Overview

overview

7

Static

static

7

𝐯‌‌...at.apk

android-9-x86

𝐯‌‌...at.apk

android-10-x64

𝐯‌‌...at.apk

android-11-x64

𝐯‌‌/app.js

windows7-x64

1

𝐯‌‌/app.js

windows10-2004-x64

1

𝐯‌‌...min.js

windows7-x64

1

𝐯‌‌...min.js

windows10-2004-x64

1

𝐯‌‌...min.js

windows7-x64

1

𝐯‌‌...min.js

windows10-2004-x64

1

𝐯‌‌/kos.html

windows7-x64

1

𝐯‌‌/kos.html

windows10-2004-x64

1

𝐯‌‌...ger.js

windows7-x64

1

𝐯‌‌...ger.js

windows10-2004-x64

1

𝐯‌‌...ger.js

windows7-x64

1

𝐯‌‌...ger.js

windows10-2004-x64

1

payment/cs...eb.ps1

windows7-x64

1

payment/cs...eb.ps1

windows10-2004-x64

1

payment/cs...b.html

windows7-x64

1

payment/cs...b.html

windows10-2004-x64

1

payment/cs...d.html

windows7-x64

1

payment/cs...d.html

windows10-2004-x64

1

payment/cs...t.html

windows7-x64

1

payment/cs...t.html

windows10-2004-x64

1

payment/cs...m.html

windows7-x64

1

payment/cs...m.html

windows10-2004-x64

1

payment/cs...t.html

windows7-x64

1

payment/cs...t.html

windows10-2004-x64

1

payment/im...er.xml

windows7-x64

1

payment/im...er.xml

windows10-2004-x64

3

payment/im...go.xml

windows7-x64

1

payment/im...go.xml

windows10-2004-x64

3

payment/index.js

windows7-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2023 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    payment/css/fonts/woff2/IRANSansWeb_Medium.html

  • Size

    28KB

  • MD5

    bb6a9fe5edb6791184821d992bffdcf4

  • SHA1

    675eed1aa8008c971b9748fc722bcd83469b7593

  • SHA256

    f0df32a86465d005467a3db05aa101c6c626df4d02830d4da2ac696da8a7af93

  • SHA512

    1664a1ca5f8bc0fdf911a4c13c954542f52aaf014079f8a2e4ab95a38e8a448e6d0c27172797cfed4a6fb956485031a1340955456ab28070f88d3aa605d8fdc7

  • SSDEEP

    768:19NgPW3Skxd3Mq/BvvBqTYrzFcO/jw81afmZ6P:7NgPeSkvMW3BqTYnFdE8gfmZ6P

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\payment\css\fonts\woff2\IRANSansWeb_Medium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e49815706cfb84ce47e23505618c079e

    SHA1

    6aff2afed75039994c7293092e4687564b3d4770

    SHA256

    fc1403736e5f6dc63ba17f813cbfc634bb2dbe9e678f8639e3908dc2c1da39ae

    SHA512

    b5db4ee406973fc1267d4327a698a8ccd823a05eb896b262e82fcf2baf3f09764ce3a43050e76bce87a6c1da39ed8df27367920bcb8cdadcab4ef2d97700cefa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    770f07688c3615350345ed6da93cc8a6

    SHA1

    084db9bd22170b9294ecb19a3ba5ef1a726a6cee

    SHA256

    1cef1e46a66d7f436cb9258313a5a8c5315159a70149658bc7fc1f82731732df

    SHA512

    30c39fd90e652705db4d6db9b8daa45eb846dfd1912a9e8e7ad012909bb0ec206c816a9bdf49679aeebbbc912ef2bd15630731588c4744b9947c7d54b53fca32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02d90fec88409dc1f305cc8a009fbf7e

    SHA1

    2e87f05c875257e67b5331a20c56d2e8a93ecc9e

    SHA256

    f929d8334e74208c16fd2ac88571e519f4c735fc5c7ceafad9a58cc8ea4eb20d

    SHA512

    d28905ef748e3eada16fefaefc21e6c242b9a2e5bfdcef3b01f07453c1ef26d45f2441e3ffaa409d5036eef50fb7ba4298fbaa1d1bb49bb981d7cfbf74f7f6cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c28d3e54b26190d3fd67e8153b32ac3

    SHA1

    98fe304532ba03c1fcbce4c18e0a97451e4ae732

    SHA256

    3fce2570906c49a1f82e4ea8ed6bffc1f0619995b807b893c02a811ca31d7bdc

    SHA512

    a062d3ba3cf88173b0fbb765d24fa20051cf2ebfa49a140b3c7b44477e83c1eb5896e74cc8da69468121b06c70bb42d0660704e9f3ba32ddc0b937e84bc99b5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f64fb744404e11beb813a668aa987c2d

    SHA1

    acd11802c1a1b4117a3acd8ec6d62f2a19a6a2d2

    SHA256

    0bcbb56578033a3dbbaf1e48f04e5e2cd4f4bc8eb84e3f3262279e412f6173ef

    SHA512

    5916bb22049add86184833bb31fbbe06d3909cdfe7d137e3bb7c7c8e48e41602ec0318c346287e5592f2e8856a8a59cabffc9f73fb209a5ddb75a0c59d453d2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37aa58254f9ca2134460c8ee910fc6c1

    SHA1

    c2ef488af414c0c475848812ebbccac919a027c9

    SHA256

    920b640c3b7ba40faaf04a336fc5afd14662a3c15d5a48707b44fee8478af21b

    SHA512

    085e1a110333cd5572c1d456928ca13e8bb56a02c52f16cb9722c4867e563dd32b8fde0362805269786a0990fbf1ab2314b8c71e825fea4a9b8a7039d469373b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0dab956ffda87e0f95a319aac37f13e0

    SHA1

    789027934168cd34e9daa9e5d6e6207dfe586968

    SHA256

    0d625e97e4eebafe63963f92a7c6425be74336b3e41fb40d55f6c7a9283efdc2

    SHA512

    1c067300fdb52e911de75bb78f03162f72ab8a9c8e50773beb905f7598e341678302ecc481097773dad8ecacb9d223bd9edfaf4dae8cbe09208ec6a5e8e3271d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17bc13e900c6035a458c207461a684a1

    SHA1

    7e461f3384dca04c45b036503189c0ba4ec0114f

    SHA256

    64cbe93926dc0d900b151d61262baf6ba7f1b3b5992e9092bc00d4753f19c3ce

    SHA512

    9cb5da2cc0773eeeb89a9d038ff55101305f3bf9bc248e82f94b82ce93b175c423edb416abac0ad9ce3d10c48e174b6b393d99c473c3173d4e59f8a9384f5e7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c1cf9aabfe04786e913552a85a89770

    SHA1

    59cd1056f73f4d2615e9050c9f5bdbc48ccc570a

    SHA256

    6a923e0d9697c431ad57f257e033c800f394704c1372280e4667942fb708eb6d

    SHA512

    f7a99571cb12cfb603d7e4d3050a610fa6e3985ddb937cf280a0ec7d9525bf1761d77cfaec5eac8409ab43e67123b5e3935e706cf07c6045c4485c0ee47dc34c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d43a823d4ba4351ac60bfa659a6413a7

    SHA1

    88cf3f6c6d64ed84e1199959a33e62e3a0277958

    SHA256

    c0c110bafb7a8f960ed27c41813c12a2970622ef861c1b7ac29cb37aa0de7680

    SHA512

    dc215f5bd063b43e5d33b4504bd8a676f91573a155f4be47cdb667708f9b7e959d97196d6863a0cf92a3748696ef6843097be3a363707f81cfa1ff103fec4557

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98709554db966587d5e2ddf2954fd1d6

    SHA1

    c6341007d20c54652a6d1789c6069262c7acb6e2

    SHA256

    d6eaffef46d3280b16f200d15ff4a11088dca2b68dd1a1d1face9e49ddc60b3c

    SHA512

    28dd87eb82655415977b6d65d9f0bed128fe9cce9e646e03bca70e7e99232450b737a860d40b6aab4faf94aba6bc0aba48dddc4256420f9e939ef14c44790b60

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9263.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9498.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit