Analysis

  • max time kernel
    103s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2022 03:12

General

  • Target

    supportboard/supportboard/media/apps/aecommerce.xml

  • Size

    2KB

  • MD5

    fa621e37708cac3d7ca8d8b258734580

  • SHA1

    9b94865e58d7bcc583296d998063b3db67cbf1ca

  • SHA256

    4e03e082ffc2c4c66ae3f7541bed41fc04f6db49dee72d1403d8ab889c83f7bc

  • SHA512

    70c5681ac86cc35279526e7d39dabcb3286ad0e1313f851b772ec49cf1075777899cfaa54d7dd163836b148af4518f8d776ccca29ab84309bb56a8c693acf1b4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\supportboard\supportboard\media\apps\aecommerce.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1060
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\77UNV3S5.txt

    Filesize

    603B

    MD5

    c47bbc418b64fda8c7ee4709a0dae60d

    SHA1

    41ca86e9206d7e0fb613b04ecd18e74a48db7f76

    SHA256

    ec20f037c63325bcfe21d73891d454ad4025920c2916084bf41afd159965dcc2

    SHA512

    3ec5ff9030e86611e371d9c45e90768c9f025440da0855291c9f82d73f43d4d618ff2dccdbad5db5252a645e7d4c01da26664b7a133f1628a0c5103dab71ab5c

  • memory/1228-54-0x0000000076401000-0x0000000076403000-memory.dmp

    Filesize

    8KB