Analysis

  • max time kernel
    104s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2022 03:12

General

  • Target

    supportboard/supportboard/media/apps/dialogflow.xml

  • Size

    1KB

  • MD5

    aa4c105267d986b640fd2038050fb1f3

  • SHA1

    1e95b09f62613c3a5800961978d7ea0f65440407

  • SHA256

    9e00b002ee4d90207f6a0ad91cba7e2bb34be489afe7ad69cfbafe24be85c5f4

  • SHA512

    0069b3f932df735eb7046a22b1223ab962f7a7e0efbdbb9a35ab33d4d67f0fa6629a4f1f038b5a3f2ba5d95b17524b5ffd54ab9c3c8571910cd3417934345737

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\supportboard\supportboard\media\apps\dialogflow.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1104
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OZM2XDRC.txt

    Filesize

    603B

    MD5

    53c8dfc682a00e58662883dcbee22acb

    SHA1

    1674c991db2dca81d7cb85f095063ea36292dfe4

    SHA256

    5fc66466b3de41d1d30a389db08bfc581111361c49558bdfd6275c9d582c4e27

    SHA512

    a1028c66f458cc30fe48a64d7c83f68c47a2f59c2cb3c17c28c3e3dfefa1df8c63edc7914ed6297f3b6b0baaa973d68d4774357a7ee8f04d4bc608dac8132ddf

  • memory/1968-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

    Filesize

    8KB