Overview

overview

7

Static

static

1

URLScan

urlscan

1

http://www.microsoft...

windows10-2004-x64

1

http://www.microsoft...

android-10-x64

1

http://www.microsoft...

android-11-x64

7

http://www.microsoft...

android-9-x86

7

http://www.microsoft...

macos-10.15-amd64

1

http://www.microsoft...

ubuntu-18.04-amd64

Analysis

  • max time kernel
    1565s
  • max time network
    1510s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2023, 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.microsoft.com/office/project/prk/utilities/SetupPol.exe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.microsoft.com/office/project/prk/utilities/SetupPol.exe
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4872 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    8461a037b38246996c5f98a64b5fd918

    SHA1

    db8bf194f154ebcdedf9b0a8a9adc62d02dff008

    SHA256

    c85675b72791f932ebe52b51bc13dcb761a469b1fbde881c6c4ef6ba93a1b36f

    SHA512

    1ed13f73bd0e64d5609764ee65d642d3c9b658a117616e8e3ed4149b546695183f10befb51f24d471f134ddd02fd3068ea88cf949fde9c8be19bfaddff4a3880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    26fa62bce1b1b9fe42ab0100189fd075

    SHA1

    a9dec1ac5c098f98d9622e0c3c3c35e38bf67425

    SHA256

    8609d587e6d43f791a087b8a7009388d32095c305cda5c150886eb265ad6799a

    SHA512

    4d02482445f4c736972d41583ee90002f2a25a31ca25b077f51e4ce498ed0d223ef75a4b195f718ff72821300e75f77332218d4171f742f1bb6e561145a9b34e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4ZAFWKZ9\www.speedtest[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OAZ5NHP7\eus.rubiconproject[1].xml
    Filesize

    440B

    MD5

    032c93c70f99ca2c8c3ded6a3ed9ad03

    SHA1

    ef721ccdc1d71e7a7daf12772aac237344527289

    SHA256

    f47f5dcd5eb7a601a2351045e31a62791c6ff02e68104edceeb1e0dd4ace4d02

    SHA512

    24c1def27f7243a4cafdf2adc2f7c693947179da337a29a9a9d9f89eb12dba2c2376b781a6478a23472576140c85e81cb051cc0acd33a9f1d2d736f17361619f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
    Filesize

    100KB

    MD5

    b18924cdbec100643e4e6ff8691a44df

    SHA1

    14d8fd21d79e7a9c588eee64aebc69e87414a939

    SHA256

    76fe05b28ffaa77786af4740fff09aef6b1dbf29c767d810c42d1231752584c0

    SHA512

    4778a60f98d499687bd29b93d944aa64ba88a79121afecb3014c3a978adea053b936bd45c498b988aac3b16a1bdbcf5af06b4b106bce0c5d670df0397b6e1968

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
    Filesize

    100KB

    MD5

    b18924cdbec100643e4e6ff8691a44df

    SHA1

    14d8fd21d79e7a9c588eee64aebc69e87414a939

    SHA256

    76fe05b28ffaa77786af4740fff09aef6b1dbf29c767d810c42d1231752584c0

    SHA512

    4778a60f98d499687bd29b93d944aa64ba88a79121afecb3014c3a978adea053b936bd45c498b988aac3b16a1bdbcf5af06b4b106bce0c5d670df0397b6e1968

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\ecm3[2].gif
    Filesize

    43B

    MD5

    6851dbf491ae442da3314f19e8aff085

    SHA1

    ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3

    SHA256

    c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

    SHA512

    89dfc38ec77cf258362e4db7c8203cae8a02c0fe4f99265b0539ec4f810c84f8451e22c9bef1ebc59b4089af7e93e378e053c542a5967ec4912d4c1fc5de22f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\qsml[1].xml
    Filesize

    555B

    MD5

    78894329ef99fbba5c43d01cbe6c37a2

    SHA1

    4294ce1f4430e50c74daa9bdc39de47f1c46467b

    SHA256

    bfd4d4f18bd55e0eeab10bc16bcdb21fa67ff19bcf66080083247065916197f9

    SHA512

    fa10f243e6d2f510b5322db5640f75505e4a2bcd8aa0d412b245c1035554577f625d388ee3b4c2b0a3a3abeb07670a69a60eac8399bbaf797a6ebb7cf2ede2f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\qsml[2].xml
    Filesize

    566B

    MD5

    2cf6ce53ce062c5b38d9a1c1508d486d

    SHA1

    00eccd7869e3b3b842dad8d95c2ef0b4a871c3e7

    SHA256

    04719c01a8c28fc72f3e06149436f1101620efb57c4746fa05c0403cc3820f14

    SHA512

    aee32130122db259ee7303c76d0b26963c662107d9523c3a19cf441f2510d2249e27ce9dee19c23204f09e731b3d9b850f315a35d16e660c3b49dfbf807e13b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\crum[2].gif
    Filesize

    43B

    MD5

    325472601571f31e1bf00674c368d335

    SHA1

    2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

    SHA256

    b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

    SHA512

    717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\qsml[1].xml
    Filesize

    525B

    MD5

    58183287f1701ed45faab300ada4da33

    SHA1

    ae33b97d3e274a38b555e347022ab58d8d2bc032

    SHA256

    30960b16519f252d7eb8281145c079409ffd6bdb260388286a0b3175f7430fbb

    SHA512

    e2d2b64067ec81214b61c915f9ec6066576045bf2088bf53c6a086248c51a0c7e72b6327602e725c8543e38169345e04f4805a4a1e2ac35d304376deff3d5813

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\qsml[2].xml
    Filesize

    533B

    MD5

    19a7e84e8b3b259f307a3dafc37fa2f9

    SHA1

    d97d7a6185586f39ed0848f646344ff26e688197

    SHA256

    2f4b74a58842885c6195d9ba9057fb8c7cfb71511777f7c6567ddf08562b0459

    SHA512

    bdff540365146a24dc48ef675e1c824cfe8d17277f04b30a6d8696582e44b197d70ca1836e4bcae9f0434af1e08d7a5a68819f88facb2a41f003b9dd20b7de97

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\qsml[3].xml
    Filesize

    551B

    MD5

    d4413ab9998f76afc07be0de97c8e202

    SHA1

    9e1dd4bc65915fd2842c5d1d7ff729390d5b98f2

    SHA256

    15147c6e42927a1525163d9fe1d41e24b6a619b97730ca769bd4cf4bc6eabcab

    SHA512

    a258229959475a16d278eafec46f394a8b6f0bae5a576d1a451ce4e4aeb1a50dbd43d03623c17fb0beda5d16275ccfb614008185bc1afca76df7f301b2c26833

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\tap[1].gif
    Filesize

    42B

    MD5

    d89746888da2d9510b64a9f031eaecd5

    SHA1

    d5fceb6532643d0d84ffe09c40c481ecdf59e15a

    SHA256

    ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

    SHA512

    d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\qsml[1].xml
    Filesize

    500B

    MD5

    dcae1f30d3e892cc6a386dc3e4cece01

    SHA1

    e98095b29fb73966134c41902134ad24483e3ca7

    SHA256

    29ff9f3c6b38af1bd6c03a7e2e158b79b4033c0b8592e525bbe441007449a07a

    SHA512

    83ad92dbb2cc42130f4ff793a68c90237f0209137f37793612b3c71ccc57d746f5d851621162976500d01683b3d4dc65a57427aa633c25d0f83a862004b8f89c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\qsml[2].xml
    Filesize

    520B

    MD5

    a072a8962696ee00d4df0f4a597431cb

    SHA1

    3b224c4cbbf38da218a500691b210315fe6f77b3

    SHA256

    8e6cd0b8cd09719124d749ab10a700ab5316d32cf3105b84adcf675ad1cb7a4a

    SHA512

    3a615fd4e1ba338c489b76aaa4ca55063fdf67e984e836c1c8859f5eed10901ae6d52ccd418de5242c2819b51d4e1860a155b3b78202abc4ecb8e00cb4162a7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\qsml[3].xml
    Filesize

    557B

    MD5

    607682d836aaad407d5f8b33659b7b58

    SHA1

    7c6d3877a7d41916855c5298781320bf8144854c

    SHA256

    007e465cf9985a88b47df1479c3527004c57ef4528f0984796c9921d079a2b5c

    SHA512

    5bcbbffadbc33f63cc496d2031d47bc014512cd636e640b6910d9231c6a98f0ae855be5d8b66a22b6ee532c375cf24237c18d7694d5f8066d80bcbfba23610ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\qsml[4].xml
    Filesize

    568B

    MD5

    0698bbe7062b676034f9a254c0fece46

    SHA1

    4b65e00361e6576212c21b2efcad670905cc9ee2

    SHA256

    e19097ca41e4edde86f270fdcf4dbfc40f7b10dd725627d7997f10083f5401e5

    SHA512

    7005ace567d6edd3cc6835173c8b8e6d7b97f9322d635f22b978794dcde65563a2d7e68c3b5cc4e43db4f625f924fae08a99efa0d90ffd71aa37055a8669b3b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\favicon[1].ico
    Filesize

    99KB

    MD5

    4c2b709ede318666dcdb5e94f3597227

    SHA1

    e5c414ab6d913b9e93a1e852f5e1f47c41fbd912

    SHA256

    caca9270c3bccfaa6645272295c7c53725a58b506f34d64645d94b30be6968f5

    SHA512

    e54b5c6340f2e5fdee4a864ade7d7353a3f3485c472abb8eb6471537aed0603e8149712b9ad130763f6f40236abcf69437f3d3a8b750056c0fb7fc50022c2716

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\favicon[1].ico
    Filesize

    99KB

    MD5

    4c2b709ede318666dcdb5e94f3597227

    SHA1

    e5c414ab6d913b9e93a1e852f5e1f47c41fbd912

    SHA256

    caca9270c3bccfaa6645272295c7c53725a58b506f34d64645d94b30be6968f5

    SHA512

    e54b5c6340f2e5fdee4a864ade7d7353a3f3485c472abb8eb6471537aed0603e8149712b9ad130763f6f40236abcf69437f3d3a8b750056c0fb7fc50022c2716

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\hello[1].txt
    Filesize

    42B

    MD5

    618213ab4df3e82a8fb3e9dd0a03e29b

    SHA1

    0b073585fce99c90cf102645a4140aacee8862d3

    SHA256

    ed9373a60caed4ca6188d447fc16dd6f447092b0ff4d11e75ef5678bf02c6e0f

    SHA512

    9a6bec86d014fc24c9bcdcc83dab9922dd005700cdf552a2ef189942ba84d3344dfb2742cae6383ad92658088d5553f4da8736b2654e62901777843b69c03a74

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\qsml[1].xml
    Filesize

    512B

    MD5

    bbe0484119afc4ee8081e923ba9fddfc

    SHA1

    5e9386f206c7e46239f1aa3b8d486d8525eafa38

    SHA256

    d42d24c8ef9b12bcd950ebebd3dfe8c461eb5e57b34e7bc6b594247766527b35

    SHA512

    bbe142195c65d293546729e8c2b04562812da91b65f126bdaf8026d4d4b2a6ce66d47dccefe0af7f3b891d37f8737d485aaba2cf7cc9667f5273a40c8687eaa3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\qsml[2].xml
    Filesize

    556B

    MD5

    907204105be1919fb7eadf2ed7a674ff

    SHA1

    a63925d3500d6548bff8bae2c9220e65718246ab

    SHA256

    d7888b6a260edce5fd1f3b1b062f41754d863f6e9ce648a0154308f8e5d40696

    SHA512

    5a911d1ea8d60ca4df9a19f2d0cc6956aab3ab7921eae470eb954614cb46e5e4fe1762b22c676a94bcb7d330b989361e2ce0cb852ae2ab883ac25fd0e51b85d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IULL1L\qsml[3].xml
    Filesize

    567B

    MD5

    3d8a233d1833ba28620b0c927eae075e

    SHA1

    38157ef05afc72a42c52e7376d85a1dbde24b73b

    SHA256

    2b905301b9d043ca9daa197555dcd1f4c48b985713d033967033e8ae6c2acbf9

    SHA512

    e8e4633298f598b0005d87fafc2edaaa43a0e4cb720e0e3a25850995e844500aae5cf1524eb9b2e5543fe30c4294d550fda47d9f309882642b53b38e1f458536

    Download Submit