Overview
overview
10Static
static
10c2c29a35f3...JC.apk
android-9-x86
6c2c29a35f3...JC.apk
android-10-x64
1c2c29a35f3...JC.apk
android-11-x64
6cid
ubuntu-18.04-amd64
dt-mraid-v...ler.js
windows7-x64
1dt-mraid-v...ler.js
windows10-2004-x64
1dt-omsdk-m...ker.js
windows7-x64
1dt-omsdk-m...ker.js
windows10-2004-x64
1fyb_iframe...l.html
windows7-x64
1fyb_iframe...l.html
windows10-2004-x64
1fyb_static...l.html
windows7-x64
1fyb_static...l.html
windows10-2004-x64
1omid-sessi...-v1.js
windows7-x64
1omid-sessi...-v1.js
windows10-2004-x64
1vpaid_html...e.html
windows7-x64
1vpaid_html...e.html
windows10-2004-x64
1Analysis
-
max time kernel
127s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
28-08-2023 17:34
Behavioral task
behavioral1
Sample
c2c29a35f3202b750d2bdc8eece7f4a117bdddade7238941d92f7e8ef731d000_JC.apk
Resource
android-x86-arm-20230824-en
android-9-x86
Behavioral task
behavioral2
Sample
c2c29a35f3202b750d2bdc8eece7f4a117bdddade7238941d92f7e8ef731d000_JC.apk
Resource
android-x64-20230824-en
android-10-x64
Behavioral task
behavioral3
Sample
c2c29a35f3202b750d2bdc8eece7f4a117bdddade7238941d92f7e8ef731d000_JC.apk
Resource
android-x64-arm64-20230824-en
android-11-x64
Behavioral task
behavioral4
Sample
cid
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
Behavioral task
behavioral5
Sample
dt-mraid-video-controller.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral6
Sample
dt-mraid-video-controller.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
dt-omsdk-mraid-video-tracker.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral8
Sample
dt-omsdk-mraid-video-tracker.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
fyb_iframe_endcard_tmpl.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral10
Sample
fyb_iframe_endcard_tmpl.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
fyb_static_endcard_tmpl.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral12
Sample
fyb_static_endcard_tmpl.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
omid-session-client-v1.js
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral14
Sample
omid-session-client-v1.js
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
vpaid_html_template.html
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral16
Sample
vpaid_html_template.html
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
fyb_iframe_endcard_tmpl.html
-
Size
520B
-
MD5
7844cba73b7b4b439b587dd501e92d82
-
SHA1
25a452bc6886d0e05d4a73da785021fd4c477a04
-
SHA256
e042e304cecd19bb6816de0150d3895e2717e66dda91f7e189610687c049dae6
-
SHA512
f54c2d7c0b265aa7c6feb18b8fb6740e01c9e3aeb19bf420d39832737fa59eed8fb959c8aa8a99c0efc87ca3399a244a918f0b4e90b0ee831a87e8afefdf2711
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054294" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "129247275" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000531a36072522dcbc935627055f651b93d758ae6319cc00dd2b3d48f46a50d5dc000000000e80000000020000200000005005a28dd8167b469af64cce1b70c2825d954e2ef5fd177a309cb5fac693b8462000000045ea704c687ae631a273a8a5359299cfa1bace58571589307e123280e82cf72a400000002d6ebbd379aab8f7193d0d6f42665629f814c1645006046136818fd2a09454bf35fbfbefda853acaa5309d1ca25b6eb25e8d50d32c70d20433ea3f6d379f1c59 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0867708d6d9d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a07bbe79b265d14db3b0aa02a388214700000000020000000000106600000001000020000000ea1a5a063715c64e85e7285a54d63011dacfcdc99ffbd7be5a55f5b3003beb42000000000e8000000002000020000000b29ec29d298918eb2147d6c2678de9a4b384ad03c180c43cb94511f0cf657d1020000000f279dbc88a9a20b9419a9ddb7e546b3a28d79fa1fcdead1bed104aa1182daa7c40000000405d2e3ff292bc1097846e1893aba2302c54363f8732c55027be353b54156b376c30c5c0d01a2eae41c085def46df9f599d400125a4a513f240ea03212e4a882 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "115185159" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0296208d6d9d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3243E14B-45C9-11EE-A61E-5258CC6B9027} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "115185159" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31054294" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400009068" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31054294" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2528 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2528 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2528 iexplore.exe 2528 iexplore.exe 3332 IEXPLORE.EXE 3332 IEXPLORE.EXE 3332 IEXPLORE.EXE 3332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2528 wrote to memory of 3332 2528 iexplore.exe 82 PID 2528 wrote to memory of 3332 2528 iexplore.exe 82 PID 2528 wrote to memory of 3332 2528 iexplore.exe 82
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fyb_iframe_endcard_tmpl.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD59018cd3996d0187056dc54871493631b
SHA13b5ea7d765990bc368cc83af3eeb6eae70e5f3de
SHA256050d06eec9c32981dd4cb6a9ce6fb86fc23f14f4ba4b6ee4de6c58e0b8f8425b
SHA51289a51f301f3bd872a32672b59d2503b1fcbf5584fb7c105666eec13fcdc70b5665b6f7eb132fc341f41889b9b27bd821789d21ab50b5a65773a17d99515d1fe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD57484401447e43891d1f4c168ef80be53
SHA1be882296696efa90a8482aba421e5189e43c5c8e
SHA256d2d2af1a6b24abc4fd2c27220e009a806fa191770de9e72c258fc92e86308957
SHA51222a29fd46cd7d00b22a4e48fb222952d4ee7bd2cb3f589e03db00d354ff8a58bbe9679dd789ae0f8701b8b41c8842d67cdeb950df6a6500cdc9b28036ebf4f85
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee