Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

1

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

3

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

3

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...tl.xml

windows7-x64

1

publish/sh...tl.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    73s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-12-2022 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/share/icons/Adwaita/scalable/mimetypes/inode-directory-symbolic.xml

  • Size

    3KB

  • MD5

    1a9526bce4500770dc9da3fac276de77

  • SHA1

    8e3be08d46567e15b0d7beb9c749ff361d61aedc

  • SHA256

    4698902117a08b3a216ec9187382b94d85d23ba1230497b823bc4f0398301b3d

  • SHA512

    2860804f3b03574b29679fc070f167cb7c4c5b69f7cd0352bc68f74c665e5075dcb543441bd424dac29b04205456f6d26ccab021b1bc879fd41a5819598e824d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\mimetypes\inode-directory-symbolic.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\mimetypes\inode-directory-symbolic.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4948 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:932

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f7b6855beb7fde6cdb1a2a9ba9fa6bcd

    SHA1

    fd947696cabb78e309ad669dff0b980b17818567

    SHA256

    f1630debcf83e724c695443316dc8ad1abfb9d422e1450edbd3fc87b23f0649d

    SHA512

    e21c7570af2e3a77ce35f0f4ea4bef6b2a96bb7910a5c84eab60cba45a653b428c92def96f3d9bf393a156ccb901eb9f131eee2b71b91c20c38bf50b9ebe554e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    a948fc6e2c0902de3836855cb4696c42

    SHA1

    72a44379b5c70321d628660e6f91250b59b82549

    SHA256

    c57d3e76c60eef765c7be782e7973ccc0ec994da2f937d4863829c0446bca7f1

    SHA512

    e9de0fd776e23c66067533049f79f537f105039836baf87c3e4844ebb15253376345ec4fc044a7a0d206ae3d24f985841f8445d972394b1a3cc8ce9a5740be35

    Download Submit
  • memory/524-132-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-134-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-133-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-135-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-136-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-137-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-138-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-139-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download
  • memory/524-140-0x00007FF8E38F0000-0x00007FF8E3900000-memory.dmp
    Filesize

    64KB

    Download