bb6b7ebf49d7bb71b60768215b64e7883a8995dd9f145155f3f012874c226ae4

Submit
Reports

Overview

overview

Static

static

OfflineExp...ow.url

windows7-x64

OfflineExp...ow.url

windows10-2004-x64

OfflineExp...OE.exe

windows7-x64

OfflineExp...OE.exe

windows10-2004-x64

OfflineExp...rt.url

windows7-x64

OfflineExp...rt.url

windows10-2004-x64

OfflineExp...in.vbs

windows7-x64

OfflineExp...in.vbs

windows10-2004-x64

OfflineExp...le.exe

windows7-x64

OfflineExp...le.exe

windows10-2004-x64

OfflineExp...te.url

windows7-x64

OfflineExp...te.url

windows10-2004-x64

OfflineExp...pl.exe

windows7-x64

OfflineExp...pl.exe

windows10-2004-x64

OfflineExp...us.dll

windows7-x64

OfflineExp...us.dll

windows10-2004-x64

OfflineExp...eN.exe

windows7-x64

OfflineExp...eN.exe

windows10-2004-x64

OfflineExp...ne.dll

windows7-x64

OfflineExp...ne.dll

windows10-2004-x64

OfflineExp...le.dll

windows7-x64

OfflineExp...le.dll

windows10-2004-x64

content/mp...lay.js

windows7-x64

content/mp...lay.js

windows10-2004-x64

content/mp...ons.js

windows7-x64

content/mp...ons.js

windows10-2004-x64

content/mp...lay.js

windows7-x64

content/mp...lay.js

windows10-2004-x64

content/mp...mon.js

windows7-x64

content/mp...mon.js

windows10-2004-x64

components/mpint.dll

windows7-x64

components/mpint.dll

windows10-2004-x64

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 15:53

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/BuyNow.url

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/BuyNow.url

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/OE.exe

Resource

win7-20240508-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/OE.exe

Resource

win10v2004-20240508-en

evasion spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral5

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/Support.url

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/Support.url

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/frmMain.vbs

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/frmMain.vbs

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/oee_sammple.exe

Resource

win7-20240508-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/oee_sammple.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/WebSite.url

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/WebSite.url

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/ftpupl.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/ftpupl.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/gdiplus.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/gdiplus.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/keYgeN.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/keYgeN.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/lucene.dll

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/lucene.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/mfile.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral22

Sample

OfflineExplorerEnterprise/Offline Explorer Enterprise/mfile.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

content/mpint/mpintDOverlay.js

Resource

win7-20240220-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

content/mpint/mpintDOverlay.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

content/mpint/mpintOptions.js

Resource

win7-20240221-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

content/mpint/mpintOptions.js

Resource

win10v2004-20240508-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

content/mpint/mpintOverlay.js

Resource

win7-20240508-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

content/mpint/mpintOverlay.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

content/mpint/mpintcommon.js

Resource

win7-20240419-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

content/mpint/mpintcommon.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

components/mpint.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral32

Sample

components/mpint.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

OfflineExplorerEnterprise/Offline Explorer Enterprise/VBSample/oee_sammple.exe
Size

252KB
MD5

82a8d10c2d5eb5640ef8769a93ec29f6
SHA1

f3631b8dc7cae171aede589dd2c213d4daf81698
SHA256

18b4e0248e82684d5a22a926a772cdd85b764a3001d394865c8090deec00586d
SHA512

d52ea6c93e37df9dac67442d6512382c06b4e7c0b2639f0fd81d426c5bb8868cbca3df50015bfc9d657bd2b2a76750151268aefaf46b0d1c9b1a3f76a76fcd46
SSDEEP

3072:3G8Ngxuwn/2T/JeyA/ndPxeKKgy6tMH6nFrqPUoGi7dVE5bzrdKlATE8AiH/D:2ag5n/P/ndPxlty5utqPUZc+3tE8

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

oee_sammple.exe

pid process

2132 oee_sammple.exe
2132 oee_sammple.exe

pid	process
2132	oee_sammple.exe
2132	oee_sammple.exe

Processes

C:\Users\Admin\AppData\Local\Temp\OfflineExplorerEnterprise\Offline Explorer Enterprise\VBSample\oee_sammple.exe
"C:\Users\Admin\AppData\Local\Temp\OfflineExplorerEnterprise\Offline Explorer Enterprise\VBSample\oee_sammple.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2132

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads