Overview

overview

4

Static

static

4

DOCS/Custo...er.pdf

windows7_x64

1

DOCS/Custo...er.pdf

windows10-2004_x64

1

DOCS/attac...ood.pl

linux_amd64

DOCS/attac...ood.pl

linux_armhf

DOCS/attac...ood.pl

linux_mips

DOCS/attac...ood.pl

linux_mipsel

DOCS/attac...tup.pl

linux_amd64

DOCS/attac...tup.pl

linux_armhf

DOCS/attac...tup.pl

linux_mips

DOCS/attac...tup.pl

linux_mipsel

udpmod.exe

windows7_x64

1

udpmod.exe

windows10-2004_x64

1

assets/css...ve.xml

windows7_x64

1

assets/css...ve.xml

windows10-2004_x64

1

assets/css...nt.xml

windows7_x64

1

assets/css...nt.xml

windows10-2004_x64

1

assets/css...ar.xml

windows7_x64

1

assets/css...ar.xml

windows10-2004_x64

1

assets/css...ns.xml

windows7_x64

1

assets/css...ns.xml

windows10-2004_x64

1

assets/css...ns.xml

windows7_x64

1

assets/css...ns.xml

windows10-2004_x64

1

assets/js/...min.js

windows7_x64

1

assets/js/...min.js

windows10-2004_x64

1

assets/js/...min.js

windows7_x64

1

assets/js/...min.js

windows10-2004_x64

1

assets/js/...min.js

windows7_x64

1

assets/js/...min.js

windows10-2004_x64

1

assets/js/...ery.js

windows7_x64

1

assets/js/...ery.js

windows10-2004_x64

1

assets/js/...fig.js

windows7_x64

1

assets/js/...fig.js

windows10-2004_x64

Analysis

  • max time kernel
    134s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    assets/css/fonts/elusive/font/elusive.xml

  • Size

    87KB

  • MD5

    b3f49df7b18d8cf6ebed1fda03da114d

  • SHA1

    cca1a8e9bd1ef9fabdadbaa0df80078c09830234

  • SHA256

    5207f083d3571f600236281dd879879e9332ca05f15d5286a6422dc07384bea0

  • SHA512

    8597b978846557396fb54ccc188a687cb0206790aa8edc1c2ca471b0c3439ca89321a9f03757f3f74654d690e3a1bf05f0dbe672f64f61322e53129ba5031c91

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\assets\css\fonts\elusive\font\elusive.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\assets\css\fonts\elusive\font\elusive.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    003a496cfd41526dddbe8b00273a047f

    SHA1

    f59d563a2a66fe14a3f7787a00e96359aedb5ab8

    SHA256

    c7a19cd00fd53275f30a71c8f5d87161e5caff68207f4069079ea1448a9ebf41

    SHA512

    e4601d093066d6b28e0d99057218f7fb2501fcf24d59b46e0b7babcd24408f4cf0739873b5e74580d6b7a49df6af5ddcc241875ab4633a872a2262b7e7e0b191

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    264883b8e1ba62ac3fa74b17a1be40f2

    SHA1

    3447b1014f1470519ca56e1761e6d26fca9c2ac4

    SHA256

    fe6219f21df2eea11d856dbb6acf09b8edfbe568dcf1b64bba1d910f39c27968

    SHA512

    053c60889f27bdc2f7ff7e465533cdecce94a51d218ac3bdb4656632f185c9624522bda48e88faf18acfe9c0c56a337a9e3082ec0529033900c851678313407e

    Download Submit
  • memory/3756-130-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-131-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-132-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-133-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-134-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-135-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-136-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-137-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3756-138-0x00007FFA6B6D0000-0x00007FFA6B6E0000-memory.dmp
    Filesize

    64KB

    Download