Analysis

  • max time kernel
    127s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-12-2022 07:33

General

  • Target

    InstallSetup/bin/SMI/Schema/WcmTypes.xml

  • Size

    1KB

  • MD5

    32731cf7bbadc49604b4eb4b0c0bcd62

  • SHA1

    35393a2dcbea0addbfbbe32e2504c892cc8d5c83

  • SHA256

    cd701b2bdd71894d2613decbee016446f8261d6cbb51493eeff372530b00e1f1

  • SHA512

    214507a4a359346a86b2c240e2b74ed1bf1943b5bf69db579a0aa2c11fbe3431675d74f3668f8cc2a5c70af925a0d45e535444ba78bec644b5d1e2093edfbada

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\InstallSetup\bin\SMI\Schema\WcmTypes.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\InstallSetup\bin\SMI\Schema\WcmTypes.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:384 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    ef882f1932c9dd68c8afda2ebc27364b

    SHA1

    4593fc073e078220e8d3e5fb6cf205430119c058

    SHA256

    5144288105e9dfc259e9526551a92ff8f2edf2c15f395c4b3948930139bece23

    SHA512

    abed9efc412039e8364507af7c857e2bb88ded864ef4d7754e6b4ea4ea750217954a672efb3a6c663498858e5c7660a33b02891f0f0d2b11a9616bd7c138931c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    4418f2165c37a7a68299e7c592d4cb0c

    SHA1

    1d1e8c6d20496f3e658bf65419bfbeb5e87c6fbb

    SHA256

    5f2aa183f71539e478593adf794134882d05352f5ef7ca511b373654c5361149

    SHA512

    1f127211b32efa64ea83bfe93c231dcf0cdc13b92a8af663b3632b3bbb98698620d013468333f95b70bc8b65ebc56397314f5fa04a7efcfbb63b0a706ec7f3f7

  • memory/3148-132-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-134-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-133-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-135-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-136-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-137-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-138-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-139-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB

  • memory/3148-140-0x00007FFF4E310000-0x00007FFF4E320000-memory.dmp

    Filesize

    64KB