Overview
overview
10Static
static
7646538cdfc...bb.apk
android-9-x86
10646538cdfc...bb.apk
android-10-x64
10646538cdfc...bb.apk
android-11-x64
10createjs-2...min.js
windows7-x64
1createjs-2...min.js
windows10-2004-x64
1vpaid_html...e.html
windows7-x64
1vpaid_html...e.html
windows10-2004-x64
1webClipper.js
windows7-x64
1webClipper.js
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
30-09-2023 22:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
646538cdfc45e8ef64816ed9faf824b52cf6b856eada0e9dd4e3fd92f702b6bb.apk
Resource
android-x86-arm-20230831-en
android-9-x86
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
646538cdfc45e8ef64816ed9faf824b52cf6b856eada0e9dd4e3fd92f702b6bb.apk
Resource
android-x64-20230831-en
android-10-x64
7 signatures
150 seconds
Behavioral task
behavioral3
Sample
646538cdfc45e8ef64816ed9faf824b52cf6b856eada0e9dd4e3fd92f702b6bb.apk
Resource
android-x64-arm64-20230831-en
android-11-x64
7 signatures
150 seconds
Behavioral task
behavioral4
Sample
createjs-2015.11.26.min.js
Resource
win7-20230831-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
createjs-2015.11.26.min.js
Resource
win10v2004-20230915-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
vpaid_html_template.html
Resource
win7-20230831-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral7
Sample
vpaid_html_template.html
Resource
win10v2004-20230915-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral8
Sample
webClipper.js
Resource
win7-20230831-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
webClipper.js
Resource
win10v2004-20230915-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
vpaid_html_template.html
-
Size
16KB
-
MD5
7d7cb3d6c22da954fccb084f6c18ee01
-
SHA1
529871b15146f802c1c1fe2342b31db9e328bb7b
-
SHA256
05cb7160ec6766397cacbfc5d57373edbcb028917d81e2f2d748e27086db23cf
-
SHA512
a73d034079dba15d38bd14ddb81afd8af51b31a5c80cd83346556e7ca7f2ec927511ec3c151abf7cdc108ac4671b7623066e0375b30536e1503125354fa1a15b
-
SSDEEP
192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTtI:8U42Fn9qW4+EQNuSXIlodo4
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302c9a91e9f3d901 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2419523029" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31060969" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31060969" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec819325760000000002000000000010660000000100002000000076c44b3152de77705c8750ab3e4a1bbab47272304e612186b64de7f97a3bf9c1000000000e80000000020000200000006b312c9496243d7e6eca87b2b8317c3b39a12428c0d2f9a5c1668d5829ce04bf20000000be30dd5df185f7c533916fb8a675a04e15a67cfe8efea45cf68eca9a7aaf1e844000000081b257110f1a1eb3168faee8240f3c4b5e14f5ad70997a041a80e5e3036cf47f83bf51f3cc7e71822ba7d41f48e5640f0f4229805c7f66cc4afcac03056ce0bb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "402876191" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31060969" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ed7f91e9f3d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BBB7C5D5-5FDC-11EE-8688-DA5D5E1D8AF4} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2433429758" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001525ae190b18d34db1dbd7ec81932576000000000200000000001066000000010000200000009786f9e6c5cc398c8584855963444e8f0841d4f8fd4856f40fb6afc8533a2133000000000e800000000200002000000062a6faad7c52cf3fc3eb3cf146551c703377d74f3f70ddf82c6b02149910d045200000007d3c265de4532c5765e7ec995282343bf17043e075bc90f23adb5ae1c903450b4000000066f6d49cba77869cb595ff539432ba96adf02fda645f787c4932b71b520ac974fdc5cfa8a3b7b8d7a91711d4d16bbed84af43294fbbf2f531825583cc554f49f iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2419523029" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3108 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3108 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3108 iexplore.exe 3108 iexplore.exe 4892 IEXPLORE.EXE 4892 IEXPLORE.EXE 4892 IEXPLORE.EXE 4892 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3108 wrote to memory of 4892 3108 iexplore.exe 85 PID 3108 wrote to memory of 4892 3108 iexplore.exe 85 PID 3108 wrote to memory of 4892 3108 iexplore.exe 85
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpaid_html_template.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3108 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3108 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4892
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee