Overview

overview

10

Static

static

7

b6b59a54d6...0e.apk

android-9-x86

10

b6b59a54d6...0e.apk

android-10-x64

10

b6b59a54d6...0e.apk

android-11-x64

10

callout_11_shadow.xml

windows7-x64

1

callout_11_shadow.xml

windows10-2004-x64

3

callout_7_overlay.xml

windows7-x64

1

callout_7_overlay.xml

windows10-2004-x64

3

callout_8_overlay.xml

windows7-x64

1

callout_8_overlay.xml

windows10-2004-x64

1

callout_cloud.xml

windows7-x64

1

callout_cloud.xml

windows10-2004-x64

3

callout_de...le.xml

windows7-x64

1

callout_de...le.xml

windows10-2004-x64

3

callout_shape_2.xml

windows7-x64

1

callout_shape_2.xml

windows10-2004-x64

3

callout_shape_4.xml

windows7-x64

1

callout_shape_4.xml

windows10-2004-x64

3

callout_shape_5.xml

windows7-x64

1

callout_shape_5.xml

windows10-2004-x64

3

callout_shape_6.xml

windows7-x64

1

callout_shape_6.xml

windows10-2004-x64

3

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_de.htm

windows7-x64

1

help_de.htm

windows10-2004-x64

1

help_es.htm

windows7-x64

1

help_es.htm

windows10-2004-x64

1

help_ru.htm

windows7-x64

1

help_ru.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    help_es.htm

  • Size

    61KB

  • MD5

    31772dae5e7e480072ed6d872134201e

  • SHA1

    4c19adebf12a2aa4be9773ee4226fcbc79b89e84

  • SHA256

    f088fe7faadb088d3f63ad8f6d6eea2d88abf4e7318e31e17dbe52d5e4f92707

  • SHA512

    5f19c826336d100b5d104002eb0b35dbaf24889225630a3e9c31aeab3d77d912adaec0470d1d0fbd2e60956a11eaccbff385bd7d28ef8acf7dbccc9434fe8e2b

  • SSDEEP

    768:hLYLmYEm9UhhJ6TJ5w7NKVwvTAybuosWqPOg+YS3+brRzf:hlYjikW7NKVwbootYXfS3Sx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\help_es.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1252

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    960278bb3e1e4f53d48e62bd52aa1321

    SHA1

    81d5667fd378d90d1238b8c1edecfa66c09dbfc5

    SHA256

    0547f4ef6b0f16239b900f9f1dc92a2fa4c4d920b3861326d674c874a7a13636

    SHA512

    46799b0f8d58f0106142271daec079aec4d497ac47a3d9c1bb84bc34eaa7831dbd523205438895433fd50fe5ee93fae4c9bf45ebf9394bf2b7710f2d5739eae7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fbea0fa65123da0c35229a7f9b28ec02

    SHA1

    facabaafc6230a1073845d7a34c53bc2e2255c69

    SHA256

    dca86f7849c2244e1d558266597a174c1c6ff5b0be1a3d0f1a2146c01474a60f

    SHA512

    9c9600b4d05c481a49d1de4e56390c919848fb1c243b1409cf687bc546b764e2c0dd16c8cd55dc39693109f2982ad3b7da3318690d882f18b11bd2b737a3146f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    722238b75757b86d03cf9b7bdc26a62c

    SHA1

    bcdbff2e9a5eac96f4316d694ec006a38c664c5b

    SHA256

    a17f108006e03bedd53740b4c1aa3a9c73122bc57b2e6d34915e76beded62512

    SHA512

    62b10206244b86ce7ee4909b1575bcd9dcbe3dee9c8343709310e1f6438b71719de1060020a1761a843105ba97197ef8b1b1e014b9b5cbfca9a4998fdf3aa5e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ff69d14c4e32fb01434e6b123088ba1

    SHA1

    99171c714cd772781b709d83dc122cf6e8a18bcf

    SHA256

    d9d7c359511dfbd888a5394151d04709f79ae7de665f609d3920397935bbc838

    SHA512

    5acd28387d102cf22bdf6ac2ff0f5aa271fa93d95f4d80e159313ceb0586057fd90f8c7f83762a74c5e83eb6f29dc5d628dff27e84a5a36cb4afc7714b36bddb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8148e62828d5a0171305d14609252b0

    SHA1

    a73283cd94dadfe9ac82b5a2b4c967b40427f997

    SHA256

    cd7ac099083532fb21749729e7839cd7c7d38e6909127f8b619415893b7472ac

    SHA512

    14bfa039af67729455841ab8cfc788ecadb107e0ddd2b32b9ef6fc5947dff388655e9ae0344a8d650c2ecb4798bdd7f3170c3810e384ab8c2f55588fba126e3e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59e58db32f7671c8a8c06453d4e69b99

    SHA1

    f0f1cc21e1ccaecccfd11c18dc62fa6f14d8cbea

    SHA256

    5f7fdfc25715e359309da3fcfb794c49b0eb5cb3960ff65f6594ccbcfe9e2f40

    SHA512

    d44fa6f8b8013b1802d869040d8f09bb4fca049fcdfd9250d4e25be87372976b273128734bd77cf7fbbac1aa090f9dd223cc569716ab9b28858006346dd6a49b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbfe2c8d749754057c40949ed2dd7abd

    SHA1

    0b6b02a2d6bceb45861e9e4552491c167df8308e

    SHA256

    4d59b7eeeb7d3bfb0cab448e506416a45dec6282f9fb03dd5ac239405e474cb1

    SHA512

    33d4c93a8e77e3cd7d551e14c70b6a125a253fd7ef21492486b2a65fa83cc845f8208aef9a4d579065c90885ddb70cdc3888098feef3db4f389fad224e02981d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74af219b12943f66347b9a52505bbcf4

    SHA1

    064c3ded384f94319d666183741978a42f3589cd

    SHA256

    db7bcd9d6e05f59a553e66c9344ce3bfafb6c514b9ccca42dce2ee2f253ea116

    SHA512

    c8bcfb7a098a754b13ddd2470eb1dd5e9cee872437be9310c3db8065e30db31c829fcfd2bb8daea1a857d891ffea51cafc9f2a84155ecdd656a7363db1f2bb13

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46dfea4dec7ecdef18eec361973630d8

    SHA1

    d045bebf581a8e3c852b9593e24d22eb6e6bed29

    SHA256

    a925ab679aebdbd8a216ae726d39c4aec4e528fcf0518626e9089931ca600273

    SHA512

    25ceb96736f3dcde24db637d18d11e07b04a76d65ab8769f1d72c45e0059575daade59e18c66a1e16d9d85fd34980d736ef09b6581a4e69a64714908fbe427db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    879f50beca2c23bc713d1d36c73e6569

    SHA1

    180d5cab49fca7d50896a1ac5c98ed5c70114f19

    SHA256

    8e15db61636e935bf14c139acac02d03e13b9a9407deaf801f4fd3746131e605

    SHA512

    b9e79582ef3cff230b0b993609e59a9383e03c8d4af78c1147f41c2a42eaefe9b632b9c08b8e80817b0e199d261947f614f022571f82eb85e3ecc54defefee3c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab93F9.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarCEBB.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit