Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

1

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

3

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

3

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...tl.xml

windows7-x64

1

publish/sh...tl.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-12-2022 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/share/icons/Adwaita/scalable/status/non-starred-symbolic.xml

  • Size

    6KB

  • MD5

    e27ddf9ac9d222009698c91755e91f37

  • SHA1

    df622a2877b04d698ad39b89f1e2591635c2db1b

  • SHA256

    c602b20c7b60b3b5aa554237bfa371ea484acf7b8a7ba64da23dbaafe5733e5f

  • SHA512

    5cc9cdfc2d20f9c850299cdb121e4986422e835a25350df09ae1a9cdd7b9b02f11f549e61c57a4a697f357f9523216c745a21ea347d1ea5370da9cffa445a01a

  • SSDEEP

    192:BkY3alv39nhwtVN6fF6Knqi3Ec+5ddWcQaVG2WWfIUjFaK:aYGtnitXKJUcC0xaV9V

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\status\non-starred-symbolic.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\status\non-starred-symbolic.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:864 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1728-132-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-133-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-134-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-135-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-136-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-137-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-138-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-139-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1728-140-0x00007FFB98C10000-0x00007FFB98C20000-memory.dmp
    Filesize

    64KB

    Download