Overview
overview
10Static
static
709c28d864e...ad.apk
android-9-x86
1009c28d864e...ad.apk
android-10-x64
1009c28d864e...ad.apk
android-11-x64
10about1d.html
windows7-x64
1about1d.html
windows10-2004-x64
1about2d.html
windows7-x64
1about2d.html
windows10-2004-x64
1app.2d89045a.js
windows7-x64
1app.2d89045a.js
windows10-2004-x64
1app.html
windows7-x64
1app.html
windows10-2004-x64
1app_get_version.html
windows7-x64
1app_get_version.html
windows10-2004-x64
1aps-mraid.js
windows7-x64
1aps-mraid.js
windows10-2004-x64
1bakchat_privacy.htm
windows7-x64
1bakchat_privacy.htm
windows10-2004-x64
1base.js
windows7-x64
1base.js
windows10-2004-x64
1error.js
windows7-x64
1error.js
windows10-2004-x64
1home.html
windows7-x64
1home.html
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1jquery-history.js
windows7-x64
1jquery-history.js
windows10-2004-x64
1jquery-res...min.js
windows7-x64
1jquery-res...min.js
windows10-2004-x64
1jsbridge.js
windows7-x64
1jsbridge.js
windows10-2004-x64
1libwbsafeedit_64
ubuntu-18.04-amd64
Analysis
-
max time kernel
139s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x86-arm-20231023-en
android-9-x86
Behavioral task
behavioral2
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-20231023.1-en
android-10-x64
Behavioral task
behavioral3
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-arm64-20231023-en
android-11-x64
Behavioral task
behavioral4
Sample
about1d.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral5
Sample
about1d.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
about2d.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral7
Sample
about2d.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
app.2d89045a.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral9
Sample
app.2d89045a.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
app.html
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral11
Sample
app.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
app_get_version.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral13
Sample
app_get_version.html
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
aps-mraid.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral15
Sample
aps-mraid.js
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
bakchat_privacy.htm
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral17
Sample
bakchat_privacy.htm
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
base.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral19
Sample
base.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
error.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral21
Sample
error.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
home.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral23
Sample
home.html
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
index.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral25
Sample
index.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
jquery-history.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral27
Sample
jquery-history.js
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
jquery-resizable.min.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral29
Sample
jquery-resizable.min.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
jsbridge.js
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral31
Sample
jsbridge.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
libwbsafeedit_64
Resource
ubuntu1804-amd64-20231026-en
ubuntu-18.04-amd64
General
-
Target
app.html
-
Size
708B
-
MD5
63ec4137ec1dddb92fe9a6a6d4837921
-
SHA1
7fb1d2517bd8ac16df3e9ac77249f6d9b36b32a0
-
SHA256
f3c0cd68e1a826c4f9c2301bf29aa4c299477cbec2b65e23b0e3c8914a294a1d
-
SHA512
4fbc2e5751216e12627389c47711788e9f3c172e28e4150d389dbcfb6ce268de1354eac6f12f9ce36ac70dab1c06d3fe85d1233006aab1fef06b186f4fcc4790
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb43000000000020000000000106600000001000020000000fb802c8b03d4727d06c82e1c5f43cdecda855443fbd96a6bd0724f1c06d795c9000000000e8000000002000020000000ffc6929aabe819b1f83ad6fe9cf1119cbc57e214222c1f1c29052087afd8789320000000f083caaa26042dd9a5d50e94c5405900dab0a988612dc254e46761ce400ab50340000000daf507c5e2c8a299b2810646e1b26470ed7d35c56edb91c8105f64e0e8d16846f3621317e11a31d91783803e6f3b299252ef1dec4d203c3ba4da2924bf85cd53 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f461e17c16da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0A260A20-8270-11EE-AEA7-6A5F8F24FA42} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3734421949" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a786c536d7cd7e4ab8c0af0cd6cbb430000000000200000000001066000000010000200000005a23996ef9bd0d55a501ac98d4427f6f66da9e45bab7534ad25bd17fbd856519000000000e8000000002000020000000cee067db9ab7823d211302abd96faca1533a36d461f6f9f7ef378c2466232f922000000012b2e837a36b96f3ae6dfcb7a56aecf5924e22e4f88b2c172b715822e2bf640540000000231ffab13993376cc45a4497ff0bb69070528926f79ac344b1059968621da3505a7f110e1c429c92f2c840923fbc2824dce34be27341921a1218cc383d04d496 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105351e17c16da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3734421949" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31069820" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3747704657" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406677797" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31069820" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1060 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1060 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1060 iexplore.exe 1060 iexplore.exe 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE 2080 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1060 wrote to memory of 2080 1060 iexplore.exe 84 PID 1060 wrote to memory of 2080 1060 iexplore.exe 84 PID 1060 wrote to memory of 2080 1060 iexplore.exe 84
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\app.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5f59a457c6a757d896155506680f2a4b3
SHA1729ff9a74596409d0df20a5117c50bbfee1d53d6
SHA2568fe76d55560f116cbdc82d512589ec5a122688e1d4d38a1ea6af65596156b988
SHA512c0faf1a2e216ecd8ed1b7dcbefeee6101f7b443da8a944bdd311fead18e6522458aaabf1ff1ea9354d9d78e68a48132022e45cd21ae4094b17a29b746ec5f93c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5a3484bed6e5fd59d863380552412d8d0
SHA17a64d897f8f32cc6ea881fd849af007375e7e687
SHA2566dcdf5c0f0f852dc09badb60c8609f72ac150731658f4c349b7c62f54cf8ffd6
SHA5120a3d37f03c5b627088e8ddf3f54fe4994b05e34fcce9ffe089bd1913884c9607441c34d15ad22686a6b1aaa76c1ea9cf8575c760633700a0f0e9c7e4b5dbce20
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee