Overview
overview
7Static
static
7app.apk
android-9-x86
1app.apk
android-11-x64
7__shortcut.js
windows7-x64
1__shortcut.js
windows10-2004-x64
1__wap2app.js
windows7-x64
1__wap2app.js
windows10-2004-x64
1__wap2appbrowser.html
windows7-x64
1__wap2appbrowser.html
windows10-2004-x64
1__wap2appconfig.js
windows7-x64
1__wap2appconfig.js
windows10-2004-x64
1__wap2appcontext.html
windows7-x64
1__wap2appcontext.html
windows10-2004-x64
1__wap2apperror.html
windows7-x64
1__wap2apperror.html
windows10-2004-x64
1__wap2appplayer.js
windows7-x64
1__wap2appplayer.js
windows10-2004-x64
1__wap2appquit.js
windows7-x64
1__wap2appquit.js
windows10-2004-x64
1__wap2appswiper.html
windows7-x64
1__wap2appswiper.html
windows10-2004-x64
1__wap2apptabbar.js
windows7-x64
1__wap2apptabbar.js
windows10-2004-x64
1client_index.html
windows7-x64
1client_index.html
windows10-2004-x64
1dcloud_error.html
windows7-x64
1dcloud_error.html
windows10-2004-x64
1Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
24/11/2023, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
app.apk
Resource
android-x86-arm-20231023-en
android-9-x86
Behavioral task
behavioral2
Sample
app.apk
Resource
android-x64-arm64-20231023-en
android-11-x64
Behavioral task
behavioral3
Sample
__shortcut.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral4
Sample
__shortcut.js
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
__wap2app.js
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral6
Sample
__wap2app.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
__wap2appbrowser.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral8
Sample
__wap2appbrowser.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
__wap2appconfig.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral10
Sample
__wap2appconfig.js
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
__wap2appcontext.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral12
Sample
__wap2appcontext.html
Resource
win10v2004-20231025-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
__wap2apperror.html
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral14
Sample
__wap2apperror.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
__wap2appplayer.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
__wap2appplayer.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
__wap2appquit.js
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral18
Sample
__wap2appquit.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
__wap2appswiper.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral20
Sample
__wap2appswiper.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
__wap2apptabbar.js
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral22
Sample
__wap2apptabbar.js
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
client_index.html
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral24
Sample
client_index.html
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
dcloud_error.html
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral26
Sample
dcloud_error.html
Resource
win10v2004-20231025-en
windows10-2004-x64
General
-
Target
client_index.html
-
Size
497B
-
MD5
0688f6f7fb47fc7eda5ba0abe1d322f4
-
SHA1
a928e3e030d836998b8886b92d6039f2eca09bbf
-
SHA256
1f60b0784acd3ac1a5b0a91847695de7d26d92bf04c81d4c8d00a7a46b7566c4
-
SHA512
b57592650b16dedf73856ad2d354c59948bf4ab20f6cd46c00f7b54d996fd27fa96596d329aae7fc7ee3b6eb10198a73007d29deb10b62e9990a2a96de60ae73
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31071874" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31071874" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "407559689" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b057d73f821eda01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31071874" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{513FE419-8A75-11EE-92AA-CE8F13F6BB56} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e9837fd1e4a67340aada542b866b214e0000000002000000000010660000000100002000000011d77b975e9ff49793ba981f65672eb56c7da128531589aeae4f86aa12ece06d000000000e80000000020000200000002b8a2daebb4d8e9f2e5e2a3ec703c0c041b6329e23b3d9c1d674d84403a3628520000000b31ce154e055baa06b9eecb71e38b9e3da77ead4d8ddaa82740617aec2a44ae94000000090d983a618a6b9ab695c80c8e8004413d7159b303d27bb5cba5640b5988acb5ed81aacba7540d0bb3d356f316d5856803514fdf6c870b691e5619f96155fac50 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "636548691" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e9837fd1e4a67340aada542b866b214e0000000002000000000010660000000100002000000097432400a4fcf257b7811a1fdf5e6b7cee5910df8202e849fc14af4e39b71092000000000e8000000002000020000000254dfe1f36c891817ae2570184cdfcb8a82b4bc7422def02a3e473a873a1b786200000004aba5a66071da2033d4ad6185ed4a07056f3e68c43a6f300963e593f8be7b80f40000000fc5073f9e768f98ec2fee49fde965c19d95bd94c3e46f3ed88c31b74b415007139e45a4fee6cc31dfd1ea7e90a676cd8364c6eaf7e7c5bddeb94749ba4bb035a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "636548691" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "813735865" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e044c43f821eda01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4436 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4436 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4436 iexplore.exe 4436 iexplore.exe 1928 IEXPLORE.EXE 1928 IEXPLORE.EXE 1928 IEXPLORE.EXE 1928 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4436 wrote to memory of 1928 4436 iexplore.exe 87 PID 4436 wrote to memory of 1928 4436 iexplore.exe 87 PID 4436 wrote to memory of 1928 4436 iexplore.exe 87
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\client_index.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4436 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4436 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD55b6c612c8dbc193688862f41d94973af
SHA1222d27a289f731d9396379fe3f8b69c904358ec8
SHA256ef6743c8ca2bd1973be978c93d5c506f2b4feb1718e775973071f44d4cf3d99a
SHA512f12487b748c0da1abb46e158707eb82b101d32b8ac3c246b265458c952dd848e7b35eafd3c572080a781431bbf9ae680fb6b1f1e876e5e807f3aa173a7c44c7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5532c1fe02f43a44fb59ed913f9e5b5f7
SHA150c61e67e63581eafee8f0fabd1e7efc2f47236b
SHA256b974208369312f943491b77abe8fb52788a7a67723606cd47b7193866e9f7c3d
SHA512fbe36e67aa4685b9f40a6f5e6845452cee29beecebb50eea50b87c26623af57e64aebda2d8a1057faec2b33bc9f4597e2355ae647aa076de5f54c82bcbb14820
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee