Overview

overview

7

Static

static

7

4dc9876dab...c1.apk

android-9-x86

7

frag.sh

windows7-x64

3

frag.sh

windows10-2004-x64

3

index.umd.js

windows7-x64

1

index.umd.js

windows10-2004-x64

1

libwbsafeedit

debian-9-armhf

1

libwbsafeedit_64

ubuntu-18.04-amd64

libwbsafeedit_64

debian-9-armhf

libwbsafeedit_64

debian-9-mips

libwbsafeedit_64

debian-9-mipsel

libwbsafeedit_x86

ubuntu-18.04-amd64

1

libwbsafeedit_x86_64

ubuntu-18.04-amd64

1

platformProtocol.html

windows7-x64

1

platformProtocol.html

windows10-2004-x64

1

popup.html

windows7-x64

1

popup.html

windows10-2004-x64

1

userProtocol.html

windows7-x64

1

userProtocol.html

windows10-2004-x64

1

vertex.sh

windows7-x64

3

vertex.sh

windows10-2004-x64

3

windmill.worker.js

windows7-x64

1

windmill.worker.js

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    230s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platformProtocol.html

  • Size

    31KB

  • MD5

    1b1a935c85d9183f8564da7af3bd2202

  • SHA1

    12e4111e3e62dc20b2e2b2e95e85c5893e4f6722

  • SHA256

    7dca3946ce0e4873b65ffd30bf3d1de6d8c884c80a42f00cf12f0b3eaddc4222

  • SHA512

    2fc055a7271b9e21faf1e8ea7983fe1aec5f5b0d400a2a222ab26ec84848c2007afa2dc918284d7823ce9cecb27315655c82c60456b9c114740da95ce517fcea

  • SSDEEP

    768:ejrYogxl9Ya3nkdEUEm2uSMaWYdCdBjUBcAEjcZgdcPsaG0e19/:pNk25saWeCRusay

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\platformProtocol.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    459023cfd74217be16ccf097032c6bae

    SHA1

    3e7372e468e9237af964e9c94dfb74b732b545d7

    SHA256

    b5b970d7e70c2a9269243e335a6fd19c96e63e1ebef3d78e0b89601524af1de6

    SHA512

    0f3b38eb6ac9104b0b36ebd354c58281917c6e58a99a36c140ec4d0be94bfade4cb21f0fdbad798c675eeff22ad0b0759e7ba433b731811435437bc7524599b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41d1a61ae0ae17635b5e612089ad688e

    SHA1

    a7ed29801d062f4225530ec30694d84ce91987d8

    SHA256

    7d52b72aaacc5363aa0900c3fdc3b62608d95b6e5be92d8aeff478a431fd9321

    SHA512

    97220a2bb8a7a2ee1365cbcc2f06b622fb52adc525db24a8772046342a2158ac796e2b399eba048ae3f55bb80b9ae7b5a0bbb5ba825c2596589a81ee53186b37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83dbce9125a866dd4ad8fe92841b5627

    SHA1

    c47491e82e0be03b607fd788e36048dddefacab0

    SHA256

    84b6eff707e3a9b15b094f1a0acf8896475f93c489f816fe34678a483517a99f

    SHA512

    8c26574df3580acf9d6f1f4a3267fb27bec65a290bb0c7e0b585a9f7e55792d217bc6b1431dcc2c69a786b334b3f76f78a726734f049193a2f918a1357888c2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00e281b1c0476d36bbb59d6f4bccb30c

    SHA1

    8f624bb9a17fad1504f30bad512e5de63556a92c

    SHA256

    98754eb479de315ed7afaafdcd456e41cf1ff430e68d4fe9656beafccef08f95

    SHA512

    4a33724551824191400d00e5349117c005a1fdf5cd091f0a2bd41d8e78d73484905c43122cc84775a91c67e51431329026235feeebbc4300ea63ae0ebc3dccfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b22b4a39e39984cc12b69f849d5a034

    SHA1

    2430a13b72a4f7bc369e65dc3a746fd0fa24e001

    SHA256

    3dbeddd7f0f950a24d6c0924c1e3ffd5a9eac1de19225801e17e3691927e8007

    SHA512

    938b25c30b03c3dc44847c96281b4477837adfa0cd47815f14c7af857f27a2afdea3a135fbc6c25926e7981c86a5411e28cef59cbf75327f4f9824154f41d0a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6264409369b0273e14fc91226616e91

    SHA1

    b09a9632cd6162cb497286410ae23819445403f9

    SHA256

    18ec67df583fac905be4a54820739a7afb6c76503a99f7c7ac1e09fbdff722e6

    SHA512

    23e9352e6da1654244432f5630d509363f40d8ab5d16ac520a3388989b4c06e00e716b1e89944c3d5ded3e912787489b988718506c567880f8afe0ee35f2d6a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    900cddf25fb6694a45b124b06ed5514f

    SHA1

    d58c7da5efd9a011f43ac6369ea72c58f0333af0

    SHA256

    42e736bb043a37406a46fe0fab49ab5349d51f4ee07fc50c84f4084012096320

    SHA512

    07ccff1f5de6b615a427a8cee8a5805bd235c985cba876d23cb5549932208e6f5dbae64a72001fe6d3fd3ee8568e8e5edf43e7b19cf1e73e2b8881c670aff0d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    616b37236e6b69962ed8e22d11f439be

    SHA1

    0d564e7d65e978518f2afebaee4b93fbe3b5c0e4

    SHA256

    3ff7dd11a91340c71097e700b63f654bc7e3515db670281ec351f65073460cdf

    SHA512

    948de95eb3906dc86416e3831baa219c8dcaae8291985b6d71b541af7cf953466b5e643fa56967fe25e8739a021240da9ee3ff70295c31b64142e4ae275ad2c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6dfef83d24f0ecbcfd45b0cabeb94993

    SHA1

    869c3925ea4b962d327615d3e4b8fa5e9eb9caee

    SHA256

    15cd7eb371623cceb98684448b6275a0a8faade0d55384d9640e65ebe394b4c2

    SHA512

    2d3db931fa56be75a9add97a139b7930e1008e3e10d2d77060c59d617987e32f1ab053a2f86785a4492fc81e9773973c28053b1dfd1919e37d7b8b323e79ea63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49889f79998a2ccd52528d76581bbca7

    SHA1

    ed0b957e565a82b0a4d63ab2733a18e14bae9c7d

    SHA256

    ef97057a7334e0aeba6fc922c789c64288bf59794e321b6142b5cdf5a52eb037

    SHA512

    9d8b4ac42e99b0ca96e47a79d8d1108f690aa624c9d08517d9248995c2365c60159276da7ecd850b4c3d9839e9b98de155118ae32765e3d7eb22b7d497d222b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5045865f568ff25307531fa1bd5e23c

    SHA1

    45faede80ffe2293be18a974ffdd10b6c4d7f499

    SHA256

    9da88e435f6380619845f710af997239c844b528a28cbc15c14bc67335914450

    SHA512

    57d8487a741a6059253da932dfb762c7e5c498f8da0757eb642a9b62b833ac76b54cdae849b8d189f5d36f72cbea79aef426c4444ac7baecb03874f932fe5fa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d134c325b76f868290dcb314ed80f9a6

    SHA1

    8ad1583984bd56d4a9101a311882a98957e90d91

    SHA256

    5a68a63735e9487b8b77bf911c6cc84bac493fb48c181bcfa5bf2727704344ac

    SHA512

    f5b7844ca234c6ac924c6d20bfbdb638323aa09cd039d5cea1aa0aba9d420e81bbf9896406a5e7fe887a7b0f0bc0a6292818582092b76a848acc48701a354e16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e45669f2f7c89a3b9f1f8c533113ec52

    SHA1

    50481aefdeb6a383d49d27dca0fcee81911a8906

    SHA256

    68f2f3d7d3793e60c057727ed4b5c1d59ed51c5858af5598bab6ecc2d6ced5cc

    SHA512

    c4c49f669487eb03c3c8d76e6b24f3b84aceb1133f7d9e7498c5ab4f36601bc17c7b1f3ae4a725a4ec13a13581eb81edad6eaa867fafd50ff8dbecc7fd2b79ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c722de6061c0e01018c500b33023314

    SHA1

    110c7ca68fe01f3685962bf8cf0176a9c0dc0f4a

    SHA256

    b7c8493aecf893ce30347dfc1dcc5c8eefb3497b0c44da3be8af0a52e7626314

    SHA512

    9ce672c58a0a0d8d20556e2a94e42c5592638bb8fabaac753a05dd36728c82e67ac2db041f76723d12379c9a15ad95f4a5566104be6ec743a1afd9cfd4fcf2b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e801f498b316fc1c999502c94f4eda3

    SHA1

    2e6f34ce34d666ea4e7d1c71d75313e191f32006

    SHA256

    77552d2d66544347340a1f04d6702f90deedfb7a94020905c7a1d2a70f3d72c3

    SHA512

    b570fbc60bb80023b6110277ac5444997157357949db954296cdfd8d47fcc5fa36ef9f4f8692c9ceb4da721730a639958dda16f53541745aa6cd179d7a69440a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c85a8996bf4f7a83c1bb209012ef21f4

    SHA1

    9e19bcf900c548a6869895bfc63e3e0e25b5c3ab

    SHA256

    9e43b3ffed1d340a7ab1c065d153c7698a9341093d779e8073cb98668b09bdef

    SHA512

    483e30225bc84bbd645255eac64cb95617a52f05f34f68c17ed744f8c3b6d3531b554320c19b2396adf4385deff3a9eb7a87c489c4189d59fcfafdcc6a2d3f15

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD24F.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD3AA.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit