Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Xaw-VPN/Xa...cy.pdf

windows7-x64

1

Xaw-VPN/Xa...cy.pdf

windows10-2004-x64

1

Xaw-VPN/index.html

windows7-x64

1

Xaw-VPN/index.html

windows10-2004-x64

1

Xaw-VPN/in...e.html

windows7-x64

1

Xaw-VPN/in...e.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2023 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xaw-VPN/index.html@n=best.free.xvpn.NetflixPage.html

  • Size

    18KB

  • MD5

    443208d8316c8abd458ec25c4d175e35

  • SHA1

    e137313bfe7605364b2ba18d5ebcb37addaf1ae9

  • SHA256

    b6876d6242b4bc8ad8bd82f7553ac95dea70c0a9422aa97a895a24c470c0268d

  • SHA512

    34c300f96cd2045cc04af73b14835360becf6e9ec3c2c5c282b93b5493fb1fdceb5fc3c11940a4250e04f2a62f105e49d7d31c93e2cb09de041b9d979b229d74

  • SSDEEP

    192:nnC++7U9sGvukne4ACFKL7P57QXCmZJkWOYEUOQY8QADSxAMbzr:AouknxCLT1+CmJkNjUONvADtMbzr

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Xaw-VPN\index.html@n=best.free.xvpn.NetflixPage.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5efdf3456236f0eaacc844d51e1bbac

    SHA1

    0debc800d4b8de432592ec393e658cd5e88c3525

    SHA256

    69102a831d2eacbe27576ab41fa15076ff33718cf7bd1902b19382b44e9e80a8

    SHA512

    89e28891bfd1412f5042c86ee7b750bdb4eee675ecf4eaf4fe7b2888315e3fe3da310f1211060ac1688850795dd3b832d3523980bf6fe3cc66eca408d592d999

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaf0292af5f9bf8f27d0572df86d3a92

    SHA1

    c15dba36e8beb318ffb844f1b48f9192da3aa772

    SHA256

    2773293a9b6e66de7a63df02c6f3be38380e60a6077357534ea0def6a6f7ada8

    SHA512

    34c4a07a3d2bc016057d0757aad112ff6436ce73e9b0514abc46103beb0cf355e01b181cd177f13de272c31cededee81cdab3c1cf77f73b6834444352000bcc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0feeeeecea07a896a6f3468743fb7ac0

    SHA1

    1bca1348e70fefbd1f083116b43f79b9322dd3ee

    SHA256

    4be02486324e83ff21c65c7e70f303ada2c380c7f0a993e6b10a5ba3752049b6

    SHA512

    bdec32e8e71f966e8aa566b75a728fd0c2d141cde93aa826ec4baa40561f1e1df2868a8df80e4bad5ebcd78e0072ab85f5ac4205d02ee00271b13693cf37e3eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a26b4d03a1006be405a9fe1431af1c40

    SHA1

    6ad27fa7fc5de474afb8e8d01d29c21f7f477ac2

    SHA256

    39d5885c72f24c92e60b0b740064b9b97aaa5f06da08d29ba22d2a94372827c8

    SHA512

    82bfbe8656a048c5c469c35d7606936b35d7b1640c3d1d36398e93d7e4c9af5b779c377ccc10a12b7ab46a07db75a22ef2c132678019d1909a6fd5a624791b09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eeba621d0694936e730e7dccb48ff80e

    SHA1

    86f882119018a4dd0e06acdf561ee6d31ea7ff0e

    SHA256

    a1892e9322376455a6e9488a47afd5a05663f83bc86727398e47a9ab862ff047

    SHA512

    b566bc9d17737fb9e7aa30f93eeb0bddfdf13e3ac5fd0e247f5851356791333496b1fd862c6a270271379f4901e0159890eeb6c3e1b420f29795cb03840213e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c48ab33ee06aa3c8a81a7c0f3cea647

    SHA1

    87200333425d4fdf1f24b10518987daa25138956

    SHA256

    a6c22c55320cd98a3ee7f0f1d03f29d4b537650a5ebfb816f3ef75290c1cccc0

    SHA512

    8a23e2e1e784beb1659188a15821119450bdd83b71c7046898f06bdc64d3c036482405ca021bcf32bcc8572ce0cfadebe78a6a6daaaa150a4c44e20f00680e42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9212e3f5bdf9610b1dd932f201a30eb3

    SHA1

    15a5c763681c8963d0dc42c49ac0d45b5e5c58f1

    SHA256

    059fe09cb14dc861c4bcff7ba18bc4b22f6f01a41cf0ea59b0a9a111c34b1389

    SHA512

    f92b06e3a1a499f0cd472d3e652afdf4a0047a419d40754094df1814455e7eba03b405ab28e5d6b94fc1ebb7c214ff7a4133856a7e9c2ddb1e2fa08431f31d3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22ee74f0c3a2c39652526b2b32aa0fdf

    SHA1

    29c362b404be9866160ddcef1d38dc3e490cdfc9

    SHA256

    767aebae5b6367074c94c44e09f85ad5cbc87143f551dff77eb2a17816e9ea55

    SHA512

    e77f0c8dcedffb0e8bc36110c1b771da0a0de96028cab105016c64f6341f947b874fc88fc84df1055a7f4fb0f8b41da0f2477d3a768483e02b6a8e2cb656788d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cd43839ae152f033d516341754fdf91

    SHA1

    3f64450fcedecc399ebe881f5afbcb16b2c88773

    SHA256

    a094ac8d0fe17ed15803309fc3690f3bdcfaf9911c98bd27f56119b73c93a2f1

    SHA512

    faccaff8e8c78d1fc4ddd33e9a7687e97217781b5a80190c15144870eb8a16aab0dfada5f00ab0921cb8a7c5fe81329a77ac63f9d96ffa201b106f963b5cdb28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad43860328a3adb5dd86adbe39835d25

    SHA1

    0b27177f803db53ba395e11c0d6eb6ff4fc7e1d6

    SHA256

    aa519f9f2322838d3adbcd91c914e5fa2897d90ee4135ea06cd6250103912e00

    SHA512

    36d3e084ef07042d18fd40b99093848c9239a1471a8512de7fdc370684999f631a518fa6e866cea38407363ef0c1637d0222f974d73ea659c6fb2dfcde07272e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDC6B.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar176E.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit