Analysis

  • max time kernel
    100s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13/04/2023, 19:21

General

  • Target

    BlitzedGrabberV12-main/BlitzedGrabberV12/BlitzedGrabberV12.exe.xml

  • Size

    199B

  • MD5

    02bafe634a181de6af59ecfb1a9a7230

  • SHA1

    5fb944dc91a95007795d83f2037cfe42f0d959f0

  • SHA256

    6288699c8a0e00de7329c8f642bc22e6d7ed873f1decd32f05231cf69cac4470

  • SHA512

    3e4dc4ae10bf527b98608883638356a84aa9652707276981458b0d9c58f000b290f24b4fbd1794ef02484ccf5ff43d5b55ab7161f5c9f408f68f7caa0676b362

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12-main\BlitzedGrabberV12\BlitzedGrabberV12.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:688
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1392
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:524

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7a5ad311f29c56edde87a45973d24423

          SHA1

          e36a1b6743a5601af1da5beb60a73a2e76d26b25

          SHA256

          70fa592340454596813513ebe8fd65f8a9701cb3735351bcd6edcea0701d7ec5

          SHA512

          0c72c9f54752c480d7a70d899ab6829a31a62061abb515794d505d001e247f7bd640d7a915ca985ab181553c9381828c1537cdb1b6de4039a7f219ad5c785cd5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2e8dd1dee2db8209af7a1146b3b785f2

          SHA1

          574d326fb7668c3366965005322608952d713f50

          SHA256

          d73d99e555826b84450e57d06169acde4ad4428545d38734b132b9c6594313f9

          SHA512

          843327224b21b8522f7b1d6607e82c4a8cdb86fdfe857671578fcadfe9a5cebb36a2b6f1095c0a991cab23855fd87e5965c5d8a2e511dec3ea8b3169e73fe657

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2d1b527ecbdf91171ad39923cf2a7f3e

          SHA1

          c6125628c7d829a8c0dcd46365c994be1c0a485b

          SHA256

          11d0c43d4d8cd686933a9f89aae7b044c0418c2ba22ab763fab943d4ebb08c3d

          SHA512

          86f510a34b3830b2b8be6b73fbd4f373ab3169cd5db5765c148147f6a9fb83c7d82763047b60fbf6109e424b3370394221a7342c5f19d9ecaf52315a6696ab0d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          269e4cd371ccddc31edd7bc560983e8f

          SHA1

          4b974bd49bb4208554fc19c0e595ce5653fc2055

          SHA256

          0d49e45d1bce3aa89aab93cf341c7e1974142a12885a3fc3e994244b438786af

          SHA512

          61c42d57c0f67bd38efd8f829b544d2a9244dabe5eba3d5a24db210120f567b5a4eb6437849d4fca8067891edf1402b01427697a9a79b79d6e1ac6f031af668d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eb8308140d128c46313c7347c238b707

          SHA1

          2961d1130cb1e800daff6ed740b6f0e312c8790b

          SHA256

          60c09e64ed28cd9b2b584bfc84c7b9638f569e83f223f7bd88f2fa22cb6ac391

          SHA512

          1a65050eb31da48733106854b4c21eda9d8d481cde58cfdd3014a7e3ebd8ecfef60fd98e1ec5e15738a22d5bc55553b52e9d95f5ec02fcf4c99782ce556272bc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5f688de5656d46e931e7361ff989c92a

          SHA1

          180f073aeb14a89ef20a3a659f16a919f39ecbe8

          SHA256

          a389f85ccfdc2a4a8c0d7e96393511e9b2b59f2425aafa96d03b8ac3b71b08b7

          SHA512

          80216e2b0ea0308f15a36941c67651938d1c3dfe0b28c0fdd87bb7100329f40e12ccf0fd3fc92744b4082795c2862a82cab7d94004982888a650bc63022c7fe8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e562bf0546756b33d754a24fbbd3506b

          SHA1

          231172b7f5241feafd855e95afa4b7a29dde0ca9

          SHA256

          fb64091ebf4da3bf52c6c81e82fa707a2ca900da340cc0f0604735af96d3d10d

          SHA512

          0af1bb8bdc029eaefcc3911b5406738a92778c1d7b5a7757d3cffeb4ef29fe2fd099e7f8088641acfdf9b47c3c75abedd3a815def529b5febaee766d348670cc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7e6d3140ea0d8c30f78023807f573cc9

          SHA1

          a514781c23899cdd11fe85fa13dd89c07749d0fe

          SHA256

          95813117488bff6cfcb6dbe0803314698dad7d1bb272059826f032cabfdd142e

          SHA512

          545581523cbe3f1717df36ed19f21e28830f147d1ec677d7c7cbf59a1df8d5cc9628a3f864bd82d22544548bb144ca8cb987843c8dbeb9afdc8bba2559e51a76

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          393107f58e705e36b090609865b8d614

          SHA1

          8ec5702169467e605da169d404994fa0d26f9a33

          SHA256

          2a9d73a235b435e3fe0d39c34a7cbb989ae05d1bfdcca0e32bc8de4a6f69f302

          SHA512

          b889c9e5a33a95e2d98c949ea681081af2c199e942f493da9eae6751481bca7a8e9ec85b3ac2ea10179d2a15d2afa8f409c07692c5159a909ca9c8a4da605966

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab6A0D.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar6B5B.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QMZ9HGIF.txt

          Filesize

          599B

          MD5

          17562ee9a1b5fa8a823435d1e07ed4f6

          SHA1

          fc74911ba3cf9fcc0a5e97a33621f00776e0b05f

          SHA256

          4988e836f542b9f3604941a0a53f215ae441ae041f4b73752773deaad1ccf7e6

          SHA512

          a5c274fbca3ddf15f0a2ec5321dc948c08bc0af9d3386eaa9ccdc41fd10208582ba88d30153a6f2ddd219ae11ec6ee2e5b135680dd8d13639f8aee8d8044ab71