    7994c8741835d0b1521fc368e05d03637548c5f2

    SHA256

    83f432e9a1bc6c0f08a6691f659a43f0109dc6d589f908e49b47c48131fa5b13

    SHA512

    cade2944a85f5b90ba15d90b2c1ff182a35d899b53f003bac4943a92f248a90ec632ada4ae58d5af88b8dfd6e367022a636ba1c4dafc2c7f3208fa719a79104e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f62fceffcc551d8950d29b0bc9031e9

    SHA1

    0f4b3c3a30f7ea44a345083b5a8d917626798b68

    SHA256

    755eb8d3f814c579fbb0dea3398add0ce25167c484fc2091ec890cc2d13b8fb6

    SHA512

    0da226add2eca26140c8c5967800b99c93198d6b5b2af1e78e2bbe458b3d2ee6751fb3428b68b0d134728ed28dc084d0247d484621f9206cbcb9767def946e1c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdb39522382471a3f0fc12d040baf5c2

    SHA1

    208132fa78209d0cd4e80279d3c50e7f51a46fb8

    SHA256

    a9e60fb6b5e9a451730ced852b6e070404d9dbfb3b7de0668e2ecee0c83cdfe8

    SHA512

    090b4f46eceb0e6bd3223f55e27f0d5a8e6310788dc3ed2e6df4a53f595f50386b06566ea57a7bfaed13db00903504592d0df24690ab72b966831ee9a7844eb0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGCFYHZ3\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabCB1F.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarCB7F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W2EJYLGQ.txt
    Filesize

    606B

    MD5

    c37260fcf1162f93d2f21cbf670d1dad

    SHA1

    62d2cbab3fe6eb6065a166fde87cf6c6c4d76b9e

    SHA256

    9f5fcc1cbc81a993b58eb864b982f6dc57c00b3a0a0ab4855ace1802463d0b4f

    SHA512

    f50d17603626b9b71b8a7522c14e22997f5f56ea7bb15141594b3360757866c3a3095f66632f315f4a2d83a747bfbb198f7f749eb14f3836b5464ef411eb6b99

    Download Submit