Overview

overview

7

Static

static

7

Geometry D...go.apk

android-9-x86

1

SecretSheet-hd.xml

windows7-x64

1

SecretSheet-hd.xml

windows10-2004-x64

1

SecretSheet.xml

windows7-x64

1

SecretSheet.xml

windows10-2004-x64

1

Skull_w_01.xml

windows7-x64

1

Skull_w_01.xml

windows10-2004-x64

1

Skull_w_02.xml

windows7-x64

1

Skull_w_02.xml

windows10-2004-x64

1

Skull_w_03.xml

windows7-x64

1

Skull_w_03.xml

windows10-2004-x64

1

WorldSheet-hd.xml

windows7-x64

1

WorldSheet-hd.xml

windows10-2004-x64

1

WorldSheet.xml

windows7-x64

1

WorldSheet.xml

windows10-2004-x64

1

boost_01_effect.xml

windows7-x64

1

boost_01_effect.xml

windows10-2004-x64

1

boost_02_effect.xml

windows7-x64

1

boost_02_effect.xml

windows10-2004-x64

1

boost_03_effect.xml

windows7-x64

1

boost_03_effect.xml

windows10-2004-x64

1

boost_04_effect.xml

windows7-x64

1

boost_04_effect.xml

windows10-2004-x64

1

bubbleEffect.xml

windows7-x64

1

bubbleEffect.xml

windows10-2004-x64

1

bumpEffect.xml

windows7-x64

1

bumpEffect.xml

windows10-2004-x64

1

burstEffect.xml

windows7-x64

1

burstEffect.xml

windows10-2004-x64

1

burstEffect2.xml

windows7-x64

1

burstEffect2.xml

windows10-2004-x64

1

chestOpen.xml

windows7-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-06-2023 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boost_03_effect.xml

  • Size

    2KB

  • MD5

    d122c045b6e8adcb983a09bc7a02ca71

  • SHA1

    6a38519ac6f268c9dcbcee37cbeca327c3381c85

  • SHA256

    8bfc68dead941eda0b73218e872d9fb31a8bfca9e448486771748316b545c60d

  • SHA512

    0d8bbc2583e98a17362658e3535f59ddd8b012d1a12df23c63d15d3139c8bec8a93f4312aabd17ec025c9cc150a1692c413c56b53558acc6c94207c2878d9e9b

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\boost_03_effect.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\boost_03_effect.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:988 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3528

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f555af3f1b663a55df56040069b6097b

    SHA1

    ac566b3ec3882b349616e37dcce15f1470496361

    SHA256

    e9a0504f3aaee42e85baf24a611a6c237ba0de8c974cf2cb0b9f26913e445d5a

    SHA512

    8fca6bdd6356875a5e21d988cc809e6d062c1ee3271293f837968138fc4f302c5457707c4152a62b1ab8469c01c90d4dcde80bdbc210541ef12d151ff6edf1c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f4c1be59987e6d2acfb4e5014a11e4bb

    SHA1

    aea144bbfd522820e37cb3970d4e39d529bae78a

    SHA256

    755b68e82a34f0dd17e2be04b5d1438b331e2e36013e592744073091f615defb

    SHA512

    49f3e7655a3b0efd20c8a9edb5275506eab2589bc7e280bfd2437babd0e363dc69b897828c3d1b0ad8b8d33c56cf13d5924a93cc6d0c168a537396953372a8db

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • memory/1252-133-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-134-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-135-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-136-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-137-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-138-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-139-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-140-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1252-141-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmp
    Filesize

    64KB

    Download