Overview
overview
7Static
static
7Kuat.apk
android-9-x86
5Kuat.apk
android-10-x64
5Kuat.apk
android-11-x64
4OneSignal.js
windows7-x64
1OneSignal.js
windows10-2004-x64
1app.js
windows7-x64
1app.js
windows10-2004-x64
1badge.js
windows7-x64
1badge.js
windows10-2004-x64
1buildinfo.js
windows7-x64
1buildinfo.js
windows10-2004-x64
1cordova.js
windows7-x64
1cordova.js
windows10-2004-x64
1cordova_plugins.js
windows7-x64
1cordova_plugins.js
windows10-2004-x64
1customconf...ers.js
windows7-x64
1customconf...ers.js
windows10-2004-x64
1device.js
windows7-x64
1device.js
windows10-2004-x64
1exec.js
windows7-x64
1exec.js
windows10-2004-x64
1inappbrowser.js
windows7-x64
1inappbrowser.js
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1index.js
windows7-x64
1index.js
windows10-2004-x64
1jquery1.11.2.min.js
windows7-x64
1jquery1.11.2.min.js
windows10-2004-x64
1local-noti...ore.js
windows7-x64
1local-noti...ore.js
windows10-2004-x64
1local-noti...til.js
windows7-x64
1Analysis
-
max time kernel
140s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 10:57
Static task
static1
Behavioral task
behavioral1
Sample
Kuat.apk
Resource
android-x86-arm-20230831-en
android-9-x86
Behavioral task
behavioral2
Sample
Kuat.apk
Resource
android-x64-20230831-en
android-10-x64
Behavioral task
behavioral3
Sample
Kuat.apk
Resource
android-x64-arm64-20230831-en
android-11-x64
Behavioral task
behavioral4
Sample
OneSignal.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral5
Sample
OneSignal.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
app.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral7
Sample
app.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
badge.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral9
Sample
badge.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
buildinfo.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral11
Sample
buildinfo.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
cordova.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral13
Sample
cordova.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
cordova_plugins.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral15
Sample
cordova_plugins.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
customconfigparameters.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral17
Sample
customconfigparameters.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
device.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral19
Sample
device.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
exec.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral21
Sample
exec.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
inappbrowser.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral23
Sample
inappbrowser.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
index.html
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral25
Sample
index.html
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
index.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral27
Sample
index.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
jquery1.11.2.min.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral29
Sample
jquery1.11.2.min.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
local-notification-core.js
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral31
Sample
local-notification-core.js
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
local-notification-util.js
Resource
win7-20230831-en
windows7-x64
General
-
Target
index.html
-
Size
1KB
-
MD5
5ca59d3aea3c0974a70fa422c6b3834d
-
SHA1
6c9eb1e7d43052194b11d9db8e850161602001fe
-
SHA256
af5120e463c1007205f96035d5ea5baff06c64b092fea1d7005aa074c6d516c0
-
SHA512
fc4d3187dc77d2053ae2ff40d7340db20995274b1c36131ccb8fe6f136faa395695d916ce4f32a45d517a063898f1d161cd1a7c68bb57c69def825460dd6ca47
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1436606941" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8123100E-6B60-11EE-9D98-CA4DF275542E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1436606941" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063917" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905e4d5d6dffd901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f000000000200000000001066000000010000200000009d7f1467696cf52253348d78dfe2192fe170b43c6fc45392677b656bbdd77ff0000000000e80000000020000200000005431e081fd328ffac7217393d627f9ddf030f6afbe6b879a686090a70ee6208020000000a2082e9e08d02a7f95bbed92bd0a9995f48cf646b54f3a9e0fc2bb4b8840de974000000037e6efdbf2cafbef8263efcb829732d35782343ec2b0284f46fa091f98370d3e3de569d9aede4620e3bc77f319bf2ddec7551947c51d1d78d24fec2743f7ff02 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063917" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000a4af27d68b0392ff4a6b61727608640be002fffcbcd5566d8bd3f0ceab8d9e04000000000e800000000200002000000042841e850e2fbfc08050ed0d1c75a1d703d7d8bafd2431d8e4c2ff664df4849720000000abc9cbd4fa546dd8ecbee4c444ecec174f21dbe86abf8d507dffbf69c441554f40000000e796c90a81e639a65510d3ad8b26033542d0d4f1c1cd8e36f60d7c931dd641c4338e1447463c0c67cf9c2570eb9b9dd465abf5e3f48a4325425fcde38779f03b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "404142248" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1453796060" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509d675d6dffd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063917" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1392 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1392 iexplore.exe 1392 iexplore.exe 1448 IEXPLORE.EXE 1448 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1392 wrote to memory of 1448 1392 iexplore.exe 81 PID 1392 wrote to memory of 1448 1392 iexplore.exe 81 PID 1392 wrote to memory of 1448 1392 iexplore.exe 81
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1448
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5758855d5d31a8770fe043ab576cca776
SHA1a92bccc68cfd1a2c9557aa6df518652cbcaa9609
SHA256c2816f505411ad29f584e6514e3f7b9922d110ae6dd19f5e39e8a76377c4210a
SHA512c7379ea86f8f2b896a9e94200e2e5f44f063a3e13169a4e5e50b3572b57dc9013064826d347ad2c80a6ea5d538abb27431cbcb1742cdc66cde00a92d0c53a8c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5fec37ebcc4cd37e55ca965ea3f4664c5
SHA11127a139fd25925e972d421cf12f1b46d3000bca
SHA256262ee7665e1fe944905e7c3dbb53c1554b67c4df0e6d9132c57079ea3db5622d
SHA512c0559ed3e8086d17a8037453faf5646b50efddf270fbaf1cdf104db06c0cade5bec443e53007091a2ecfe4ee11453fbd5f37dfad99249642fe356991bec2633d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee