Overview

overview

1

Static

static

1

ahLOFwBX1JbG.xml

windows7-x64

1

ahLOFwBX1JbG.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    73s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2023, 22:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ahLOFwBX1JbG.xml

  • Size

    334B

  • MD5

    0d31c0ac8190a335a7504b3e9620b3e3

  • SHA1

    ee9edf4c51fd32f14ea702a07dcdcc4a2e293786

  • SHA256

    3797720ea7795c332a38b53c7b3329a4f72ff81a32d59c5b4b5b2798af1a9f19

  • SHA512

    e9d36387062f598358c88379d187ae08f8e4a95ca8968ce8725b534fabd16bca849cd1e736597e29a7884353e63dc8a6299591e917bf66a2d4d51227c42b1a96

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ahLOFwBX1JbG.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4236
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ahLOFwBX1JbG.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4652
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4652 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1408

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          4d4c41a739d238ddd5b28db912dc86e0

          SHA1

          98f90e5e1a6a74c494934ec329e6436dbb4c18fa

          SHA256

          b5217476958327aeea3a359176435e25e1c198640e0054b6020816978603e3c4

          SHA512

          a7695c8a2aec55bfa58224d5b4f35f430e85f9b49272b2d165ee69dab60156528127888236bbfa597c79d5fb1eb7f46b9aeb1bf10e099e86b9ecb7c12bfd7ac4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          9a06f26bc87c943805514e3dbee13411

          SHA1

          2ebe3f58fedf7fb861b2db67d7f7e0a47118e763

          SHA256

          8269035b8685176891a02249dbb4c576b12321e5cff9a2dbf82c4c665385f19b

          SHA512

          eb71faf1e844fa0fa27196234e3898fa95d37b230ee208e382a4e6ec243380981fe60a039f54f8b32378d8319d8c85e8295128cbe693d08daa5fe7e71c4d32e7

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verFC56.tmp
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • memory/4236-136-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-138-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-140-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-139-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-141-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-137-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-133-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-135-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4236-134-0x00007FFC0D490000-0x00007FFC0D4A0000-memory.dmp

          Filesize

          64KB

          Download