Analysis
-
max time kernel
256s -
max time network
681s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04-10-2022 16:41
General
-
Target
Data/package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/db2v0801.xml
-
Size
28KB
-
MD5
0f0dd9c711f0080a7389cb98ec8b7e63
-
SHA1
5035fbc4ed4fb31a7b15f3f6dc0ed903c992fdbc
-
SHA256
7ac6f9de83d350313eac33c2ef08432057b4e6d76fc3e916dabd8494d2e6094e
-
SHA512
9477c5052e674c8fe98ed32f0dfa4e21f7cfadd4f628579bc48bd0e8c5d060bcde5f26fa0763e31ad16ae592386244797f825ae13c902da623d19a1d40bc3604
-
SSDEEP
384:5hkEXI9S6J9S6KS8Y542cyRvNEffPFlDGAYwf2jY/UnM/Ywz8bC:PkEXkdcyRvNEHPFlDVY9Fwz8bC
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Data\package\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges\db2v0801.xml"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Data\package\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges\db2v0801.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86CFilesize
631B
MD5b1d411c3132a946537ade4db8460df7a
SHA19765a30c2267a591db1f8c5ed47442c837c6b7bf
SHA256bc6b1fe18d6b563e9fadec976a3908c781b1b58f50e0f819154b5f3bca844212
SHA51207c0a531940af564a1bb9d110b1ed65db3df38e066f77c132620df9e02016e6f70528c36a96a007af9e543334a17cf2bda99f9a1ace6d3fb993525c3a3b85673
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86CFilesize
242B
MD5eb03eabd92371a5d988a0214ba74dabc
SHA1c6dd9d2d7b26648754c4e97a098a62ee9e7760e2
SHA2562654feb3f77d2504a4f69065d092e38be21231a7fc9b015f37e8e6b174193fe7
SHA512d77c7da175916d9f26e038b0ad4a73697d6fb4eb086ff8cb2eca575a35580a20cd12d4623c09d3ff725c8545a6191be1ce76c17f6873e2b66ab35f946e875825
-
memory/1884-132-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-133-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-134-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-135-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-136-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-137-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-138-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-140-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB
-
memory/1884-139-0x00007FFCA2C70000-0x00007FFCA2C80000-memory.dmpFilesize
64KB