Overview

overview

1

Static

static

p1[1].php.xml

windows7_x64

1

p1[1].php.xml

windows10_x64

1

Analysis

  • max time kernel
    93s
  • max time network
    158s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-07-2021 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    p1[1].php.xml

  • Size

    24KB

  • MD5

    dbc5eb61684510fb9bb1282e1ca2e16e

  • SHA1

    53c67abc3374ec69dde3a8657a357432a9b769ea

  • SHA256

    08f954abe8213cdcb39cf791b0bd8b172401e0b02757cc17bbddfea1237c5fea

  • SHA512

    3a2ef2d45bd75731a6e0130052aa7e1a96f6656c9f1c9f69cb3b153f5c7280361e53571b76d182bef69e43212f85adf9c1108baf835006d6d0410dcca881328a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\p1[1].php.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\p1[1].php.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    85bdd812b71b2b12ad92db913d9c9cbd

    SHA1

    dc213a83ff5ee782da45f0b1dd1329f8bbc11ee2

    SHA256

    e28eb93736060a85cc92024abf626c1acbde88091bb331357074b54602d71125

    SHA512

    d41fd81b9b85fbeb5af0ec4ed0c7158a531c96d6b3fc8657236981ea716d4f96551771f33f142926ae0d08385194c8de5a7c4c63715ddeaebd4158d2604dc9d9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\760TQM5H.cookie
    MD5

    acd3a5aee70847e709f80d444c4431cc

    SHA1

    ffdd1b84aac823ab9ac2a9ae2546acbccb8f8015

    SHA256

    80be23bf6240fe78eddaa1b9d864eb210b288f1a16c906f071a561f947bb7979

    SHA512

    48c77e3355a35983691dea4a4787847a66ffac9e41702f50979254eb9996dfe0ecad049144cac0d709fe3344abce5cbe862822d10b15c4d2e253f2de995ce0f6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OU80TR1O.cookie
    MD5

    b7983f129ac7b065566a9186e196e0e4

    SHA1

    cce08da064143256f5fb2810de08ad24d4c3ee18

    SHA256

    2bf6bb196275be70b1f9261f44256f1e4f6a3f3c59cb2c3c32ceb2e18aa76499

    SHA512

    7200b3f12353876373fe31e5ea08c707aa6a44f67a5d2517c1b2fb94955c84bdf9dc2a2b5ac35dda9bb6ef652e9c5caa76dfe5164cc3d58e26b56fe9d4376b7e

    Download Submit
  • memory/2604-124-0x00007FFF306C0000-0x00007FFF3072B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2604-119-0x0000000000000000-mapping.dmp
    Download
  • memory/3968-118-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-121-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-122-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-123-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-120-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-114-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-117-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-116-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3968-115-0x00007FFF0E020000-0x00007FFF0E030000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4008-125-0x0000000000000000-mapping.dmp
    Download