Overview
overview
1Static
static
1__40__PRIV...k.html
windows7-x64
__40__PRIV...k.html
windows10-2004-x64
1__40__PRIV...k.html
android-9-x86
__40__PRIV...k.html
android-10-x64
__40__PRIV...k.html
android-11-x64
__40__PRIV...k.html
macos-10.15-amd64
1__40__PRIV...k.html
ubuntu-18.04-amd64
__40__PRIV...k.html
debian-9-armhf
__40__PRIV...k.html
debian-9-mips
__40__PRIV...k.html
debian-9-mipsel
Analysis
-
max time kernel
1365s -
max time network
1157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
24/09/2023, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral4
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x64-20230831-en
Behavioral task
behavioral5
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral6
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
macos-20230831-en
Behavioral task
behavioral7
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
ubuntu1804-amd64-20230831-en
Behavioral task
behavioral8
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral9
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-mipsbe-20230831-en
Behavioral task
behavioral10
Sample
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
Resource
debian9-mipsel-20230831-en
General
-
Target
__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
-
Size
5KB
-
MD5
2dc7809a7f76728f5bca80368a9294b5
-
SHA1
f96e6ab6cc83de3310c456c948dbcc7b3ea98bc1
-
SHA256
24e5e44bfb36f214131262fe662a677c5be09a8cba9fe6f52e68697f73d17950
-
SHA512
a4a258aaf0e2b49fe31caf7f04f5ffe0bfcfd72aff24aa878890103ac7bf91fdca8d2b95af89e94675adef4de48dfd1afbf62aea4b1808d2272f6159befbf257
-
SSDEEP
96:PNysDsT2f89IAwrEKBmbzZYUK1I0shgbnWLihX08cl3WAEVCzwlKj32EvhXiQT2/:PN1YT2o0rENbzZXKa6LhX09IC0lQdiQM
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10876a5fa4e7d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ab465fa4e7d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C9DD7354-5A7B-11EE-9D98-7A9C7BE51529} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f0000000002000000000010660000000100002000000056ebd5ce54172f503d3ce5c1bf6fe4c1b7d2d48cb58c0983a27d88249a64545f000000000e800000000200002000000059844e0fd93d74edeaba3ce37294c7c18269ab3f0d2c46f2eb03d4ff14db7ae82000000012cc4343ef7f1fc63772cd3092e3fadcecc687cef2803fb5f7eba13ebd4ff6e44000000004afe2913cdb90ff3bcaf31dd2cd2db7520bcc985ec5c10a6b7f345a444bd670701012b82a900b7da26296cf7fa61dfaf9f6b126399e444515796f54f506830e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f0000000002000000000010660000000100002000000088f247c83a39c0b4890c80c4e6014b1e45d764baa1b08aed5170a669856d259d000000000e80000000020000200000007aaded0848763f2d49f4a28b95bcc6855fc2fc5f393fcd34a1d3aa821375aeb6200000005abf7dd497066c72ab0358946ba19aa754d987c1401e0d28d2b63572d3102b1540000000eef5b7408ddaea1ac7a037767a3c8ecc302350ecd7d4362697964b6ef6fb369dbb2ccf10358d571c8d0ea65a203f6345289322a404af5c6545ef9de57e8d24a3 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401527056" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1456 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1456 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1456 iexplore.exe 1456 iexplore.exe 2472 IEXPLORE.EXE 2472 IEXPLORE.EXE 2472 IEXPLORE.EXE 2472 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1456 wrote to memory of 2472 1456 iexplore.exe 82 PID 1456 wrote to memory of 2472 1456 iexplore.exe 82 PID 1456 wrote to memory of 2472 1456 iexplore.exe 82
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2472
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
16KB
MD523f418d1e79260ce61990128236f8a1e
SHA1e704f605295e33843445bad948bb911eac108883
SHA256cd8ebf4f0b01a25b141bc4861ee79a799de364575d8fc93deeb5d908df3e02ce
SHA5127dc3ae2849f70bd83861b804de8d88bd9180abded4a775f2ac7ba759a99c74a7f910723c4c652704b61b96f3922d63698f5cc568bb2ac97c783c548b6f642c63