Overview

overview

3

Static

static

1

com.samsun...om.apk

android-9-x86

1

_clapping.gif

windows7-x64

1

_clapping.gif

windows10-2004-x64

1

_thanks.gif

windows7-x64

1

_thanks.gif

windows10-2004-x64

1

_thumbs-up.gif

windows7-x64

1

_thumbs-up.gif

windows10-2004-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

cameraassistant.png

windows7-x64

3

cameraassistant.png

windows10-2004-x64

3

clockface.png

windows7-x64

3

clockface.png

windows10-2004-x64

3

dropship.png

windows7-x64

3

dropship.png

windows10-2004-x64

3

edgelighting.png

windows7-x64

3

edgelighting.png

windows10-2004-x64

3

edgetouch.png

windows7-x64

3

edgetouch.png

windows10-2004-x64

3

goodlock.png

windows7-x64

3

goodlock.png

windows10-2004-x64

3

gts.png

windows7-x64

3

gts.png

windows10-2004-x64

3

homeup.png

windows7-x64

3

homeup.png

windows10-2004-x64

3

keyscafe.png

windows7-x64

3

keyscafe.png

windows10-2004-x64

3

lifeup_en.json

windows7-x64

3

lifeup_en.json

windows10-2004-x64

3

lifeup_ko.json

windows7-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    03-11-2023 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _thumbs-up.gif

  • Size

    18KB

  • MD5

    83342184c2f8b2537751f2c4ceea8262

  • SHA1

    0a2b655fce5e07ea0dfe67b38a7333b4ad7b0fca

  • SHA256

    41f504a9ad6ac2e63ff45482e7b9f8be3aa4108f82d6daf28c3075cf2e0f2953

  • SHA512

    a50c6208bbf1e5e475f47b68fb08f7bb4811e37f3acdbe503db960ee424e9b60a68338c49b1b078ec5abeb4ef75ef12b53aafa646bd4c866e4d57cfc59c6ecd5

  • SSDEEP

    384:bpR+v2zdhCHeiIIIOoSdN7ZidZswsfk3Z6/zDIUggX3Ff8W:1Rm2BcArSxidmwsfkJ6/oU7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\_thumbs-up.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2bf0bcab002b6e18f187df4aab80c96d

    SHA1

    e7802061f0e460ebf441c3ecc08ed16fe3b2486a

    SHA256

    2c842576ccd3c28703f591eb54ffa38f4fc6419b09f0a24eaf6b4ce66cc3fa0a

    SHA512

    b88996809f4c1afdc0764795288e573827d9a932d2f0b3e24443b9c5bff3df41151d2831ff88a27cbc866ce30a835ee27e598a0f5e445f86c137b1b7df4464e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a140877497b60f1f16b5b7907cfcbe4d

    SHA1

    9a929c33c994f6914176648cbcc05d8c80e246e8

    SHA256

    2760a12e3ff1f29cb1808f683ed31405a52655bdd60825b8f45661ece3cecdf5

    SHA512

    4e35c7df1b30c3cb525d6bc36f24dfe29380848177a6903faf16f45e31f5605b741c16a2fdd63e403c8feec13a58def7bd6b106807bacc59097fcfe8257794b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3a5c8fd7ae47b2d906b9ebe76747885

    SHA1

    7879f72cb368f0fe14daf5860d16de09825e3455

    SHA256

    4675d0e996b8ab6fe9be4c52dcb1bd27c50faf583be9293bb4aeb1f8cd009240

    SHA512

    58efe1d53b8c002fad61e71e268a67afd6c31a16925ea57c2cb2d07e24c33ffffbfecfa5b01a60064fdcea7ca5e952439037e7551c5ab791d3feef53c238004e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bdcde465d9accce92a89e830db5f744

    SHA1

    a62ae7f4cf4f95e102877b200361f6fc404751c9

    SHA256

    aff0dd1ac88d61afba91f082b46006b26aa376e0b8074514c55abf4709734aa6

    SHA512

    0ea04544631ab62439d209d1ade1afbd4b84197aabe790da46c1f2be56c4d067485bc629b891244652565f1b908f68c1ddf88ce9bee07843b7119eb9aa36eebb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed34c7d599fca7391ab9e9e11396d2fa

    SHA1

    47328815a192e2ccd475a72f188a8ec597d1ceb8

    SHA256

    ef1247440ba0bfdb4f22db206c25a2022e7817e876f8016ab088bcac74c725cd

    SHA512

    c0c663b1a75548547d05d63e29c586f9f18d15250b88a233c1178c7d81d9e3bdb0d03cc10cd089d7fe38987fb8a00aa9424fcb34285f275a8ef76882148f59f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d1c79cc634658a8e28ceb76608c6c80

    SHA1

    d88b7226b678ef827493197c034e5bab85cf787a

    SHA256

    67b109bdf3f319b2fe5650dab089642488d942e47575a3fc63c1d38866df7569

    SHA512

    dc122d9d45dfe086a5522e3ed3d3ba990dea87534223dd048cbd016e034c393f9aa9d8e947bb306d5a1d3a3f52623d08d010ca9ec8d76e1d80b509002c73aa8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc61eba12b46e79732772239687a46e0

    SHA1

    4d9989dcc165c6fa47190ac26f1bd8d861a35df9

    SHA256

    c45b3dcbca3ca4b4e364d23772c115cb1f77e781606e6710a7a2c48c3e962715

    SHA512

    3598802e595ca822a314f8293beababb9262b7a5feca859d37d488ef23682d590d6508fb7e087dad5c84dc08c98d6f5251805a3871106a5d3799e12aa9a496b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c8579bd5326f07fbffb6343d5bf12ea

    SHA1

    e4945ffff31a64a243ea2ee072739ad6e25573f2

    SHA256

    f512cd7306bb17275e8a890245df1e6255f7a6973b4b70a494be240d2fefeb59

    SHA512

    d4cb42698dde342ac2f7875b44d9352588972a55280aa6e3e66c1435c3c69575e5bc17ad4cfd1eea7287ba67908670d8af1449322db86b8819f71f2a9e4f473d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc5ecd6d4d6ebb120b8dd50372710f57

    SHA1

    f85f491a9d002d9504a1093d3ab754ed59458c8e

    SHA256

    8bac468d042e23238811ef84059a20d0fda4d6863e7d141104b1788afce7f505

    SHA512

    c3678961a93de96c13dd981ab7ac97ad2b08b332a7b270be489ef3662db268c22a452d48b3ec91385a61140de647449ca24666f7beb4ea01361c6dafadeaf1b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c28474d51c27e17494610c9119c73a13

    SHA1

    807ae8b22fa190def5ee8b6d348c73312882fe25

    SHA256

    ade136237dc99dd85c898b2a787290a37085c7a5a380c4751514f3a2e1441a8e

    SHA512

    17a9ac7544d9ab6264c2ceb0d83ad98653fced296a655bf7de3ce0a8aeeb997c3c41b8fc9446413eff6e8edb82358c02f318e11f2dad863a1a02bba49f228cc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    653ecd71854cbc5f8b7533785f3af3bc

    SHA1

    0fb90e458c01a0f97e10829f1107597d6a7cb1bc

    SHA256

    e9d53f3af0aa0da74f0b748d46e90b92207f1c99417446707a38beb20b53545e

    SHA512

    8b641fe29147fce028f15a2749a1405b896336a4f4208655d6b51ef4dba4e4dd769d146dfcd00b8a3e982bbfbab106e609e02cb10b10aaee179b8ed8ab667de4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bba66547c5cfbb32938533f671d38a4

    SHA1

    d6c836a94533a14ef052f49ff814376d3e44065b

    SHA256

    684c4a28b07ba2c9663c836e45f5bf987496ffe26f4b6cdedac983cd00e7ecd6

    SHA512

    5b83b99c936f8335029c0e8f188bfa699c6eee2ac14bd19386d6784fe74ed9eb16a746e70b4b06673845a105990061bf168ec1487708d6b5673c2e11e8a80705

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    906544006b8031c8e3f19f29396e7865

    SHA1

    6a19edef8c9a9f85e605bf16ce1f6ea1d8d45e31

    SHA256

    b6311db0a21441d344a04bc60a03e83239c275e00a411497d9fd1a6cad5bb102

    SHA512

    833e5201e12d8f56964a7f047d4e0f7a8f4620ff718fdc7f55bcb553ef6fb1626149443ed5fb5f9f2366512cf11cd2a9abf6ee71df75a535b1a0b167e58547ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6180e21b2c6d7fe0c70eeec59d7cf67a

    SHA1

    cab31e60752aba6f70e02c80413aedc7ebf666e3

    SHA256

    d4c3fbdf6b4800e4c8b85b5a69fbebfe6aa83592ea9eb6fed2acea5f3fbbe9c0

    SHA512

    6ab193a554976feb4dbce7045f8a75563cdaed400a5e40186ce6456b71e3476398b6683924d7d5e1d16e4368811b91f255b291f7dc0015badf0df8f4eb56a35c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAD50.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarADC3.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit