Analysis

  • max time kernel
    100s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2023 21:40

General

  • Target

    NVidiaProfileInspectorDmW/Reference.xml

  • Size

    166KB

  • MD5

    d63ec5bf4759f760c4ea43ac1bfb8f93

  • SHA1

    2479ab329f3dfefb046bfcc1166d4e4d69124c6d

  • SHA256

    fdfa31e835d90aac3d78ec9c2190df61ea72a09260d6e9557f3d1bc3df96311a

  • SHA512

    88aa11783b739620ad515b98ffd63cd56287566a4403aeeb0bccc297d7789e94ed022f5cbd5695a1474a7b0fc9e3102724d8885b10b5e113bc0ee099123be9fc

  • SSDEEP

    768:wZvY3nj9hqj92ne4P3MQDUrKy0OpGFGkotz/he2wzQz0PieH:wZvYTO8e4UOUBVpGQkMhe2xz06S

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\NVidiaProfileInspectorDmW\Reference.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:980
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:816
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c702acb1ceb02b17510a5d06e04c235

    SHA1

    a8a69548b4c96eb1b9231707ada38817e07bf089

    SHA256

    4c89a0e6d6855ee1246ae4278c4a11d9ec14b660de1eb7d87c8af387e5431e42

    SHA512

    4ed7ccb1bb3e46684fd0d5b4e59ae6cfde6f8d16020d547d0fa3b94fceead50ff4f70511e3cc8b1b14957f09391545750635e7ecb907b03cc5d629ffcdfdf2e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9363f1b8172a31461015661b10f9ef8

    SHA1

    1a0effc13073cd8277516004d89150b1dfce9f0e

    SHA256

    b4ba72dc24ee00ff12db2e2dc9cabee3c94f76942bc3c24ca3af8086e4227ec2

    SHA512

    f71a87dc8240a3fc56ca423eeec601fd42aabfd1536af95bab65c6a5dd4332410cffefecde860632d20c51188e5a852b6c4837172d8e9933f42ba8b4a04c575a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa17bb8104aa67d957a84a659831b130

    SHA1

    8c06f55df22ae39af9f70fed4b4f89c20269be84

    SHA256

    f2605e3b892adffea38d759d5db78ea1e24c238465345400364f4b1f05135ae8

    SHA512

    9970bbdbf874ffd818eafcd1c5d641c3c5a490bb9e9ea4113222c365db91fedeeff978b34438c46d1fd86587bc90c2fcb9f73640bd81b6a14be201a69f92eca9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c111dccabea81fd9b0e1f9a4c10bac84

    SHA1

    aab296ede5dbe1cab4f9c41dc5790f5756a81e4b

    SHA256

    219d4b7fcd6f51b0d61efd8e5869cefede801fa8f8720cbc0fa1fbb93c90f4c2

    SHA512

    d7748df9390de30085bc377e691f9cf8015febe628f865c009745eabbb871641ec3201ba8225d44ec5b6373f83f3e3a209421451af128bd5cd2f596feac0c0df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d0a4ba896e0510525eaea6e0fd030edd

    SHA1

    d808c3cc4a84c31ec13affbea8a9a8a453791eba

    SHA256

    e6947252d1ca75ccf940aab1c9a4d120501d912e2066ae938dc80769420eb149

    SHA512

    f87b36b25a7cd6158980e4e128b7c8e7e3bfd0288ea404cb947107086e705174879b51c63939dff7364eea2199570a405dcebc6e9f39c634b7646f5d58746d30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b69c665cad483849e4f60cf08806d72

    SHA1

    b786a04394d5c281355e05e302cd679798d4c369

    SHA256

    0a23c414c5d33b8c3211238ba6da669203b6ce20214e5bf86c5df96511a835a3

    SHA512

    fed39e8c1f3ef2711ae1ea882c56a0451a47775d4634c2bd9ac364daa175ee0351eb376e2c92f449ce36d0f4a1383c869296a4c97f0b1262b0bc086ac1d7f2fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6491868c0f0b734382ac88ee45982e3d

    SHA1

    5c0fddad52d551c0fe96fb368b5726e5d350b3a7

    SHA256

    2a347de93759ec82153615ac1680b9f1bb75ef3a5dad3d0861b899b0e43a274d

    SHA512

    8876c951c1e18cf95839a3554df9b942438b978791a8a7459a08d9667dcb6af40b5dbcdb50f809449c364a5eacb281e996708021d88d575735ce51fb3aa4672a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0063e7619881c09feec648083bf634d4

    SHA1

    f52faca743e3110d0d7d5c8e770a6fb3b32d4a2b

    SHA256

    a55e77ad30eba81305ff2ddce7da320b972d7897be07dcc2bf2ed349d72678cb

    SHA512

    f084952fff0e6943c3e6e0a1b2223b62f3d4d8d7a7a529ce97282012eb0420e3bf02299375b21a535e946888468d6feb044ed06e4199aa9379d09948d61d1925

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d78ad88a05e486f24ff8f39447d5b21c

    SHA1

    a9f945ab9f3050b66d7adee3eddf486554423027

    SHA256

    4866520d0422b770189a8a8617b07b9c0b87051d141d4e8c9d3af54a0f51dfb2

    SHA512

    4831fd5eaf201062e4bf0a4ddb3a850eef6d1a1b58f080a5b0235aa74b240518bea72b92bc918ca88d78019ba6530245e48185c8253594b75f845aeff2216c76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9ca7ba42b631dbde1fe33000cefec71

    SHA1

    cff69863882f4eb33f795499bab54dc2567954df

    SHA256

    cbc09e35ad8c0b226c184af2ab03f16c4134c43b4b23cf862f2c49cf22a411bc

    SHA512

    f871dadd079344640ff909754d09fea6c9fa8915fe7a3360c9973191fe80885a2d99132e0b22476c740da2c38979cde73bd92e9420c37425daa6a39196adaf1a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTB503AZ\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab4D3A.tmp

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\Local\Temp\Tar4EC7.tmp

    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\445AGSKH.txt

    Filesize

    606B

    MD5

    c6fecc7e08506c99ddd50be2710cc430

    SHA1

    b5b193628f875eec000cd6c4546a6a79a536dbac

    SHA256

    e2b20bfc5661d966a30ba5d3dbf254607bf638b6fdb23f6b510062c1b22dedf7

    SHA512

    dc5a70e4e102156e1800e90728f4c7bca53c0a5b2d32fb400081b62fb5824c61a90f5f21bfa34c308802ebfc28e397df2f274ee65cdd84e55453a637d324d32e