Overview
overview
8Static
static
1HiWaifu_AI...d).apk
android-9-x86
81.html
windows7-x64
11.html
windows10-2004-x64
12.html
windows7-x64
12.html
windows10-2004-x64
13.html
windows7-x64
13.html
windows10-2004-x64
14.html
windows7-x64
14.html
windows10-2004-x64
1a.html
windows7-x64
1a.html
windows10-2004-x64
1a2.html
windows7-x64
1a2.html
windows10-2004-x64
1a3.html
windows7-x64
1a3.html
windows10-2004-x64
1a4.html
windows7-x64
1a4.html
windows10-2004-x64
1b.html
windows7-x64
1b.html
windows10-2004-x64
1c.html
windows7-x64
1c.html
windows10-2004-x64
1d.html
windows7-x64
1d.html
windows10-2004-x64
1e.html
windows7-x64
1e.html
windows10-2004-x64
1f.html
windows7-x64
1f.html
windows10-2004-x64
1g.html
windows7-x64
1g.html
windows10-2004-x64
1h.html
windows7-x64
1h.html
windows10-2004-x64
1i.html
windows7-x64
1Analysis
-
max time kernel
142s -
max time network
166s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11-10-2023 17:17
Static task
static1
Behavioral task
behavioral1
Sample
HiWaifu_AI_Friend_amp_Waifu_Hub_MOD_APK_(Premium_Unlocked).apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
1.html
Resource
win7-20230831-en
Behavioral task
behavioral3
Sample
1.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral4
Sample
2.html
Resource
win7-20230831-en
Behavioral task
behavioral5
Sample
2.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral6
Sample
3.html
Resource
win7-20230831-en
Behavioral task
behavioral7
Sample
3.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral8
Sample
4.html
Resource
win7-20230831-en
Behavioral task
behavioral9
Sample
4.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral10
Sample
a.html
Resource
win7-20230831-en
Behavioral task
behavioral11
Sample
a.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral12
Sample
a2.html
Resource
win7-20230831-en
Behavioral task
behavioral13
Sample
a2.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral14
Sample
a3.html
Resource
win7-20230831-en
Behavioral task
behavioral15
Sample
a3.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral16
Sample
a4.html
Resource
win7-20230831-en
Behavioral task
behavioral17
Sample
a4.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral18
Sample
b.html
Resource
win7-20230831-en
Behavioral task
behavioral19
Sample
b.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral20
Sample
c.html
Resource
win7-20230831-en
Behavioral task
behavioral21
Sample
c.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral22
Sample
d.html
Resource
win7-20230831-en
Behavioral task
behavioral23
Sample
d.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral24
Sample
e.html
Resource
win7-20230831-en
Behavioral task
behavioral25
Sample
e.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral26
Sample
f.html
Resource
win7-20230831-en
Behavioral task
behavioral27
Sample
f.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral28
Sample
g.html
Resource
win7-20230831-en
Behavioral task
behavioral29
Sample
g.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral30
Sample
h.html
Resource
win7-20230831-en
Behavioral task
behavioral31
Sample
h.html
Resource
win10v2004-20230915-en
Behavioral task
behavioral32
Sample
i.html
Resource
win7-20230831-en
General
-
Target
f.html
-
Size
4KB
-
MD5
1f7613a6e6380ef75e6bd2bd5b889829
-
SHA1
5a065a164eb64d6d4f0ca45e01894e64601f8f7d
-
SHA256
6bfd89279cdfcd5141a635f6c1f18addf21136e3ac7bf8c2099653b2806203de
-
SHA512
ebb0819de102ce32cb999f0bd63d95a010774af2c4b68f7855ef32c20623f810739998d37b67787971570a30c06f768571cba3e3a768e48c7488f4b1bfba8865
-
SSDEEP
48:eNpMSnGY4mLjnGY4mco0vIF8ppvXKaAUgJTLfmJVS58Hjz0s/xcL6Aq9Z5M9irxq:3b1btKMTw4nPYZ6fSHMs
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b00000000020000000000106600000001000020000000b111f937e64cf18df9468a40154d037e59d742fa0757ee18f05e70043e10a5c1000000000e8000000002000020000000c25d8d6d06a87d624bf5145f8c3d11191badc7ad2289f36d141532e31bd1f81890000000155620b6802b8ebc959a3570f43327b66c70b508089478e08fe1c9335cb6de02cecaf1885bebcc24da54810c5983ddc036da10f0fe6e2e4bff2e43ef581d243b7adca8094fbaf1320c8a5dfdac184567aaab32a19ad1742918ca89b3d268a5e0858c5c604b871a6661e743c482d49722de3b54086e78ea646b90bf30553389a7cb3a1340ebb9093a925d8b23ec05d43b4000000036703ea36282ffb70bcb935e958da44b67c92c0b07f1185d5c76611ab6a0bb450f2566d91a5073109e8ebc4f5a74cdf1a0f4ddd3ec2307f64fd1379e822f8376 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403259843" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b000000000200000000001066000000010000200000003ead1c9eb6a35574b33af5924ddb7933fd08659c62a5911b526b404f5feb9a20000000000e8000000002000020000000be17777af0aa628b08db36d85fbc847d06038306290946548de2c6b0aea23eaa20000000d54a6bfa1d4a3fa48f403d4e192bf9f1258502a443c580e97919e1acc3c9192c400000004cbe04b2c404d03cfc653a09647bb44f93a2e5dbc1e6301f5bc4959e254172002eea788edd463169f9d60286955b90ce05faed52399a8f9de40b8917a0c87764 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02de00ae3fcd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35FD39F1-68D6-11EE-A077-F2498EDA0870} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2452 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2452 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2452 iexplore.exe 2452 iexplore.exe 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE 2712 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2452 wrote to memory of 2712 2452 iexplore.exe 28 PID 2452 wrote to memory of 2712 2452 iexplore.exe 28 PID 2452 wrote to memory of 2712 2452 iexplore.exe 28 PID 2452 wrote to memory of 2712 2452 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d4572d23cf1c51c80141b76c037cf22
SHA1bce9cfadbeacd3d1b18df94aa48a3327dd5f0bbf
SHA256878982d6bc1676b5c4349ffa523eaa6e65e424b82b1493a0d158eed6e651129e
SHA5124938ba1ae1dc765e5fdd4a96ec0975cb330b2a436e0020b97e9a0713106d5f1b1f424afcccead2b3d8ab0acabd823c8d264690f526d756abc9be77e48fa2b248
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d5f47ef5793edaf0e96c038bebcb5a8d
SHA183e9af33492f6f1fc3ca6da794e0dcc8e0ab0f5f
SHA256a41c3374aaed8262c6c189c43688ecdcec8b4a6879d45a8acf4ebe45aab40269
SHA5126dcedda53925e116397420d46fc54ef5558f2d277d673a9ad8ed948f6d031f15d532ea7c38cf62fac5a9737da9352289db8216049f99e8442d3b48b493dd3fd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5acf53f13892efdbda1f7a56ff36f6c09
SHA11c3aea4310be888056edd825712cf1fb1ff09e6c
SHA25659974e8f0528a44013b7dbe36fd33f30994a726b4585767871c4ef4bd94e6fd0
SHA512afd6d4b435fd46e5524c1e01e3a1e4fad1f399446eb1f7237c6e38efcdb4570a723da04fe65eef0c223ad9db84b7ea1ef4857d00748b8f8bc8c3774ffb1912c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56fe5de7bd8fb64f8179f13aaf22d6254
SHA1f6cda450a94bd352814bbca498a218138d29bac7
SHA256a8c24913f7dd83437dcb31c3635caccdf0ae716754ae6a3d9bd8f6edc47ba9c8
SHA5123655e26e169f42d3f92a60e868f8e42b40228c3269c277d53abc0880b95ded9fa7ee85a55e9c9903e0d9130f3cf8e847e8e37627676d8cc54d65fbd31c03dae4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fab331b17fd17ced246f0b35f1d3fc5d
SHA12c1b10800d138a04ca69fffd095dcd60d5ff1769
SHA2569cdbb137d85fa114b4aa6cf3aa71fe1b593d950a15b9000f24fc90acc64c94d1
SHA512ca763119c1b54b57b2791b286964b689d08e73c53190e8dd1218e7d4432dd8faadebc35d69e55e78df3c5e9d8ad8a2f55dd08f614f3736350342965d467ef799
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534d21353ae659148e0a442012094c95b
SHA187c836045a32f1da71de11d7a5946c36fd98888f
SHA2560c65f71c7d0cfa3036077031031ac8dabee209cbadc82ddc6cf2363fd17f3f8e
SHA51238a3bed88911e3b0251a3138a4ea0c3663ab2d3a5188cda6e85d1356aea1efc1faaa72997742e1de2343900785e05d06a7e7063eefce0aee64fcdf8288591c57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5dd8bdb9718e3e081305c8967d7902bab
SHA1ad2d2ad247176e3ff5535c2cdb77957030cdeab8
SHA2567ea38053574164ac9ada98ff06299ff468ae0caa8672f460150af2775b4e651f
SHA512b7910c9cc8f0ff3a8b808ba2494b88b5a27efbf3052a6263a9ebf4cc02ad483e3bf4500009394bfe080fa83ca474bcb5e1b1b92531503d26886b6dd835b4a671
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c29c26a578a8c9087da0163ccd69198b
SHA1006314768bcb9b0f046b352ab2f6861713be09ac
SHA25642b2a4c5f447c0afc8a1a10e181ba41d18c33ab957b19bbb0d91d734d762a983
SHA5127cce815103214fdeca19e88439528ec5c7fefa2d23ad8294f44084c590e7346683ce26f551a164a4f3b8a9aa2b0b66e1d64e739515f20c5a2cc9e525e6a2842a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a9343a9d509757a3c3eb9d61a1e1587
SHA10effb0244ad7de5b6c5d4269ae71613a632461b4
SHA256835826dc98141ee6e4f5388b8aeedfbf97f083d1b2ce0d6d71e3e97224b2793a
SHA5128538c06a561ec25bccb29297aa6ad5b9ac108241e33ce6dc24bd59a57bcfd69c7310d862139d33d1cf668aaabce14ac58b442f6678097adf2a146b379d8c9a85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5beef78901236018e5239bad0f64a651f
SHA16ea124a8821705aa956b589b8466406043d7b3cb
SHA256ae06b508439c8b8a2bb987c0009232a06efb13eaf35aaaa9fe1d1fbbc2083222
SHA512275a3f86264d1cf52a8d0e683184b1d3760949cbe373b2d3aad8e591813c29c5db6f82dd84979663eb62c5d069e653b161f9f157ee1563c1a051309343da12cf
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf