Overview
overview
1Static
static
1__40__PRIV...k.html
windows7-x64
__40__PRIV...k.html
windows10-2004-x64
1__40__PRIV...k.html
android-9-x86
__40__PRIV...k.html
android-10-x64
__40__PRIV...k.html
android-11-x64
__40__PRIV...k.html
macos-10.15-amd64
1__40__PRIV...k.html
ubuntu-18.04-amd64
__40__PRIV...k.html
debian-9-armhf
__40__PRIV...k.html
debian-9-mips
__40__PRIV...k.html
debian-9-mipsel
Analysis
-
max time kernel
26s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
24/09/2023, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral4
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x64-20230831-en
Behavioral task
behavioral5
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral6
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
macos-20230831-en
Behavioral task
behavioral7
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
ubuntu1804-amd64-20230831-en
Behavioral task
behavioral8
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral9
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-mipsbe-20230831-en
Behavioral task
behavioral10
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-mipsel-20230831-en
Errors
General
-
Target
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
-
Size
5KB
-
MD5
2dc7809a7f76728f5bca80368a9294b5
-
SHA1
f96e6ab6cc83de3310c456c948dbcc7b3ea98bc1
-
SHA256
24e5e44bfb36f214131262fe662a677c5be09a8cba9fe6f52e68697f73d17950
-
SHA512
a4a258aaf0e2b49fe31caf7f04f5ffe0bfcfd72aff24aa878890103ac7bf91fdca8d2b95af89e94675adef4de48dfd1afbf62aea4b1808d2272f6159befbf257
-
SSDEEP
96:PNysDsT2f89IAwrEKBmbzZYUK1I0shgbnWLihX08cl3WAEVCzwlKj32EvhXiQT2/:PN1YT2o0rENbzZXKa6LhX09IC0lQdiQM
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C826C7B1-5A7B-11EE-855F-5AE3C8A3AD14} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2124 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2124 iexplore.exe 2124 iexplore.exe 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE 2180 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2180 2124 iexplore.exe 28 PID 2124 wrote to memory of 2180 2124 iexplore.exe 28 PID 2124 wrote to memory of 2180 2124 iexplore.exe 28 PID 2124 wrote to memory of 2180 2124 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:572
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:2112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cfeb57433d436e095b2c56bc9e36ac55
SHA19a4b65f671fa6c70180cf3c7eccfef434449f5fe
SHA2560a207211ebd88ff3068fa2593eae4d4b506293e6e30b612de34ef00d6bc0e468
SHA5128905fa173783def409032dc671ce72cd29f6001d21db6715f11504f636a9eb750f90aade823cb55f3507f14de5b0aa772e41591133d647bcf6e9c7c3c2025d49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD575484a2850f6fe6f9b909665ddbe888c
SHA1b15cdaa7a9f051a51dc2b39e8c6fc9f290c4e6af
SHA256c4e634e7c0e18369192b91861cecfabbe4200872fa8cd72c03b59cbf4e476e77
SHA512a1a3d6760571af1d05fdbeb98e5263d34480f978bff96b69ebc1ffc18d492bffcdba679980769a30ecd4481374860486dcbde9d07681be82c60a40f892ebb9cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fc16a3f7abcbfd698169e1f69431f866
SHA1ebf4744808cd96b8952faa96f55de2b4af613be2
SHA2561a9435f9dcca7de58f8b1e7c1324d8d6cb48675ee7f0f2f5418b3761f878d021
SHA5122c62083d76895bc4b0a1643d1ad8a78de7d205ae24ecc9db93ee188fb3300635f6954ff2f7ed745d1675cb7c642b07befed3c07c14f1843b60f77f791045fbf8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD592f75cb847a48aa8e9f4aa461f85a774
SHA17eaa76605ef708f292511dd62fdc3e3b9b48f56d
SHA256263440c0ad19409373141d8f440d8340f79fcfcb09a0533a7c791bd4b516041f
SHA512372e82271dcd5ef300735ca9127ed9f292411f02e41859522d8bef6eec52440cd4b7b83f6698cc8efe7e6f8a552a3158c8496286f7bb93a83513938862211576
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b5065961968ded96a20957cc979269f8
SHA1a1185685103fc1ed9a3f8a86a98eda9491bc175b
SHA256c43a2d639cdc53ff56066756b18cb501fcc8f6ccc07881bd9b5e2114adcf31c5
SHA5129dc3d0fd5d47aebbd075df99dd402b5565f665a4ab79d846fd4498761d700638b7b023d505118726cbd7a683b2e56cc1e232230e5e99d636fd5a654bdbff23c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519f8ca3658f237c9c5a7fafdbec337f9
SHA123bebb398c863da2acd48037bce1c9bff1b308d8
SHA25697e607c094c3dd9993d910e4f2c9c2173a0075060621ad0c5c72f93cbcaa4fce
SHA512fbb93e90dd88a59ae940d49ade69b16d151f116f002e56590db31590cfbfbc54f073d72a2be8e2a1c8c5d36aa82e218ef91c00876534c4057f641757f74dd8f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c102cb0f87e767897db284f242031314
SHA11a1d5c2db583d2411edafc545559a23ce59a2f78
SHA256db5c3c03d9058c9c66b0585e167d4bd68fa8bcdd674f30aad64dde5a5d154738
SHA512f303447e4a6fc09e84475bf75e93bd811d4877548f0df8a4e927ca6dcd984e8f48671a0381c79dc28a1771f2ffcb9c974c5608e05ea19aa7c8f2cb660aae6030
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD536b25d52c8c40c60610177f7ea9ddf5d
SHA13b9da2928d3842e761a3a0ee535c6afe886eb34f
SHA256b8c6383bfdf075c7daf079955bd09b574d7a28454cbcfe707d03357be999d474
SHA5122ad006a8dedafb619ddf172532217de0474d700d3ae6df3bc1bbdb5558df062e07051d65fc53a78d71c6595f08de11e1d655d927f3bf96b482b4dfc39a433e41
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50c2ff77040303545bdff6eabc51e431e
SHA19909c05bd0d439df20fde11a779c01a95e232549
SHA256c46d71fb617f10fda7bab55521a3cfc4fa5e0341555fc2b0947488b544e4694e
SHA5125950ca5e934fad37afdbcc96ef5b268d997dc348eebf8aa790b276b33bf41016334b3b2cb9cea0a1eb36b4442a00ed465b4163e9d19fe292a6a766f0bf7a8620
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf