Overview

overview

4

Static

static

1

Notification.nupkg

windows7-x64

4

Notification.nupkg

windows10-2004-x64

3

Analysis

  • max time kernel
    550s
  • max time network
    407s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2023, 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Notification.nupkg

  • Size

    3KB

  • MD5

    f137dbcfaa7c1c9d0411daf59a1c4913

  • SHA1

    db75fb6951e36445412d4d44661759edc1d6df70

  • SHA256

    5c630b1c7cb87925bc37a4a56c5552149193d699e77915aabfa101fb7e2a2ac5

  • SHA512

    78e05ba6c78e21992a7da4611d674899206c2fce85fd935907202cdf033bf8974f867d0f128337a863c980bea069b3305a12340c82d4ae6b38459163701e884a

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Notification.nupkg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Notification.nupkg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
        "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Notification.nupkg"
        3⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1040
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://www.sharestion.com/
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1112
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1784
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          4⤵
            PID:1096

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5b44f471ed49fa6ec12459b9726ce31c

      SHA1

      a0a79a539f7771f91006e6df39126716dc48c4db

      SHA256

      0c00626d04ae2091ed59711fb89098812d2914b20608eba0b219765233ea34e3

      SHA512

      fe76c75f95bf9a33ed7ed7e795bcb80697629a5c7483c6b563274a74ec0e3e80e0ce24824a0c0cc37b14d7ef92982a48f363019e66ae60f9b48f1c195211426f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      55eb9dc01b02cf41f17b90518d1f78d1

      SHA1

      0f43e7ad3f0d7be7fbd459e1d4d25e454d61da64

      SHA256

      cdb799c0285f45b824454196843e5ec8323c5dbca19c28e4f99daa66a46cd7d1

      SHA512

      e0282c40b6bcd47de5699985d12db6d18808914474f0cb16c598c3812a57b19dc2b78624e6ff74a498b9139bac7bc35fc7c4ead8690a616cf8abee76bcd4e75d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d82a7a812cd138f4e7c94b03a3c9c8e6

      SHA1

      2632c000810287b76523e4aa9220acf6898d8947

      SHA256

      84615505c6d2b72a5b6fdab132dd9a77711eb211db879f452c494b2c41b3850e

      SHA512

      f7b42da2ba4b08bccc2d2ea73e4160a4065306303e03557ef959cffdd1e7408fe8fb9f1b48640f7a2b163ea5cda2bf9b730806380b4b45f4107db93c96cf455f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af6c4fcbff59dc5be210e5bdda508284

      SHA1

      9a77dc6a1682c0f399d69fb92638d9178bdf7767

      SHA256

      89b678adf4c0df010801292dcfe3fdd63da0352232c19be986e9d4dd40a18e13

      SHA512

      50355f4a61cd13eaeb828bfcfa8a871b84751a34ee83eb1be50ced01d4431bd6eabde6ac94d7fa912e614b59ebcc3152adec4250340080ef92806ddb95762b86

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5fb8c52acb755b6c5bf0ead35a694db0

      SHA1

      c7e319b3319a889cc4678f0b4af2bdeb07b53fa1

      SHA256

      b86bed2365b16ded65d0085a3e54b328deeab2f7dd20acf6ce8d54fac29ab610

      SHA512

      093a74947977d851ab8aaa5833003e409be5638d8b347c72d69365d2549ea3efb52401a37cba8691198f12a67f0cf9e6140838ab7315e18afc98aabc66dd9495

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac344f652c69c55611cfc2649ae0ea5d

      SHA1

      b4339e7e14c0dd53c1601d41c10a562a61bc9d08

      SHA256

      044e39df3b977e6567aa9db45a54ac415f87bb3ec264562ba38731a9b0b5e711

      SHA512

      02a243942cd0f522e5111ddfb844b229b18e53806a5f0185e3e98a7ea1075be9fc6471c7b0e11f33e01480d82edc52acf00af3d34b3fe3bd2798d546312da8e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b34d5c5e80385dec53d77de9a14e277

      SHA1

      e22d03d9aaa6849eec54c97ffc95ef02d961437c

      SHA256

      1129af8b5d86abaa485b5eb9c9f5d0aad4359dd161eb63ca19085a90054027a2

      SHA512

      68fed02d39620f7f4f60d69ee19e38879af0b4a60ebddb431e7558e8a23cd70a5542f0b8f8ac21a05c4ddcaf275033ad1f274dddf01da4f5c9a3bfda9c239a6a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9a7d371852048603b1cb3eeb3b898e7e

      SHA1

      c33ee44dde48dc3fbb0ff83f371cabf099eb5b8e

      SHA256

      a073f46dc2fe7e329564371cc354533ed0a0270ddcb7c2d188ff58999fe07580

      SHA512

      bf94de147701b9d75f834714270e9c44ee9c2c9b545888b38d1ca3b51274a7e134eac1898a80353d8923bb5862ddfb8e6c69f6e72e3afb7e4d103f05a36fe360

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f470e3ac4609d6c6a911013b7abb2448

      SHA1

      e52021cc6650c2766d70b2e33fb1954011bdfc2d

      SHA256

      c32af6e0e77f8563bd6b5b6c40401f7e3aa25fe001402e8f44334fdfafbed469

      SHA512

      1510278a2b045d2ec49b83e77c0710913a5d41480eff9a8771e4fd242183f6026b09bd8c43820c78cf84521d455b4281b9e914def0ea9eaaeb8a057d9e20afdd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1ec182a6c48dd345f813974ec666f20

      SHA1

      976f5d4f223a37fdb7c63478485dde9298aafb24

      SHA256

      a98a820fa151acf02255abb152f00551818bafd4b6057cae15433e522f3685a1

      SHA512

      6c6780550a3986058b34f19edcaa657e8021cd5c5d7a77840a3ebee961d01566a69999fa780a298fa25c64d025bfc430e051e1bfa77a464d79f3d199eff390ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8aeb2f6817b6e235c7497d5c1a597169

      SHA1

      c5addcb2171271dbc27cc997a5c529956fad7853

      SHA256

      13984996720d99f27b2f264dd767d33a8498a353bb69be4cdaa6b0147082eb6e

      SHA512

      58538a3da023d0a87dfef2daadab20e1bedca4c403fad630501e54120800ec4be120ea7ce543d3bb5a85a9f00db77f01a48524c8bdecf51f446315c42839923a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a141bdc88466964e12cae23a74552d4c

      SHA1

      d340cf4a3cb466528567a7236d19e2c401740cfc

      SHA256

      eca90a8af654df005cf077b3e47b2cf28f006d050c0e87f6a5f75c5842ed2b2a

      SHA512

      6590060a787f00b3dc4d76d2b8518aab2ead300e363b566d54fcfe1ac2b056257f264d19ad3ebf763a3b3c566d1c55206491d15ecd6ae77e3f77557e9c8752d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8a6e9a813f03d349d1c63375533d0f63

      SHA1

      782cce3c8587f170f9bd0059de5db364b80eb988

      SHA256

      167bdb8e64b48d52b02dcfe8456fbea0b09c0ebe05ce4e29da36920f32f09d2b

      SHA512

      d5a7afcefe4fb4ea4f196465d5df0bfdc3d148c4bc9a4b9b32c9006749929d28624b87d6ff932f7babf43a8c7df07f2a2e5a6e5d14cfd511854cabd813afe528

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      495b02f3288c723d352251ce92084b9e

      SHA1

      988779c7ff54f5aebcb9af662282a5439d1769fb

      SHA256

      7e9501f4eb2b360fc8389377e296b81b86a2465cfd55079ef4c5ac569b41833d

      SHA512

      83be9b1d97b1d46f57b005c00136ca791ca15d76e7c804fa224782939c722f288abaf079bfdb0c6132a193b0f93f5d9819540abd6ae4aadd4a85b7c286b2d72e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8b1a6c71ce31894928186f3af201b9b

      SHA1

      751411d5ff007d982fec377389e0b1125d8a02b9

      SHA256

      8cf2053bd7b85891224d6312966f3dfe83c5b527d928e4e2f737cdb2d6953478

      SHA512

      ce31fa5e26e7a5d967c24e6013b9849da02af178ddd430531c3c02c30528a08faccd35ca9d9f961b8ac7a823fea708c3c1d20860fefedb8d3944da52b7f66cfb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cfbda3462449cb238413b239e3d3ebbd

      SHA1

      8ab70541d355ef1dbe6bbe9b6f1b9ff60a80ff51

      SHA256

      300cbfa69ab99684a53d9fe3b16c6b38972e14c69689eabd77828e643ca68947

      SHA512

      47f60adca2522270f0574fd595d3dc1dcbcc331236e296c7c351d3fd4a82444dffff0f1fdb53324e68dad7ed84af54a1b756974f27a390e2140a269f616f3cc2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cd8951d31f5c2adced2542600322c21

      SHA1

      43730c24366232c3f0fb1213d31bc34a69c8046a

      SHA256

      ab80c25a627cd359ff6196bcaa4e6be2edcdb9efc2687999a961ad59da755a68

      SHA512

      ca597d966909610787ee1edbbafbad337b3bdaccccba14e17df20c464da919fb6ddfcf2dfb3f550582228b7999c75d8b3a9cae7fd5de0ccd2e8498721415b40b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07ca1a76280bc0a9b28e0197667a8f70

      SHA1

      df38a2c424c161f5d45d7653cc2a1aec00351c85

      SHA256

      ead6e7485f77b31b1912278b8f1c9775a05c9c6210026c0f65ea56fdb30039b0

      SHA512

      bb01c60899d470e3aa4be7f5363037c178cfa83623f1529296b521b23efc21cc3bb945bbe7289ac03f7fd0187e90ef6e0afccdebb2cf499447955ff7774f253a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6570.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EBWE5767.txt
      Filesize

      608B

      MD5

      2d27fd3076c3b7f82f38aded77a13f6a

      SHA1

      fc80320942e6c5569760eab867b48c2318d57df2

      SHA256

      3ff376614abea2fb846f92fd3880c34957b2116b2cf25c27e2ed855cc8684a48

      SHA512

      82d55b996a360ff95c26ad4ff9fdeb48c81a814755eaa20338d9c35d6016127cb0815d55f191c5c88afad45f0c4a208e31861e7d516845e15a1022a9d0582d62

      Download Submit

    • memory/1040-78-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download