Overview
overview
7Static
static
7d223178c81...a6.apk
android-9-x86
7frag.sh
windows7-x64
3frag.sh
windows10-2004-x64
3index.umd.js
windows7-x64
1index.umd.js
windows10-2004-x64
1libwbsafeedit
debian-9-armhf
1libwbsafeedit_64
ubuntu-18.04-amd64
libwbsafeedit_64
debian-9-armhf
libwbsafeedit_64
debian-9-mips
libwbsafeedit_64
debian-9-mipsel
libwbsafeedit_x86
ubuntu-18.04-amd64
1libwbsafeedit_x86_64
ubuntu-18.04-amd64
1platformProtocol.html
windows7-x64
1platformProtocol.html
windows10-2004-x64
1popup.html
windows7-x64
1popup.html
windows10-2004-x64
1userProtocol.html
windows7-x64
1userProtocol.html
windows10-2004-x64
1vertex.sh
windows7-x64
3vertex.sh
windows10-2004-x64
3windmill.worker.js
windows7-x64
1windmill.worker.js
windows10-2004-x64
1Analysis
-
max time kernel
132s -
max time network
189s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
07-10-2023 23:49
Static task
static1
Behavioral task
behavioral1
Sample
d223178c81c5a5eb469f520edd8da27b93ea7953102de7be4a330367aa884da6.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
frag.sh
Resource
win7-20230831-en
Behavioral task
behavioral3
Sample
frag.sh
Resource
win10v2004-20230915-en
Behavioral task
behavioral4
Sample
index.umd.js
Resource
win7-20230831-en
Behavioral task
behavioral5
Sample
index.umd.js
Resource
win10v2004-20230915-en
Behavioral task
behavioral6
Sample
libwbsafeedit
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral7
Sample
libwbsafeedit_64
Resource
ubuntu1804-amd64-20230831-en
Behavioral task
behavioral8
Sample
libwbsafeedit_64
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral9
Sample
libwbsafeedit_64
Resource
debian9-mipsbe-20230831-en
Behavioral task
behavioral10
Sample
libwbsafeedit_64
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral11
Sample
libwbsafeedit_x86
Resource
ubuntu1804-amd64-20230831-en
Behavioral task
behavioral12
Sample
libwbsafeedit_x86_64
Resource
ubuntu1804-amd64-20230831-en
Behavioral task
behavioral13
Sample
platformProtocol.html
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
platformProtocol.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral15
Sample
popup.html
Resource
win7-20230831-en
Behavioral task
behavioral16
Sample
popup.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral17
Sample
userProtocol.html
Resource
win7-20230831-en
Behavioral task
behavioral18
Sample
userProtocol.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral19
Sample
vertex.sh
Resource
win7-20230831-en
Behavioral task
behavioral20
Sample
vertex.sh
Resource
win10v2004-20230915-en
Behavioral task
behavioral21
Sample
windmill.worker.js
Resource
win7-20230831-en
Behavioral task
behavioral22
Sample
windmill.worker.js
Resource
win10v2004-20230915-en
General
-
Target
platformProtocol.html
-
Size
31KB
-
MD5
1b1a935c85d9183f8564da7af3bd2202
-
SHA1
12e4111e3e62dc20b2e2b2e95e85c5893e4f6722
-
SHA256
7dca3946ce0e4873b65ffd30bf3d1de6d8c884c80a42f00cf12f0b3eaddc4222
-
SHA512
2fc055a7271b9e21faf1e8ea7983fe1aec5f5b0d400a2a222ab26ec84848c2007afa2dc918284d7823ce9cecb27315655c82c60456b9c114740da95ce517fcea
-
SSDEEP
768:ejrYogxl9Ya3nkdEUEm2uSMaWYdCdBjUBcAEjcZgdcPsaG0e19/:pNk25saWeCRusay
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "402894519" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000002c746a6e420ed27bacd2b78ab2dfa8e4023cfb50fb994086919e03efba94bc5f000000000e800000000200002000000045fd525cf5e8bf4534341c327c2c8c4670c1a560621e30a805188b88d541fb77200000003a836da4881179fa029a7e62f54ef580ee05cc0becc0c020bbefa040590cd94b4000000023e0b7b1ece5b791fb0bb017677b2cc9dcbb30a1e21186ddd55c0dfbdaf7c39c22c80b20ad0e38d4f5cae4dde387f57ffb106b7a0cce77da2caa7b0e7bca04a1 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{99933291-6583-11EE-A077-F2498EDA0870} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c8c67190f9d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000b9bc32afe65ecb31a49c6286d204f2490e4fe731b91e1114aefcbbdb1d13bf3d000000000e800000000200002000000044a5a35f60ea1e51880e2aac37dc644f782ca42ae8a67f4ccc2029721012aa1b90000000173cb25b7d2fcaa96d487e1d0734fb30b3c604a05f8fbe48a6b60cba0a4d7dd99ddc2532730f749fb07fe509361c3dd6ee49efd8c7d239b588ea9f0e73dfab5b1dcb4b1bba7a638a8f9ad5c40e808c6af6e204a6664463a746c65499f6dd8f7b0b7836060d11a30ef8f5e170513f052e9e48d058a02fa17a792de87afdae48e31ea44ed810ee1a6e5d68857ef2b7c6a840000000645c005eb4fa3621d99ad5fcbc248e7b51ca47f1f609270a1ae177a2fdb60eb9118359282c31fba9709ea3e97ce9247062c332710d828c440bfc3bfcbc7dbe3c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2664 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2664 iexplore.exe 2664 iexplore.exe 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE 2668 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2668 2664 iexplore.exe 30 PID 2664 wrote to memory of 2668 2664 iexplore.exe 30 PID 2664 wrote to memory of 2668 2664 iexplore.exe 30 PID 2664 wrote to memory of 2668 2664 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\platformProtocol.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fd5f81f5d6b0cbbfe5c97c86e82b8115
SHA1b5433effa805f524c92117d0da7eae20577b77e1
SHA256024ac2ed33c74c91a18dfef603fd3072d55c858dea8e5796c20d32ea91c9bcac
SHA5122bca9286753c2267c52b449f1cf0d3749b7abb22df972ae5ff2fe06e48610938cbecdb71c4254b7f4b23dc843123cabe027fa9e5305593add9ec2a9cbbd53d84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e481a590cc3e1b02c3b7f3cb84cfa767
SHA10b3f663ea0c84802b85fe380aec9759dce86268c
SHA256ba0d52467147bcd5baa1360a5c394d9a556b333784c16158808e09feb59ef48d
SHA51205278044ba76b08ed35300e2320448fe71e6cffe60140ccf21040698070c44ac8ffe461f08cdccd91280cf5f45733e7971c8fe17d9fc9c7f766d13135d848c7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5871efaa3e53101f0770ebab4bf120e8b
SHA1a00e3ae50b991837c8ab982a5937f27d45f96221
SHA2568710b38ac15bc1349cd96a48cb04a4e83f7e1ce228c84f8ea280c0c446652eb8
SHA51213674664198a283b92fb71ca14ce95cbeb0666383ffc6941defe8b09d35d6e26c8a900c6228ce3e4eab1099c31a11e5977751ff7f5c49f7b78e8c54236eb3a84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58b21712ffafe54517eaec1a2bfdd45aa
SHA1ef9d216622e9326b9e2cadf8bb6bff694bfc5014
SHA256e4e7c5076941624493e7da792fdc78f6bde7644eb80b5c2e5f93c666c59333da
SHA5125ef5fc539c9d7c4a48ede88ba0d4b36be9b12f79eb5636351c025702ab629eef3e73ec4d3d809d7af1e0de0b8022c4079bf1c87b42b8f7d10a13e10bbd325848
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d981ffff27eab075e6978f030866017d
SHA12e745a4cba5e21042627cd7bdb7924acf6c0f125
SHA256f42350dd92c7f92b8d330955d4301705c56ec28c950649151d0604a630a6d82a
SHA51261c546db98dd23ed3891ac91e61663ff4b8f1c588c57d3d52f80fc09558042a1ecbc8860369240ef975c02102619610bf02523765509eb7fb1de688438d9a3bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD524a2a9dab4157615fa519ee8a8dc6a15
SHA1e8970c88bbe6966d2c00d04e1743f4e9fc435466
SHA256c5970279e3a219aeae27efec102a91e0f2529a395663259c9932a93bacd1e9d1
SHA5127d921c88f0c9b1958e188fa0802fa34950d40a9f018ae22ce4f52c300155d3e9a008285eda8c5fefe6963481a702a1d01bd7f4ab7e90ef8168325728f38adfdf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5892336c5bd582cb26de77be615663101
SHA19b5f730f0c89e613efb7ded5440f63d7429295f6
SHA2569ebdb7966dd12bca05b10c621e46986114c3b5653e576a65b41d4442c46d600b
SHA512bf1b948d63d026a595cf19cb0c49ec758f114f0d7ccb4361692914afd45f3c2997edefb52a1718d92ebe292ac262c5e2015df058a4a04946c137d52298e0a9cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54c5322046e865901cf4d15073c28c907
SHA1a8caf2f3bf3ad17c3a800dbefc8c9442c6f59bb4
SHA256d555901e94d7b3970bc85cf32bba8f0c5b7db44d269ee69f232e4491bb9640c4
SHA5125b1a2e15d6ed082d97e0039440e7d141361bdd85833b54816a941f092b2188f3c4400ab69743facb0db636a69508bf2759ebd236fc95880009e05c742d21b013
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596c7855410169651424e90c55b5e93e5
SHA1de622421cf4424e449c21c4955e7eaf4d614fc7b
SHA256d1d234f9f94f30d94f00ee940be195886ea1068aec0ace2615f8fc53bd395f1a
SHA51222093faca0088c8208676daf2a798c98e601189e6b01e9bac57fb321ea4077b7b7c4bc4eeee1999cd1fd784f61b76cc1a67a9348bba3036e01e3257627b34569
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf