Overview

overview

10

Static

static

10

MDE_File_S...fe.zip

windows10-1703-x64

1

Full_Compl...up.zip

windows10-1703-x64

1

Setup.exe

windows10-1703-x64

10

resource/L...04.dat

windows10-1703-x64

3

resource/L...05.dat

windows10-1703-x64

3

resource/L...06.dat

windows10-1703-x64

3

resource/L...07.dat

windows10-1703-x64

3

resource/L...09.dat

windows10-1703-x64

3

resource/L...0A.dat

windows10-1703-x64

3

resource/L...0B.dat

windows10-1703-x64

3

resource/L...0C.dat

windows10-1703-x64

3

resource/L...0E.dat

windows10-1703-x64

3

resource/L...10.dat

windows10-1703-x64

3

resource/L...11.dat

windows10-1703-x64

3

resource/L...12.dat

windows10-1703-x64

3

resource/L...13.dat

windows10-1703-x64

3

resource/L...14.dat

windows10-1703-x64

3

resource/L...19.dat

windows10-1703-x64

3

resource/L...1A.dat

windows10-1703-x64

3

resource/L...1D.dat

windows10-1703-x64

3

resource/L...1E.dat

windows10-1703-x64

3

resource/L...1F.dat

windows10-1703-x64

3

resource/L...24.dat

windows10-1703-x64

3

resource/L...2A.dat

windows10-1703-x64

3

resource/L...04.dat

windows10-1703-x64

3

resource/L...16.dat

windows10-1703-x64

3

resource/L...04.dat

windows10-1703-x64

3

resource/R...er.xml

windows10-1703-x64

1

resource/R...nd.xml

windows10-1703-x64

1

resource/R...al.xml

windows10-1703-x64

1

resource/R...ly.xml

windows10-1703-x64

1

resource/R...ae.xml

windows10-1703-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    160s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-06-2023 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resource/RedistList/Columm/bangJarfuls/bicronLoopier.xml

  • Size

    104KB

  • MD5

    5859c07707394fa84b5ccc947b971b43

  • SHA1

    c1580c89592bb3929113e8030347fc8a93505b8d

  • SHA256

    8b051b7ef0c25185d4a0d5df1b5524320dc21453d67a9de2664686f24ef556f6

  • SHA512

    0142e0f7ec43e867ddcf8f8161d24257f0577b42901e2b0bd445344fac6edf8d76fef7af380544d36dc7654724f96e28063c17aa33be0e46c95d9b9ce352cf49

  • SSDEEP

    3072:O/fgqtrWvjdt98GD/TidGOYnAstT98eAkVM59Npbayi6:Fci5tBDrrnAA98biM5RbG6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\resource\RedistList\Columm\bangJarfuls\bicronLoopier.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\resource\RedistList\Columm\bangJarfuls\bicronLoopier.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3988 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4280

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f12c265a76a9e5a0279bad4724c67e62

    SHA1

    f64ca14b1fd0aca976ea923ba9550e0c05adab86

    SHA256

    d6f55023574bd134d2bdf74dd2bae0f0235a52bb302c7b290977dc05e13a2012

    SHA512

    240c711b1b1439e3e3a141af2a609c0bdaafd4f212b7905d451e735bb518988416b7fd3065c6599559371312079ce8a896779a88e97a72716e9228b755bee5bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    1e767373ba62219a79ab018ec3c02dae

    SHA1

    4037ece6699f1ce3522051b637625c36e0af62c4

    SHA256

    c7a0eb3a0fda45fa0a9c531e4e3ea1aa5cc2697bbf23318ce87d6a6c1c596ffc

    SHA512

    5fd4c115457290a61432080ebcc2ec38ed479a9bdef573bf47c8cedab3bb15705421019d890818153f1170397f6cffec75b445cbbeda5ea1c7ed9627afcf267c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B1FTPK9F\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\07I52POE.cookie
    Filesize

    610B

    MD5

    9614b77b181fc3e0bbe913cd5fca863d

    SHA1

    967f18b7f626972c4e064d1a1200066144824588

    SHA256

    d994e9dd6ee2f72d8892702f1dd260395af54a71a1a8ab80e17d923134ecd1ff

    SHA512

    7bdd59fe95c2049824073c6f737a9ca1841feb35e2ad1b4d7c883da1f88adfc77954dced0c87cc6e716d1e815f41965ac0fab3aeef28ec71806c113d91bd5d51

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Q8XL8TQ7.cookie
    Filesize

    610B

    MD5

    178a81b5035fe97c4a527e4fe3916d63

    SHA1

    52a67665f06cd43689aad95f7a6e0a1e8ab2f937

    SHA256

    b2346914d2caa8d7ae75c558ff4989858c4bdb820c6c2e1dba730f010f4d6897

    SHA512

    f45993ec396df75e9902b88505a35388d851a039215dfd8fb8efa6857ca4ef0f0cf63f986bd8237f3dcf0e4e5e4595eb482bd6bad53ac221d1c4af212f34abef

    Download Submit
  • memory/4104-122-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-125-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-126-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-124-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-123-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-119-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-121-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4104-120-0x00007FF93D5F0000-0x00007FF93D600000-memory.dmp
    Filesize

    64KB

    Download