Analysis
-
max time kernel
135s -
max time network
232s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
08-10-2022 05:59
General
-
Target
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql90.xml
-
Size
95KB
-
MD5
7bcb78a5002bafbb8ebd1b3d3ea7a56c
-
SHA1
27b495895e189bb26ba5bb884dce933131485acd
-
SHA256
a0b013c7d76354298b4b9c5293634da45ef971b8f013e0e2d49ce1c6fd326d18
-
SHA512
482fc566d875bf08bcc554907084218686bd8f4c8a2f395db509fc2473e8a5f56577a6a6d9cee6a8de6b31d4164d8e32babc22bad327a0c8747d90cde1153d41
-
SSDEEP
1536:9ZqkdcyRoiSHSTQf3GlDTYfq0QKUo1o5omoKomo7v2FAv:9ZqkdcyRoiSHKQf3GlDTYfRvQAv
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\package\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges\sql90.xml"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\package\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\Cartridges\sql90.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD550e10d0c1d47ed3dad34cfcd6a9d764c
SHA17ccc215400c6c89e794dcf3b8d7b7ed006e94fec
SHA2564e194f75beef2d97e3b4e3fdf4a49b5ce0b5f7f112097d3093b33d257b2912a3
SHA5127f67c1ac984e0f2de6cb3e12fe856a86a0e6f1d690ad668fa11c94932c5846f12008fc375187e0c93f40026613096184e36aa4804896f736aeb1bec27fb265aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD57d2056feb6294d67fe12c9412c034ae4
SHA1172cb2eb7697101cfc1e5db5400645bd30b6c5ec
SHA2560f98e593c2489804b6d1f955a25dda43beca250b3903ffe5f1e8c9fd2cfb0c59
SHA512bb816163f8df6e513e11866958ab18fdf6e8aa8607ae734418ee6f5a40523ee0381e3f6a207feebe9dfef124cd7b480d057182f88dc4a6304c89b347f0af4665
-
memory/2092-132-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-133-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-134-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-135-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-136-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-137-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-138-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-139-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB
-
memory/2092-140-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmpFilesize
64KB