Overview

overview

10

Static

static

7

47d576daa8...81.apk

android-9-x86

10

47d576daa8...81.apk

android-10-x64

10

47d576daa8...81.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    closebutton.html

  • Size

    981B

  • MD5

    c8efa039f4f84b2705a8e3a3b31da61c

  • SHA1

    669749429feda1599c4ee980cfd67fbb1a54c1a4

  • SHA256

    494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

  • SHA512

    db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    041342be09a8a28b77707748ff7707eb

    SHA1

    852d0a9c37a0d3eb96cc062726db62659ccfcaf1

    SHA256

    79c9cef384c237136bd63aaa3fdbf5efde833c04399225a2707178ef452f3801

    SHA512

    efcd83a7774309a7e8c5c9499b84170a1a65c4452fe831d8f1a0613603a40b2bba1868568ed3d8579283e5d45742b5faf0684f0094c14f30078adde82eb9b682

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc9b28c076f93624aa9206a3f0c5c74c

    SHA1

    29dcaa4deed8896acf83614a9417747a7bd5a1db

    SHA256

    f4ab749febabb9def6ee70e59e346a70aeb51059167ad8ce5f2e2000f8714fbd

    SHA512

    a2825f3268b685af6a2449ba7e31847a36deb4e090b899821acb2b0b38c036b8e9003ad6300cb3f943c7100ae7f39f57ae3cbcfbc2c2d669fc51531700ee05df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    094c5ecd2f0e1aaa883cfb46c6dad707

    SHA1

    62bc9644384a6fd765f6e903dc5517f8d99e0050

    SHA256

    bef431f712620cbc6c7989c4330e5894d0076a065aeac243b172da0bef483e75

    SHA512

    abd311af3ace5cde5b0d2ad2da6914f2511f6ffc3815e5ed9ed4f602d18f98b0aef679cb4c8953ccc3c8d7dfcdf356a46110c76906430e3f77a435801b046fa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    884d32f88b6cb13137131293f6036d8c

    SHA1

    f4b0c6a3760228d5209bf96de38f0c6714f9d517

    SHA256

    41d925fe54ea353c21e179836479d493d53a3ab09bdf4f62a9bb85e266e80e3e

    SHA512

    af193a2ac0236f3b2eaf205cf3093c268a235925319d8dadcb1b00208406a93a84fc9905684618afcc0e3524d7d9d55c85ddda5aca14eb9172fa841d31861be7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef0e58eb1c6ab0983c686de7998e6f69

    SHA1

    74ebfb34f6eb1dfd3a81edf60580e9fd226303cc

    SHA256

    31ccaf099ff20de19bc707d67964e13391374a78031818f3b0d991f360198c7e

    SHA512

    bf98b8e7e9091d51ba579bf5f7eac66a3f8bcbd7970e960614cb8de6f679e11bf479d4212d3c9617f65241c9bc89e425ccfba2a8ec91042dd7a2cd903b42b8da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c03f1f2ba9b01d96175deefe4883195

    SHA1

    52267bc669cae1f9045f7bdc77305955ddce25fa

    SHA256

    219a73ced98c13032a9106ce4c63c3f5730e7ad9ef06cf59c19e8338d7a666fa

    SHA512

    ccfcc869b44b62b84b8580539708474a359e82d3d61fcf1b60ccb5404702586e5fcbf1305de60fd9d9f2e99f6efcafe326c88976de7375771c24c2939e4e5f0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40c1e184166b6c7782456e13fa5dad60

    SHA1

    495d429f14fca4cbe1d616330de46688eb2d2e2d

    SHA256

    bdde176fc36653caced36e6e701c848071eed4f370f5b8a6597d3e70cc8f445e

    SHA512

    d1b34d0f52784c98eddb6829132c79c2956ad00b8dafa1a1ac8bc2631846a5d07f43c33bc1893ba6edb916bbc55a4d9bd76be7ba9a8e090baccad4eddbfaf406

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9M1KBX1\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab91A6.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9237.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XHVZ08LR.txt
    Filesize

    606B

    MD5

    1350811c2cdde7e07b3e27be63cb7af7

    SHA1

    dfc5b0a4ab818dd8a1946ff30f45aab7f41d5167

    SHA256

    1f8f93bd472ab07ed082a9ef6f3d614c98a67ea0060ea719f8f10b1c977da62b

    SHA512

    5f74ef88e53296b53621a2663d2007781601f72b5ff6e5ecfa4a7643d55b467c32a0576cbcc488a8f49b83daf69ad500f4709bfee7d62b1188699b56aa5d11fb

    Download Submit