Overview

overview

10

Static

static

7

975bf6a402...cb.apk

android-9-x86

10

975bf6a402...cb.apk

android-10-x64

10

975bf6a402...cb.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

help_uk.htm

windows10-2004-x64

1

license.htm

windows7-x64

1

license.htm

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

playstore.htm

windows7-x64

1

playstore.htm

windows10-2004-x64

1

privacy_cn.htm

windows7-x64

1

privacy_cn.htm

windows10-2004-x64

1

totalcmd_d...ng.htm

windows7-x64

1

totalcmd_d...ng.htm

windows10-2004-x64

1

totalcmd_p...cy.htm

windows7-x64

1

totalcmd_p...cy.htm

windows10-2004-x64

1

wifi_rc.html

windows7-x64

1

wifi_rc.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    totalcmd_privacy_policy.htm

  • Size

    3KB

  • MD5

    f5bd54f89d624a56a0368d1bf532c60b

  • SHA1

    6fdb247506d811132bc5b51ffc1d82afeb6e72b4

  • SHA256

    eb87dd5ca31a26b9d8a8bc650c324b49027d38242ffc71a89b04e0aae8b4cb4b

  • SHA512

    8dc96be4781bb08b1dcbc3205f59eac592285e98a349a330301ab32e81a25beebd9224880215c62e431d9926c7ed0433e886b61730ada1012ca2f907fcceb263

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\totalcmd_privacy_policy.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c68a4c154258bd4d5826cdc63fb30ad4

    SHA1

    98384f82ee0840d86da37b2b2ab36f7a08b8c633

    SHA256

    cc7d751f6ea1dd3b7d5f2182aabecaa75e075213719e55e40a4ddb86afbe5155

    SHA512

    41c3e1df236e5f8c96f5dd7241372a563828ec4fa9a47c59d52149c0b50ce8849919187059aaf528738b329f4680452c3482f5b7d2a405933544a14953c01c5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aea8cd0c5435951c0b8725bd611a5c9e

    SHA1

    33976cd4a68361c21ffdd29a0ec40f6ac37188e2

    SHA256

    f183fc4197c4345217f7d3d302c34b941fadfd964e681fd240a8a02aa5d619f6

    SHA512

    07461c51f340ad6b3d55f7a5d70a621654f9a7eaec3d8d9e9edafcd32c6c536d6d2c4696cd0866f2eb741e7e3c0c8fdbe15da65b648f4a7470dba4aa5a199919

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9620590abacc46ee088ac6b8f454eb47

    SHA1

    f50b73f6e25423540ac20a47d043cd9d9046a056

    SHA256

    68aafea5fd2d6a2f66460e4dd390b4fd84be620c9b1398e4a279d45570c50e4b

    SHA512

    eaa2487167adb16dec2288568aeb50e258e3b88d56dbaf62f8d4cae7af3b875aa12724eb2ae60208c3ce1c5c028e646f41e57ebb5275963056fe9dd03e003ab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b79f54397d9e3cf15626390484788865

    SHA1

    dafb9eb56461d1ad492567b8855cee1efd8a61bb

    SHA256

    b3c8e88934b027e7030f818afdb7caa550ea1b70e021f39440bbb41b4c9962fa

    SHA512

    79ec88bd751d00148654754650f362f60511deb5cef0efb19d82883f7fb8dc949f815eb1fa131a5b7273416710d1b9fb854425b095f534a2191373ac9054ba15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    636e0602b11e6923082055d46c4362e7

    SHA1

    8505c6ae76833f850e0c27b366bcbf8a7d74df2f

    SHA256

    a8b45967620d53bdc238274c8b5e10ec5d92cf0ab0e388657181bcee2d785ddc

    SHA512

    e85f88ef4c2920c8464da288f58631a00d9fdf6a3b6f711debae94344d53f7d62bee53af9e2627144dfb70bd56054d4669d1b004cd7b86d2313a5002576d0e84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1b924bdc1598186c62e0f5b67e50a4b

    SHA1

    584a62e57a9078f4c770c0a10189b471cd08646f

    SHA256

    5c96c51bfd7240e2917414511ec90cb6a32857d41d11040256fe6a5e05236197

    SHA512

    454fa68d29342be8f9da775e74672b3084968223e29c89d9e8da5cd868a6f7479765e29e99307386a08d9c326471fa02ce3232c372a319499d1f96707cf9c5ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08f6e9e9a3f2268f8181b86ebe4af3bc

    SHA1

    77da31e022368524fd56f189883eb708caf5dc66

    SHA256

    970c2e984f3ae1ea493a3e90db335c76bd62823189bf34bd1f7f4ac57747c188

    SHA512

    036d26adcf0f098214c099da1b33b23c60adaf95dfe932806a149dabbbbe05422689edf3a81fac2a10118fd5313d80207bd290e263d876aac0261b49bea75e3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6423.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar64C2.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit