Overview

overview

10

Static

static

7

581097edf1...eb.apk

android-9-x86

10

581097edf1...eb.apk

android-10-x64

10

581097edf1...eb.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2023 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73c85c1421933188bd6709dc39e602f7

    SHA1

    95cf7aeb63b32550d83eca353de72f00fb49f0c5

    SHA256

    3671c41c700cd59673cf1cd7c492a589397b910073a13403280dbcc09732be51

    SHA512

    7edc1df01f226fca06c0b2de09375c6a19b0052f1aaf329863fdb265d47a44d9f9e0988470d563c4b1f04c3f8c159d135a01d26f2a7c07c968375d7715080008

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9db5a8ea0596144bb59c907dbb47d0bb

    SHA1

    0a573f53605663292102d391937e08d7850adc9c

    SHA256

    be4325adf7a6b122621c2e6424acb28da828fa4cbaa03cda5c135db7a55da8c6

    SHA512

    4be3b9a9484c20399ef150da0d90b3abfc258bfca56b9c8eb2bd3b17ee4cfbae05d0f4bd954a7e1e3d7d4db3f057c50f7fc407729788b72237485cc84a5360b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d46293dbf23076c895d73fe70cae858

    SHA1

    11b7799bea0d464330506b01479d04ae71266e9f

    SHA256

    2ef3b87bcdc79db70d10f3aacd81d67ae03737d4f743946bf79e7993828ace66

    SHA512

    9fc6b507135e373733a990b95fb020bf01a37a5b01d32fbc6aadd988f0fe85dd43f66823db2aa9f127b47aa123f33633e2ceae5a177eed0375ff0d3d60e2efce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97791a6fd2a54d752a732b561fda9d32

    SHA1

    6db738577b66aaa7c5ba07f39cc0e9a04274dd77

    SHA256

    2cba2bac7fe351eb3921bb88ae96a9c9515524e68a17882e54ad651701ebcf18

    SHA512

    d21cdcebd80ce96df395cd733556800f4ff0d2b113d4c112d4e0fb39947e2a79c967e4e18607fbcaac09e4b3aafb9e27adb1ef32776ea4d669af2bfb9b012dc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a13621c5cf62ab4ea8f24fe5080fa33e

    SHA1

    06d62f8da6956027d4c06ab59942f3346055295b

    SHA256

    50ff2316478f3e974a3dc1e0ac5090731db15becb15e207de7f017df9841427a

    SHA512

    a4250629d5b1d06d152747434af426773baadb3fb3e5e2dc8c7b0d31a61b499ced3ab550fb2cdf358e39c65a28d53f34f24c2ba63f4ed3de194aae8177943214

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f6893518bf5384ff1fd48704fa4fe52

    SHA1

    09f0ceb6c19fbb338011159f5f23dc7612d3b5dd

    SHA256

    0ddf594ba4007ca97b3a5e3d36e47ce79550e158d951bf0d0f8f487d243ba31d

    SHA512

    fe2808c9379937a273a4f4b6cfbf419dc65014cca496f636ead7d457b5d4765ac473d730f458840b81d412581940b1c068517653e6d305aaf1108ef389289939

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEWWZC8O\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab92C1.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar939E.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8GVGNEQ.txt
    Filesize

    601B

    MD5

    a24c33c352c9015ef99c1c9189295804

    SHA1

    c0e76380596f9254429f94135b2c04fd92ab0301

    SHA256

    1dc0c94ce591c83a0b9869813d5789fb689b2960461f7b7db76978c2d5f05958

    SHA512

    f39a6e35b6f25caec49dfa75631dc47f2f9d330e9fd28a8bc806e635373b6cd186e4b0d891cf3f5a8e4fe88d99493b61cfc6584efdbfe6c9dfb3093fbc0cb856

    Download Submit