Overview
overview
7Static
static
7c2547dfea0...aa.apk
android-9-x86
7aps-mraid.js
windows7-x64
1aps-mraid.js
windows10-2004-x64
1cb6581722b...0b.ps1
windows7-x64
1cb6581722b...0b.ps1
windows10-2004-x64
1closebutton.html
windows7-x64
1closebutton.html
windows10-2004-x64
1dtb-m.js
windows7-x64
1dtb-m.js
windows10-2004-x64
1fyb_iframe...l.html
windows7-x64
1fyb_iframe...l.html
windows10-2004-x64
1fyb_static...l.html
windows7-x64
1fyb_static...l.html
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1mraid.js
windows7-x64
1mraid.js
windows10-2004-x64
1omsdk-v1.js
windows7-x64
1omsdk-v1.js
windows10-2004-x64
1tt_nd
ubuntu-18.04-amd64
vpaid_html...e.html
windows7-x64
1vpaid_html...e.html
windows10-2004-x64
1Analysis
-
max time kernel
163s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2023, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
c2547dfea0e24a3c94b35c9524e538aa.apk
Resource
android-x86-arm-20230831-en
android-9-x86
Behavioral task
behavioral2
Sample
aps-mraid.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral3
Sample
aps-mraid.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
cb6581722bb50b44b8442434cbad4a0b.ps1
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral5
Sample
cb6581722bb50b44b8442434cbad4a0b.ps1
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
closebutton.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral7
Sample
closebutton.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
dtb-m.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral9
Sample
dtb-m.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
fyb_iframe_endcard_tmpl.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral11
Sample
fyb_iframe_endcard_tmpl.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
fyb_static_endcard_tmpl.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral13
Sample
fyb_static_endcard_tmpl.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
index.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral15
Sample
index.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
mraid.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral17
Sample
mraid.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
omsdk-v1.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral19
Sample
omsdk-v1.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
tt_nd
Resource
ubuntu1804-amd64-20230831-en
ubuntu-18.04-amd64
Behavioral task
behavioral21
Sample
vpaid_html_template.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral22
Sample
vpaid_html_template.html
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
closebutton.html
-
Size
980B
-
MD5
222c28fa7bc9d39dc4a210b4f447b85b
-
SHA1
1cd29452beb9c6f178dc385878f357d972480b40
-
SHA256
a9731f9a7fd1c359f1d86b80794db8a869d117e13f821974aba00fc1885b1fa1
-
SHA512
ce3d332317a204aecaeaaa4ea7729dd179d0b1200605bc15e856b6a4e927c6aac3088e687404f1ea952e37de42ec259ce262da06b723308845ca3415b30f4440
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DEBE9F66-67C0-11EE-9784-EED69A4A1DC8}.dat = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31062989" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3160226195" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DEBE9F64-67C0-11EE-9784-EED69A4A1DC8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3160226195" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31062989" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2156 iexplore.exe 2156 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2156 wrote to memory of 924 2156 iexplore.exe 87 PID 2156 wrote to memory of 924 2156 iexplore.exe 87 PID 2156 wrote to memory of 924 2156 iexplore.exe 87
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\closebutton.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
PID:924
-