Overview

overview

8

Static

static

3

PaiPai_Sof....6.exe

windows7-x64

7

PaiPai_Sof....6.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$WINDIR/Sy...vX.dll

windows7-x64

1

$WINDIR/Sy...vX.dll

windows10-2004-x64

1

$WINDIR/Sy...ec.dll

windows7-x64

1

$WINDIR/Sy...ec.dll

windows10-2004-x64

1

$WINDIR/Sy...00.dll

windows7-x64

3

$WINDIR/Sy...00.dll

windows10-2004-x64

3

PaiPai/DivX.dll

windows7-x64

1

PaiPai/DivX.dll

windows10-2004-x64

1

PaiPai/Feedback.dll

windows7-x64

1

PaiPai/Feedback.dll

windows10-2004-x64

1

PaiPai/FreeImage.dll

windows7-x64

3

PaiPai/FreeImage.dll

windows10-2004-x64

3

PaiPai/Htt...ad.exe

windows7-x64

8

PaiPai/Htt...ad.exe

windows10-2004-x64

8

PaiPai/PaiPai.exe

windows7-x64

6

PaiPai/PaiPai.exe

windows10-2004-x64

6

PaiPai/Pai...te.exe

windows7-x64

8

PaiPai/Pai...te.exe

windows10-2004-x64

8

PaiPai/Uninstall.dll

windows7-x64

8

PaiPai/Uninstall.dll

windows10-2004-x64

8

PaiPai/Web...1.html

windows7-x64

1

PaiPai/Web...1.html

windows10-2004-x64

1

PaiPai/Web...2.html

windows7-x64

1

PaiPai/Web...2.html

windows10-2004-x64

1

PaiPai/Web...x.html

windows7-x64

1

PaiPai/Web...x.html

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PaiPai/Web/Welcome/index.html

  • Size

    5KB

  • MD5

    0f541936b8558e2b3aa97188db0a461f

  • SHA1

    493f6a6dc1cb068c8b43c6b23b788decc3392a64

  • SHA256

    c1bb3992635a6de116290551c68263bfe4d756a28528fec72fdccc7f558467b4

  • SHA512

    5dbd804b3335180a9586d54a53253518bd40521a6917a9e714b3709f6db579a97974df5e915419118742abfe77e08b077834d800bacd7909226e2ed6a560cec4

  • SSDEEP

    96:S41evnhpFaeFaHwhGkx4xrVaoHMTLnZ9KpKi8ZMQUD44:S41evnowQplHMTgKrCQq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PaiPai\Web\Welcome\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b663cd7760a33ca55735f967136f02f

    SHA1

    31a93e67b3e75d3c9d90f41ba760402c89638455

    SHA256

    17c8587745ecc245339af0544a2d442d0465aac9643caa8cf0f03ddcdfb38ab5

    SHA512

    832481289d94ac2eb02c57291e653ac03d2b2ce8f639e42d0d5ea07e42b574f2ef64888a5e4c30ad8abd883bb97042f0ea5ebd8f699f2ad351badff5f54cbb7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f4c6c6133c3c40f81f347cb8ffe8377

    SHA1

    f0e78c9d16275fa2f6d43c5344efbcf65da1e7be

    SHA256

    d5e2996d70960ec9baf49b32b01e83a3e42d40f44667dbf4824a19c9d79a1d4e

    SHA512

    bfe67412cf061b56e278ff5b9011b1462ea0db9addb5c407db498b80648ed35cd3065f4e13a1d8f69ea4910811e7f127f61fa078f0532fd7de0f1c5fbaa65849

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    748eb0df9b42960ef453319b51a4fc31

    SHA1

    f8f48fc59a07b27ecc53d428a0a6479fcae289f7

    SHA256

    30a12b8c36c555f0bf382416bcadc41d18fbe1bfc9d41df8553d707a6d9100b2

    SHA512

    1d514e966647799800909d2271a10cd704f09841928eb986c90e65ee6916d66c08de79be3633526ccf79ca51aa8d521313d6d17f66e5530e2541f4f9862b5c77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00a6eaae7db4b4e1aee86f466573b336

    SHA1

    772523a625dca1ecd3e6381d012ba844fc73b936

    SHA256

    5bcecb8db3f9401709939c293c16a68939b806d90fa39ba1ffd276a208f66dbd

    SHA512

    18a0c259a4d7be942f70a3bace927596eedf129cdf0c42cdc27a840d0d9843f3166d903fe73d710662c9ba6959e6890815599cd9df016faec79f1c362901df1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36dae529b99e0b71684a6760276adff9

    SHA1

    ccab4893ce83ceb19cf0ecd128c789409d5c3fe2

    SHA256

    65ae7084388a4206687b59723e0ed290ac469335f96e4eefdc4fbb7232d1d719

    SHA512

    7c0b66865fb63fcc9dfebe5edcdae81838e1edf9f605db1235c9d187d45a9072a394906c6ff90dc73e0fa16a70394bdabe73193b64fa2c38b3dff6ba82e1e740

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07d2e0183ed3bad039bbc334c817330e

    SHA1

    d93f152eaf33e3b516941e4c2c3c4f523e0048fe

    SHA256

    83f7b639480d14c15e810c654d22c5aafdd712aa67a4edf53a5b3c2589db287e

    SHA512

    73610bae492f2973b78bdfd108739a19f1888e783ae767f7a100b6c20175872b1331bfe17f64bb28638aaccf3270c56a8a0e1d03ab43b8baeeb023071e412e31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc71e45d7757fe002b0d50b443f9a25e

    SHA1

    69bc5627fac399393e74a828dbfd701627d4a1da

    SHA256

    6b00d4a602837acaf82350ad400a51b449eaa894912756722c9d8ab3ff9b60cb

    SHA512

    9dd15462acf279c2b99a73a10acf40e58c12c9ff7d402087788990ec9be565857a6d44436ef3580de323e90fea2950f4a793efa2403a8f2c0f4abb62a10f67ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    208288a54a0d6f851ef21664900e63d9

    SHA1

    18fa19d981d5cab1c62cd31b86370f5357e82d52

    SHA256

    87f6d29f3017b4210199f8bbb128231b4a0023646d32ce2ccec2fa737e9f0126

    SHA512

    915fb0c6fe728cbb6960056abf170cfe4c7ed554afef6193b74d45513121cb87a78d4d3e573168317cef8afc6558f9a44faa58749235ecd6ef818196e017c354

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96d45c23309e45bb388f0f4fab4b844d

    SHA1

    0d9f160e0f93938defed0ab6e3852b1e4aa7f144

    SHA256

    9e177427594e3c943afd76d7bfa5b0cff6c82225a93637e03b42b0bd613e54ed

    SHA512

    ed9d7af6fa9ec4f84d0b2266ed32d96fa3f9d78a3bea53399a444d8848b7515c983168078a2667da85d38fb7172b0967199b5250970106509a0fe5a4f0239c7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb6a7170d391f3b35e0c1312e577f35d

    SHA1

    ab16c985a753ac720d03dfb91dcb1c710076746b

    SHA256

    9612a0e23fdc70dd4936ce1fd828708a10efa3d1614e8ecef7078872fb4c2e93

    SHA512

    547b4c7d46f2d5f0edffd5f31bb98f8380506f42d369564f65e3ea6b052dd29be5e1f4379aafa4ff27433f3102456e69fbc2371ad2eec734c872f7a92dc7a244

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9051bef7b98b326884d28f085df18c8f

    SHA1

    c1833d6dae58515613444188819cdbda13307bf8

    SHA256

    d94fc5cbec07580ad11993b9014bae116df1a893cd4d62c9acfe26b9bc5aaf6f

    SHA512

    5119745f37c6e854677ebf5fa3229f7e3913cdddfc211ec7255e5636d36c6cc99c53695cef37931ebde7178b881739bff325924cc65e34903a67c17817beb608

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5e555e10f780e54f7f19019bb621296

    SHA1

    cbf446a2e6cfdaf31ef94490f85d108f4381a24f

    SHA256

    85526e0942e221f793fa8a8579d25fab0970130d8da84f58d85e4401d272a652

    SHA512

    654908da1c6cb82844e164dbda957724ae47fdf4aeb5f30e0d2b824ccb3c4633b6efbf71752b6a1d87b5b940a8186213838aa1002355c9a3ac2ff7cd69fdea51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cf7e8a946038fc55808f026349cfd11

    SHA1

    b6f1a04c598472e7d7d2682fa2d12da78986a105

    SHA256

    ec0a1dc7be1a0813663b7d8a9d7e65be5872a77efb297382f866f0f0212b6460

    SHA512

    472c67ca17e6b49bea81b9d2258f872549a5fa47e9cd9a8c8349f4ba06847649dd36634d6679b783d34af22e9f398c6264ae6a51d733d00c5530642668cb96d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26756ec8327206363e2854cf6376ea77

    SHA1

    2b64623a98cdbf3a2fa4ed4db0614a5d026da946

    SHA256

    b16fac4c7f81f3a151a493048c71e8bd7bbd038b9dc2553aaa5c648022179b4e

    SHA512

    4f3baf6af5f82756d3bb399e3305772a61e9ce186c760eadb942c3b676ff9a4c833d2bb00bd1973d6d854a41bcc62360f75d3f9f04647aa5da921cce843b3d52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b564204b88fc95d9b7b18460622c00b6

    SHA1

    4d56de06e849bcd6b778c5a6f9d07fb6ac519c0d

    SHA256

    acf2f2fa49f87e971fa63061cf66ad61cdf998b51f91ac5fe1403b947ea99b46

    SHA512

    e546ce23e7a2ccec803a31ad5171d8059111b5c2de37627e70bb1a8576e51015eb925773ba401315528b39cdfd22e21d05afe6e588c5978dc61cc394213cd480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a25a2639ebd96440443d1141e6e617f8

    SHA1

    eb86063ace8c9abae06fdf24124f80028cd3cbd1

    SHA256

    bbed71f55536a18030407e9d30ae55a3de5d8332178372d86daa7aec6db9ec24

    SHA512

    1323efa69e0e5ed4da4fa33251e2273892324dbbb051f96f36a670b73d8372c8a46f0b238ea0ed18b66f674917bffa09220bacd53edb877d1c99c526a06a9bf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf440a92628f0f3bad9806035391e583

    SHA1

    2c5fee077e4c75b4826cba1e8f4d0040ff300fe2

    SHA256

    45e2a5515a18960367f89c02955d644b0329130f20e5a9993c69f388288dad9a

    SHA512

    6020e391cee78315b5e57ccef9888808b7768cc79be4f8e8831d2f6c04f4a729e84045c170cf930e3c07c154f806049b46eb396549d7b2ee324d0953e4f7be6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d90e51904c8100ea678d4cb461b3cc73

    SHA1

    36dd59e1114979357f6150c93c172b07b8cd0d71

    SHA256

    a089a5271d7e1345b53c45f9f75125db661fbe0b0bdb13eadc596319e9598e7f

    SHA512

    88fb4575a1c4756d2febfbe970c302d94ca3facfbba5b230c87f263e168842a63efc564e6b0c3b7c8ca829136564f17444b1620f0ed4acbd2703652acc9c0c33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c81c6c073c15e23dd74c2c19a95db32f

    SHA1

    2032dc708f9b20888ffab6f2cc6cfeac97ab0fca

    SHA256

    c8a7f190ccbbf654b80eaa07969b652b5c96758ae7a8c34efd7fa0c447a2daf4

    SHA512

    a98ff112b5481d65432df67035ac86ea62d786d6077c87c182695a5c8eb312c38fb4f6aa21d6bc23b81e7b63169e7aee7c8581f5e8af6f129001e94776c647fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2679.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar268E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit