Overview
overview
10Static
static
709c28d864e...ad.apk
android-9-x86
1009c28d864e...ad.apk
android-10-x64
1009c28d864e...ad.apk
android-11-x64
10about1d.html
windows7-x64
1about1d.html
windows10-2004-x64
1about2d.html
windows7-x64
1about2d.html
windows10-2004-x64
1app.2d89045a.js
windows7-x64
1app.2d89045a.js
windows10-2004-x64
1app.html
windows7-x64
1app.html
windows10-2004-x64
1app_get_version.html
windows7-x64
1app_get_version.html
windows10-2004-x64
1aps-mraid.js
windows7-x64
1aps-mraid.js
windows10-2004-x64
1bakchat_privacy.htm
windows7-x64
1bakchat_privacy.htm
windows10-2004-x64
1base.js
windows7-x64
1base.js
windows10-2004-x64
1error.js
windows7-x64
1error.js
windows10-2004-x64
1home.html
windows7-x64
1home.html
windows10-2004-x64
1index.html
windows7-x64
1index.html
windows10-2004-x64
1jquery-history.js
windows7-x64
1jquery-history.js
windows10-2004-x64
1jquery-res...min.js
windows7-x64
1jquery-res...min.js
windows10-2004-x64
1jsbridge.js
windows7-x64
1jsbridge.js
windows10-2004-x64
1libwbsafeedit_64
ubuntu-18.04-amd64
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
13-11-2023 22:00
Static task
static1
Behavioral task
behavioral1
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-20231023.1-en
Behavioral task
behavioral3
Sample
09c28d864e89a2686f821d6ec76897620f25113dd954d061eaba74580d7aaaad.apk
Resource
android-x64-arm64-20231023-en
Behavioral task
behavioral4
Sample
about1d.html
Resource
win7-20231023-en
Behavioral task
behavioral5
Sample
about1d.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral6
Sample
about2d.html
Resource
win7-20231020-en
Behavioral task
behavioral7
Sample
about2d.html
Resource
win10v2004-20231020-en
Behavioral task
behavioral8
Sample
app.2d89045a.js
Resource
win7-20231023-en
Behavioral task
behavioral9
Sample
app.2d89045a.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral10
Sample
app.html
Resource
win7-20231025-en
Behavioral task
behavioral11
Sample
app.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral12
Sample
app_get_version.html
Resource
win7-20231023-en
Behavioral task
behavioral13
Sample
app_get_version.html
Resource
win10v2004-20231020-en
Behavioral task
behavioral14
Sample
aps-mraid.js
Resource
win7-20231023-en
Behavioral task
behavioral15
Sample
aps-mraid.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral16
Sample
bakchat_privacy.htm
Resource
win7-20231020-en
Behavioral task
behavioral17
Sample
bakchat_privacy.htm
Resource
win10v2004-20231020-en
Behavioral task
behavioral18
Sample
base.js
Resource
win7-20231023-en
Behavioral task
behavioral19
Sample
base.js
Resource
win10v2004-20231023-en
Behavioral task
behavioral20
Sample
error.js
Resource
win7-20231023-en
Behavioral task
behavioral21
Sample
error.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral22
Sample
home.html
Resource
win7-20231020-en
Behavioral task
behavioral23
Sample
home.html
Resource
win10v2004-20231025-en
Behavioral task
behavioral24
Sample
index.html
Resource
win7-20231020-en
Behavioral task
behavioral25
Sample
index.html
Resource
win10v2004-20231023-en
Behavioral task
behavioral26
Sample
jquery-history.js
Resource
win7-20231023-en
Behavioral task
behavioral27
Sample
jquery-history.js
Resource
win10v2004-20231025-en
Behavioral task
behavioral28
Sample
jquery-resizable.min.js
Resource
win7-20231023-en
Behavioral task
behavioral29
Sample
jquery-resizable.min.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral30
Sample
jsbridge.js
Resource
win7-20231020-en
Behavioral task
behavioral31
Sample
jsbridge.js
Resource
win10v2004-20231020-en
Behavioral task
behavioral32
Sample
libwbsafeedit_64
Resource
ubuntu1804-amd64-20231026-en
General
-
Target
index.html
-
Size
631B
-
MD5
99f22509a1966facd2ccd8b7b52b5a6c
-
SHA1
d91bc81dcf8f0b518969acd74078d2fd99e2ccd2
-
SHA256
f14efc734f1f03b9e6eafa918da4d46a19e56074454a1ccf70db113229d8a5f3
-
SHA512
5a289ef7b231b294d3e44c98f6b62f06cd1521ff68be57d77d5fea8c2e6b2f966ba03c2193b8005b90b4b9865e904681f0569ba843744b155e6a71e2c9d67ac1
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406074714" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd500000000020000000000106600000001000020000000062aaae55265f1b53bb5fe156ca5fc6bba3abb1fa45995a2b93ececcaa92c705000000000e8000000002000020000000bfd52c0588cd663b38181999290074e54cffc275af2ae5d9d6f6c239835ba3bc200000005c37340dbd3576ce2eca0759c071a368b9dcf42cbdc0f382055d4b56810f2c6240000000cb90ce36d9d6731bea0b4d34ffb562cafa64b22f2f2ad21909915746d8b21984a92c14607b28c06a1689bfb80a5c46a984bb4838817b799a6a0a956a13e5d221 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd5000000000200000000001066000000010000200000004dfdec9b7c17ab4e4e77c7d22c1fe1f814003f49cf700591c0421fd98ca4ab75000000000e8000000002000020000000d4b36e3ffa29e86c5649f63169c9f13af403860a2280fe57c34892fbc0d4ed9090000000fae8732e78dbf0a6e77af8cee29b3048013c9ad8fd124fead47db0fed59a186e8adc5a77e63d5580f51fdeecdeb49334bd58b85aae9de8e87982c37e47da310364f6fa966248eaef52aa183f982b779f3b36f98c4d417dee71a7214e537cb58bfc4e257004e1050ce87dfef78cdc6432d532f4ecdb6a1a3ba5ab6f5deaf839439eb67762c5272d529d70af7c41c4baf4400000005ac1df5b5aa2bd4aa83b818615dd8c6ed326457f356ff8dd9f5f103e0692e3ef2f325bf7ea7f90068f66acf47b1571cf67d0c49189d7ffa0655f8706b4846ebc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08f88e17c16da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C4FCB01-8270-11EE-95DB-C2FF944EDF5F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 1668 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1668 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1668 iexplore.exe 1668 iexplore.exe 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE 2740 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid process target process PID 1668 wrote to memory of 2740 1668 iexplore.exe IEXPLORE.EXE PID 1668 wrote to memory of 2740 1668 iexplore.exe IEXPLORE.EXE PID 1668 wrote to memory of 2740 1668 iexplore.exe IEXPLORE.EXE PID 1668 wrote to memory of 2740 1668 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2740
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD507e61ca1cc914b828ffc040e2f03ecdb
SHA1c09bf8a6ed65b9add1c7a1c5dc5f9d10b3eef0c9
SHA2562602a675c1de67bbc24cab39cde5ea13d5fc744c3b301d0c5bff7b6777e9f363
SHA5129c680875beca9d271711be68e2eada8a0c206dadd9d0b84ebf720b4d1d5b8ba479dabe8b38b82cf936c0160d737114b7f165a71090ff9711b94d5797741dab14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f703ffd502fc795c0b6ceec588b51447
SHA16adc56414f499dd0d5c9297fa43d8b91f8357006
SHA256d314994b02ec43c60fe257e89952c9b0ddc344cd529bfc6dd2d8c47eaa789b65
SHA512fd36f935df0b21e2baccc479506cae5ff93d02acf88906672594b0cc0af8692187efd3722b5c41ce2288cef747d1dd6c05cd167c8058e9713d4302fe7d210ad6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD548fc9476cf9a684d71acff8f1da1ebcb
SHA1db708b2cd79e07d99b7c6c0508cbd60e7a64472d
SHA256273a57855023fe526bb6463cbbdca0dad83bad24dc7d7f6664f6b835e59d4a74
SHA51242c1049d5577f10dea0ba5eb7a7c5afd21a19a287a08f51a127f5391c002e599510a1c0afd6780d132ed925fb72e908608c7e1a6d56eeb106a1bbfcd0387be75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD594d6a642cb9af3280276077f77132de2
SHA13b247c85c38e9c6746effe87a924d2c1fa78a7c7
SHA2565d60062cee3cf317ae7937f76e5e88674f8b2d6b0c80c871ceda8e6457f381e5
SHA512091ac0309f126e052dd0ec9ee13e1a0ba0d68ef8136a6e19b3f08fbf91ebae2262128f66b78806596d42d1b7e6ecdb76ef98eba417fe791fc35bfafdc9a0d8ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d041906d87860844a379fd9a79594c07
SHA1c30de3be46b9ba8df3da005394ed59a0243ce0e0
SHA2560f51946e75b7ea0866541dfdad63437366eadce68276e72efa808dcabc439f8d
SHA5129eb19cfc35df9f04f82e4ebc99e2315d94843cf554382a7e478a5377eca1e610f7876981728b578f61cf028897508f691657c49d9c6883ffc942696fcd6cac9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f3d67f1af7ef5a80117992133b83da81
SHA1093b4de6f9d3604c09126ba222651e632109ee8c
SHA256bd10904d651fe93dbdfb35e4439aa57c920963fc5a35b449d6ffc41ce547de89
SHA51279a1f83cdb60502fc3fdbe1bef799dc640590cf1dc390fb1a4a94018619f2841413e3b3bb195eeca7cbe1eca29b8010289af7b0c435b7b83cd23871133fdf685
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b54e0fe4985f44a0604991e875baa78
SHA13e71e1708ae11fbc4fa033a02d2b4b45acf7bc26
SHA256aa69280db60895e6e1dd63c6be6c15b97499060c353616b2dc361d5996b01d73
SHA512073955d4ccf83962a58a446f53a2280db80bc5a27f28bab0a85f7a8b3ea1f4d32053f953c7584bd50999aeae739250d312c0a015978170cb472d50d1abd2b295
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52793da7c3f4063991be7e6ef680b2b58
SHA17845ef870aee6daff9b07020425417ffe9544d41
SHA256ea1de2a1736c930c14d3cd11ed3aceaf06f1f64b571430cd523b81cd8702a7d7
SHA51289fad181846736be9312cfd6731ac2f2f545b0cb316e8d4bb24014b56d54bab661d10f7815d0af847ffd90dc6d474d3d29931a4713035bdc5ade6d5826d15f8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51b11115fab99ce765fb0c1d9f52500ab
SHA13964b365763c7ec7585f259a60b8583001b019a1
SHA2567c1b588e597e8e2c94bb8a27ae9badebb4b85af52838c4d1bba6175b64e611bf
SHA512323604a9fd26173278844cb88adadf31cdb74f1642431c436837d61850a2f294ac35eb5cfa06509061a2c44999aae18259ba87df82c42b757e7cf422a7784140
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf