Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Xaw-VPN/Xa...cy.pdf

windows7-x64

1

Xaw-VPN/Xa...cy.pdf

windows10-2004-x64

1

Xaw-VPN/index.html

windows7-x64

1

Xaw-VPN/index.html

windows10-2004-x64

1

Xaw-VPN/in...e.html

windows7-x64

1

Xaw-VPN/in...e.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2023 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xaw-VPN/index.html

  • Size

    28KB

  • MD5

    3b503e0e1b5f722d0567b6c3d3ebd6dc

  • SHA1

    03421e1e96bfbf55b5cbb1e24b03c0a64b945bb2

  • SHA256

    73e18c8e6a2351254cafbd51ece95ac2d1d473c828db3ea4e6f3d1327c3301d7

  • SHA512

    32a172b1a198e748b11db61cbfc5be5b5cd6699bd91bd928868aabef7eec0611b39d22f13ebd66fbdb85589e40e8de0a97d36293446a1109c42b3748898e31d7

  • SSDEEP

    192:0V8ClF7U9JGvukne4ACNNzcioveDnJguHJ3HJJJFVGOJnHJ8jrMVwxFrfOmPGXHM:ePluknx+DegU57FVGCp8jpFrO/h8CIJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Xaw-VPN\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3effff89a1d08c01f7e27b70f10c747e

    SHA1

    bf172b859004311a33c1edd5ac0efd53bd46f7fd

    SHA256

    259744dbb338abc9f67a33c88746a08582b04fb9a3b56514517a236ce68a0d74

    SHA512

    aea0335825cb599f87ce1722cac6d4aad7989b89b7dfcd823db151b0a4bdb439a53a8c9d10124abe432733ec76052b5394f7c5b7f0acb896988d38776fc9d8ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d436badd56ea263fe3b3d1b3cb22305

    SHA1

    8acc8c9a75de11aa7d2e345e67a88d0fabb51756

    SHA256

    966411512295baa5c7aba7043026a831dc6e20a637cf7c67861083fb4ea61bb2

    SHA512

    2862b807d33e807076ff6b78acb02d6ca34df181b50d9ab7fcff4535aa670cbf04742e8310c9760babc7f45b823f232efd55d7ec074eb495d613c14a74e30746

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a6b6fa3ed093ee2910cb7cb8b17dc5c

    SHA1

    552015b7e13117aa3578ce5259b772a4d59042f9

    SHA256

    7c02bd1cd006c9995d6a2b576afcdb26752b8bd9f9b957f2d500061b6ed81fdf

    SHA512

    d35260a3423b9fe098158300cb4bc89cc9f5370d2716ee210831282d9e7895fb033661f2160e84cb2c10a1751328354a9a6f85d0bbc61944a6554ab7c44e7480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bedf463e57b7543c7d1e2c4f2251ea09

    SHA1

    443f9447a214c2d5b84752389652b3b0f190af5c

    SHA256

    34d3d1b52ec5152dec5daa4bf7bab276bb45d2b190cfaf0ea61a5b7d0f3bef6e

    SHA512

    4f2aa18bcb4cd3d2d1f13099dec60c571800d3553981b9bf01a280f9485b5e02ed9008508f7e0297713963ad020c904fc345893cce4c5bd675c8412cf8d07b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6511f9b41cce48be9122ec8d1066c72a

    SHA1

    e1f1bc4a296d2266691e3db6368168526ba4f9a5

    SHA256

    b7e178fd527455d9e803ea6767f7957ee9235bf5af527ec69af39fa9b38e9503

    SHA512

    d327f6685a73770e83603b9ea34d0bb7f40d0ac761c185c4148fef996d4c1a6d072199a64f9753ac1abdbc5d87ec9ed8cfe70385ac1407a4839ee6a22067b8fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ddb45d2c449108b2bcdd7ead19a41d6

    SHA1

    11a4d7d4aeda314bf5dc0d125a6d890ee84043bd

    SHA256

    9a010ecda68a227f3e9c5dcde850576b07e432d7abbb5f391a498b6a94c183b2

    SHA512

    bf093d2cf1481bd97dd135fc2eeda143e181e4f1381d01f0c8f62bf63dd4fee6c1501d4b658e714bd65dad25f7c7c7d63faf61fe4279ef889ae270fd84e466a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaff6b9ce39fe77802fb7788fc072a65

    SHA1

    2605ee2ce979fa2aa55d775cfc2031fcfe95711f

    SHA256

    15367b7d67ece78f49a8d0eb7765639b12e9049b7060c7babce8d6dc5ad35e68

    SHA512

    353aef38c91ca4430b29c84a68febb8793dbb97e7b3d4329df51919a4c8b9b496bad7ef3d132c3b508617f3ac5f108cb3d935d0a5a00b36bdd89b4f7573786b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    540fed3037805e554449dcc26c430602

    SHA1

    eff102b7d61ba8dfcc05e43cef33ca741bfc3793

    SHA256

    31964e4e637051dd59bdb24a976e1b7a882b20356dabe43c91e4f2a020ac2f91

    SHA512

    df3a78d50da207c83d9f568af8f5d71ab79322fa33ccdc27c46292ee08580e08cd3e0bc5967b0fcdad145f1517843844c9274880f71b9497d3709acf03ea3030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eaf058e53ceebeea061ac9547358a7a9

    SHA1

    0b7cc64504291c2e3272c6b18649518f02f00373

    SHA256

    97f151b4bd35566f9571907d8ededc042eec75783bd7649c848111c06827b2bf

    SHA512

    89f5062ef4d5d1a6c99aa667eb0c11778e916a88294b8103682257f6f7a7a2ec3d3aae6c06f7d466f29da21c0f76fdcc5a6330486b6c3d284b3bee8f0fe87d52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c055158c194b555fc2161c82c211bb7

    SHA1

    9f3ed4e39b2282a74cf0b9890cc707e6735b4198

    SHA256

    ca4f3d51a40226c8c0c4f2e06cd66862a1148f7462db8905239c051fc009c6a0

    SHA512

    8684042146511a1c46da3720aef6d462c4b7f2b32c18abae12c6e5b8fcbd89e85e683d037b26c7d16711e6d5665138b5574345441a712caa63caa5193d10d5a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab61F1.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9C17.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit