Overview

overview

3

Static

static

3

About/AppXRuntime.xml

windows7-x64

1

About/AppXRuntime.xml

windows10-2004-x64

1

About/Audi...gs.xml

windows7-x64

1

About/Audi...gs.xml

windows10-2004-x64

1

About/Even...ng.xml

windows7-x64

1

About/Even...ng.xml

windows10-2004-x64

1

About/Exte...ot.xml

windows7-x64

1

About/Exte...ot.xml

windows10-2004-x64

1

About/FileSys.xml

windows7-x64

1

About/FileSys.xml

windows10-2004-x64

1

About/SkyDrive.xml

windows7-x64

1

About/SkyDrive.xml

windows10-2004-x64

1

About/WinCal.xml

windows7-x64

1

About/WinCal.xml

windows10-2004-x64

1

About/Work...in.xml

windows7-x64

1

About/Work...in.xml

windows10-2004-x64

1

About/en-U...ce.xml

windows7-x64

1

About/en-U...ce.xml

windows10-2004-x64

1

About/en-U...ms.xml

windows7-x64

1

About/en-U...ms.xml

windows10-2004-x64

1

About/en-U...at.xml

windows7-x64

1

About/en-U...at.xml

windows10-2004-x64

1

About/en-U...me.xml

windows7-x64

1

About/en-U...me.xml

windows10-2004-x64

1

About/en-U...er.xml

windows7-x64

1

About/en-U...er.xml

windows10-2004-x64

1

About/en-U...er.xml

windows7-x64

1

About/en-U...er.xml

windows10-2004-x64

1

About/en-U...gs.xml

windows7-x64

1

About/en-U...gs.xml

windows10-2004-x64

1

About/en-U...ay.xml

windows7-x64

1

About/en-U...ay.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2023, 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    About/en-US/AppXRuntime.xml

  • Size

    4KB

  • MD5

    bf19db2e91edefe517515ba23b30103e

  • SHA1

    324d98b315d7f8e096d8d61505610706d0c73856

  • SHA256

    42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec

  • SHA512

    9c193cd9597f90913643cdd2079e36930e60b6ab539d96ba0d5da7ea2b5dde0b78d7451d0a4ac37cbbb8a90c548285fbf640099eda949665e186586d893adb14

  • SSDEEP

    96:jJpm5IJUVaBfgHt6kNEmB+kClbNpbj03V:Xc3AIHF20F

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\About\en-US\AppXRuntime.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1144
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1308
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    989bc854dad4efa2b10a45d64663e22b

    SHA1

    7dd53c9eec0098b25196a94565bdadbdd54617a9

    SHA256

    d6ba8682dd71ee2fefc512a2b95afd640775b69170de3a08a0984eed5942a9b6

    SHA512

    cc5824e61558b6dfef02e59983876b3ae8fda376bc585a4d47c3124321d98fa0957691da2111c308b497147add3aaea38b47cfe4af4e06842d2f898a1e7419b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24ae1eb0598a468bf6d50491edbf79de

    SHA1

    2fad525482b100576f4b11a2fe9cd20254e55feb

    SHA256

    ea09d8a5d775441dec9483cc9aebf772168cb6a40c6767a9bda15f4b7f7f2b6c

    SHA512

    f134fd33d8ee03cc628509d2cdad9dae6dfa83348fc345be3a879536da86e937d93c3589a0f729b994ceeaae8c1a31446cde2ee25f0b3e5457fd73dedcddda04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91527fd9ffe756108484dcd6d1714613

    SHA1

    ee9ac32730c734e747dd0d7ebfcc0c8c35cb810d

    SHA256

    deece4b09b479daed278a9c7d84a9e08d683ec210b3e68129a647c7500a89e4b

    SHA512

    a0146b6d97d75532b6efd892bf7510a5b1f867459dc61a1201a430d2b3177a93c85b27d51250ef82e059c113aaf9d489926f66efcc42a938edf59008dcf223ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0af990de62d17bee0c829437a5e0412a

    SHA1

    6f773490e7923596cbbaacefab1a6c48dae2bdb1

    SHA256

    6b93b0a69d328dfd12d8510ea455f27798afd51ffd1cbce253f8b4b8d3db6705

    SHA512

    ab9e7310420b74eacf658895b187aa4bf1dda7095227ccd577163fe5d857938aa1579d8ff206edb0fc7c4e6962ff2152dc9f26895dcdf3ed8382a9d65f9e560a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e2b6623fd5306c8150ca5c0c533cd74

    SHA1

    6d153018e11fa0401c3aaed7268d133a0bfe3a0a

    SHA256

    d83b4381af80f02673423e79d8e7e06c921eeb2ca1a7df0dca2c07f00a96550b

    SHA512

    ad0041a8c66a92d2550a31cd7c5691654be7f3d4cab201015dc4064602144638c7a730a15edc8497f9b7c2a96f0a9c662bd6671c029f9a9f029b99a496a4aae3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    736a9671b5ad8625c933ec45ac9f802a

    SHA1

    eae65b103ee565933ed74045bbadb652b914369e

    SHA256

    7672f312e151bf32f6ad3b712fe467385805cbb2071f569f092b8bf3ed7607a3

    SHA512

    7d6d6c1ed4290bc51a02c5d1072467dfc3a60350c7afb7b71886045ff7b2e311b1468d6897ca6becee911a7285a08ebb91b9fbc1d61b949bc5b511b6a117e5e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4cc356daaa846546a2f5e2e967fa46e

    SHA1

    09bce31d17bd81a5449c2414cedaba3578846505

    SHA256

    d24c5badf36919a1822af0f9c5a3a2face7fe7ee00fcfc55e329bd61a8ccc4e0

    SHA512

    d3c1f75d50bdaaec8d04a714f096046fde826616d3d786d2c68c7a9d2ae11cc9a59ecea1b1f97f63da88f8811bb2be5fb75db8670c685d3bdd57804034fc732d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b560b1387c0ce0353a42420048bd4654

    SHA1

    271caa324d2b20e0f4374767973c225407ef7e7e

    SHA256

    242a00703b2e016c018f0e1a2fe0797c87520e0dddc8d9d01c166bea0964a85a

    SHA512

    2407eb41f74cb5c2849648b0dafef1292fd2b23f0e4d3afd5ea162b28319c52fde4944caee672fbe46c1b2e6b76f15303d16793430fd6cee1728d337ce719089

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLULAID0\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab168F.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar174F.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YW0GL3ZX.txt
    Filesize

    606B

    MD5

    7221e6a38401536cf9b159fe72364b32

    SHA1

    ffcf46f1100ea8a7fad852a1b1e90eed7d184de0

    SHA256

    995051c6b1c0d5886688c4687e6dac2a4644307aa7b06debf4f79cf1765f94c0

    SHA512

    1771af78dc59211012376db48a0037a0fee752b61bee75a0e4608203573bc4e07a56da31ff095d7eae9fb3b09294b921dff76c3c6bdaa0c69e55c1dd7ccf74ec

    Download Submit