Overview

overview

10

Static

static

10

publish/OpenAL32.dll

windows7-x64

1

publish/OpenAL32.dll

windows10-2004-x64

1

publish/Ry...ll.xml

windows7-x64

1

publish/Ry...ll.xml

windows10-2004-x64

1

publish/Ryujinx.exe

windows7-x64

1

publish/Ryujinx.exe

windows10-2004-x64

7

publish/SDL2.dll

windows7-x64

1

publish/SDL2.dll

windows10-2004-x64

1

publish/av...59.dll

windows7-x64

1

publish/av...59.dll

windows10-2004-x64

1

publish/avutil-57.dll

windows7-x64

3

publish/avutil-57.dll

windows10-2004-x64

3

publish/bi...-0.dll

windows7-x64

3

publish/bi...-0.dll

windows10-2004-x64

3

publish/bi...-1.dll

windows7-x64

3

publish/bi...-1.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

3

publish/bi...-2.dll

windows10-2004-x64

3

publish/bi...-2.dll

windows7-x64

1

publish/bi...-2.dll

windows10-2004-x64

1

publish/bi...-3.dll

windows7-x64

3

publish/bi...-3.dll

windows10-2004-x64

3

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...ic.xml

windows7-x64

1

publish/sh...ic.xml

windows10-2004-x64

1

publish/sh...tl.xml

windows7-x64

1

publish/sh...tl.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-12-2022 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    publish/share/icons/Adwaita/scalable/status/semi-starred-symbolic-rtl.xml

  • Size

    7KB

  • MD5

    436a6308d075793b72ba4d32e2ac59c0

  • SHA1

    4efaba46259016b32dad665b33697464cf0b7f6f

  • SHA256

    8b05daeba04927b256bc7222641265a22b400e43312ec910c797adda7429384b

  • SHA512

    3a75f731ddc5b7bc99fa9b97f9a992c940888ab13992203cbb19175fe3414f5b8a2ddc4c51ce5e72bbc3038422072d3bf9039a89ceb0db0beb885a40776222b2

  • SSDEEP

    192:BkY3alVUOkLcQaVG2DDYg5PzI2yDj39CV33qaOjzslduXgcbtyC:aYbtLxaV9/Y87ByDjwV33qa+zr

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\status\semi-starred-symbolic-rtl.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\publish\share\icons\Adwaita\scalable\status\semi-starred-symbolic-rtl.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3236
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3236 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f7b6855beb7fde6cdb1a2a9ba9fa6bcd

    SHA1

    fd947696cabb78e309ad669dff0b980b17818567

    SHA256

    f1630debcf83e724c695443316dc8ad1abfb9d422e1450edbd3fc87b23f0649d

    SHA512

    e21c7570af2e3a77ce35f0f4ea4bef6b2a96bb7910a5c84eab60cba45a653b428c92def96f3d9bf393a156ccb901eb9f131eee2b71b91c20c38bf50b9ebe554e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    b0cab2e07c991535875990dbc849bdc0

    SHA1

    afa32f81838f6a94a224d82a5f6507021dc4d728

    SHA256

    94c60bde224b91af68fd31b0e505bb0c3a2423680ad0a5cea41f262d02403ee4

    SHA512

    bb885a8fc24ff10c4ff20e846566c0cc3310701ff8df5b83e311f23e86a5b85985b580114126b22affe1fc82cc2c411bc412b512bbd25acfb99d9200e60ab749

    Download Submit
  • memory/1448-132-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-133-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-134-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-135-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-136-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-137-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-138-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-139-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1448-140-0x00007FFDB2AF0000-0x00007FFDB2B00000-memory.dmp
    Filesize

    64KB

    Download