Overview
overview
1Static
static
Software-P...rk.xml
windows7-x64
1Software-P...rk.xml
windows10-2004-x64
Software-P...ht.xml
windows7-x64
1Software-P...ht.xml
windows10-2004-x64
1Software-P...rk.xml
windows7-x64
1Software-P...rk.xml
windows10-2004-x64
1Software-P...er.xml
windows7-x64
1Software-P...er.xml
windows10-2004-x64
1Software-P...ht.xml
windows7-x64
1Software-P...ht.xml
windows10-2004-x64
1Software-P...er.xml
windows7-x64
1Software-P...er.xml
windows10-2004-x64
1Software-P...rk.xml
windows7-x64
1Software-P...rk.xml
windows10-2004-x64
1Software-P...er.xml
windows7-x64
1Software-P...er.xml
windows10-2004-x64
1Software-P...ht.xml
windows7-x64
1Software-P...ht.xml
windows10-2004-x64
1Software-P...er.xml
windows7-x64
1Software-P...er.xml
windows10-2004-x64
1Software-P...56.xml
windows7-x64
1Software-P...56.xml
windows10-2004-x64
1Software-P...64.xml
windows7-x64
1Software-P...64.xml
windows10-2004-x64
1Software-P...56.xml
windows7-x64
1Software-P...56.xml
windows10-2004-x64
1Software-P...64.xml
windows7-x64
1Software-P...64.xml
windows10-2004-x64
1Software-P...56.xml
windows7-x64
1Software-P...56.xml
windows10-2004-x64
1Software-P...64.xml
windows7-x64
1Software-P...64.xml
windows10-2004-x64
1Analysis
-
max time kernel
123s -
max time network
191s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/01/2023, 20:25
Static task
static1
Behavioral task
behavioral1
Sample
Software-PC-2023/playlistformats/resources - Copy/MissingLinkedElement_Dark.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
Software-PC-2023/playlistformats/resources - Copy/MissingLinkedElement_Dark.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Software-PC-2023/playlistformats/resources - Copy/MissingLinkedElement_Light.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral4
Sample
Software-PC-2023/playlistformats/resources - Copy/MissingLinkedElement_Light.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_dark.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral6
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_dark.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_darker.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_darker.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_light.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_light.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_lighter.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollDownArrow_lighter.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_dark.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_dark.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_darker.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_darker.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_light.xml
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral18
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_light.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_lighter.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral20
Sample
Software-PC-2023/playlistformats/resources - Copy/ScrollUpArrow_lighter.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Software-PC-2023/playlistformats/resources - Copy/aac_filetype_256.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Software-PC-2023/playlistformats/resources - Copy/aac_filetype_256.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Software-PC-2023/playlistformats/resources - Copy/aac_filetype_64.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral24
Sample
Software-PC-2023/playlistformats/resources - Copy/aac_filetype_64.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Software-PC-2023/playlistformats/resources - Copy/aif_filetype_256.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral26
Sample
Software-PC-2023/playlistformats/resources - Copy/aif_filetype_256.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Software-PC-2023/playlistformats/resources - Copy/aif_filetype_64.xml
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
Software-PC-2023/playlistformats/resources - Copy/aif_filetype_64.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Software-PC-2023/playlistformats/resources - Copy/aiff_filetype_256.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
Software-PC-2023/playlistformats/resources - Copy/aiff_filetype_256.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Software-PC-2023/playlistformats/resources - Copy/aiff_filetype_64.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
Software-PC-2023/playlistformats/resources - Copy/aiff_filetype_64.xml
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Software-PC-2023/playlistformats/resources - Copy/MissingLinkedElement_Dark.xml
-
Size
1KB
-
MD5
29f044467dde443be87dcdf7518f9b9c
-
SHA1
bcd4fd5bc8987a6e10095253e0de2d76abcb0bbf
-
SHA256
16f2efcbb0246a503a86f50b8f966fc250a72a8ab8c3736bc0cf79cd7ed957d7
-
SHA512
a60b9505fbf0bf72389ec574e4971c3b13fb3db87abdedb453fa3e9cbbc966e3e4e95df89149a0d519b08bbe9a2057c0b0256b831702da4c946699faadacafd4
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb80000000002000000000010660000000100002000000075db814572c50dcebceed9e6824bf01515915493606932ce6c3ac2ad3b1a82c0000000000e8000000002000020000000813797dea9fd804be972f1c833d32c36871a8812373402dadc82cd2e47ccd2d19000000094fc75f300c2221412984baa34f4e85d47f62c189d79d51e4b6bc240e26212f19fe6d58084739e23b7fac6f91379fc329bd65b3f3877fed2e5df1a66a48938ce736ce3beba65bf1c4707e19efbec6573292a6aa6b932211fd14e2abd3f3095871ca55b5d5388af38c1d63b539a72ab2e53fd880aa311a43a155e2e2946fce7308d9fb9ee0e4e98d7bc7356e571b7937140000000391f2a75f799965db64a50ba92ba70c5822c64e03e7181c8c68d18d80ee2ee9f727625af482993ed946a326f0552830f1008ad386bb602066438a3313fca0cd7 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0CC3EF1-8AE4-11ED-9B91-62E10F117DDC} = "0" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb800000000020000000000106600000001000020000000346c036ee0e9b123d67a6536cdbc549b1915124e40f2f50f77780e818853732d000000000e8000000002000020000000b09832f78ae3f657426f633d16bf2bed135e09015118a2be6d018b65e26f83b6200000006fb981e51b69d45156326fe8325d64c59f4d1b4db05be5536fa2aacd5631505840000000d85e639803c7a59dcd3ce02d87bed68a45e7c1ceeca2ed42c0deef1fcd8c7bc90239d97fccaf6fef8c7782041eda8bddc0906107e0323a45ca3a8ee77557b0ca IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "379459982" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0754476f11ed901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 324 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 324 IEXPLORE.EXE 324 IEXPLORE.EXE 768 IEXPLORE.EXE 768 IEXPLORE.EXE 768 IEXPLORE.EXE 768 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 976 wrote to memory of 848 976 MSOXMLED.EXE 29 PID 976 wrote to memory of 848 976 MSOXMLED.EXE 29 PID 976 wrote to memory of 848 976 MSOXMLED.EXE 29 PID 976 wrote to memory of 848 976 MSOXMLED.EXE 29 PID 848 wrote to memory of 324 848 iexplore.exe 30 PID 848 wrote to memory of 324 848 iexplore.exe 30 PID 848 wrote to memory of 324 848 iexplore.exe 30 PID 848 wrote to memory of 324 848 iexplore.exe 30 PID 324 wrote to memory of 768 324 IEXPLORE.EXE 31 PID 324 wrote to memory of 768 324 IEXPLORE.EXE 31 PID 324 wrote to memory of 768 324 IEXPLORE.EXE 31 PID 324 wrote to memory of 768 324 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Software-PC-2023\playlistformats\resources - Copy\MissingLinkedElement_Dark.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:976 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:324 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:324 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:768
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD519b922059d05bdd34588b8c5710fc0df
SHA1aad591db194d7e53fde76edb2b7d024bd874321f
SHA2567761e1ee991e55e2f09103689e2f5320853a3a62e4ad6fe386bf2ca420aaf2dd
SHA512846ee5368b16071b2dd3835ffd2587f00abb758bed44990e949a3045323117c63ad932f1fe4e4bed58815c0b3255764d71c58e53e0dd566ebce35c51cc586f1b