Overview

overview

10

Static

static

7

8a15f942dc...56.apk

android-9-x86

10

8a15f942dc...56.apk

android-10-x64

10

8a15f942dc...56.apk

android-11-x64

10

FAB-blue.xml

windows7-x64

1

FAB-blue.xml

windows10-2004-x64

1

FAB2.xml

windows7-x64

1

FAB2.xml

windows10-2004-x64

1

annotation-xml.js

windows7-x64

1

annotation-xml.js

windows10-2004-x64

1

apple.xml

windows7-x64

1

apple.xml

windows10-2004-x64

5

arrow.xml

windows7-x64

1

arrow.xml

windows10-2004-x64

1

bear.xml

windows7-x64

1

bear.xml

windows10-2004-x64

1

bird.xml

windows7-x64

1

bird.xml

windows10-2004-x64

1

boom.xml

windows7-x64

1

boom.xml

windows10-2004-x64

5

callout.xml

windows7-x64

1

callout.xml

windows10-2004-x64

1

callout_11_shadow.xml

windows7-x64

1

callout_11_shadow.xml

windows10-2004-x64

1

callout_7_overlay.xml

windows7-x64

1

callout_7_overlay.xml

windows10-2004-x64

1

callout_8_overlay.xml

windows7-x64

1

callout_8_overlay.xml

windows10-2004-x64

5

callout_cloud.xml

windows7-x64

1

callout_cloud.xml

windows10-2004-x64

1

callout_de...le.xml

windows7-x64

1

callout_de...le.xml

windows10-2004-x64

1

callout_shape_2.xml

windows7-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2023 06:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boom.xml

  • Size

    589B

  • MD5

    b4ef4359b2f85a6594ce804b36b96876

  • SHA1

    62deac4f0087d7e7486a5c725ae6588407c9f258

  • SHA256

    82dafe3ff2010e88478ffc68934006b9b6dcd6efc8d58d58d8e0f38adc35811e

  • SHA512

    8ddb0dcde339faca1cf95eff030b924e242f6b071f44deec4998c91e04d28b98de20c415070fc15b88fbcc36d04da1cd76259e3d9a448de6ff3e2b976d1dc699

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\boom.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:784
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:760
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:760 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:296

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce92193e4cc07f8fe2773be28eefb954

    SHA1

    db24c8add846f13c5bf09d66cd1f4b1acf5c289b

    SHA256

    525d3249a1ab50bc0c5ceb14d1daace25bb09571443352ea40131ccd29d978e2

    SHA512

    f7543460036449f011a8a52b1485fe3d8edc89203c2fb602e655eafa3eba790fb6d3955f557c46a8eb0e4c6c161cd0d20c33eb4d50ec9ddc11f5bff6b0f9d6d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83c110878e2e4dfd6cd412eb4e2d1a00

    SHA1

    a54d5fe05beb0309675326660891e6fb06307668

    SHA256

    f5afb91da831f16b73c75eb45b976ca2e70eafd2055667db7429d681d9f023c3

    SHA512

    6126d205997f5de7349c38effa07846658bed9f1a2ff012d87be44b4f809bb2a8cb8d68a7102cea1e8eac6c3448ddc93b3182f99df9775343befe2cae9925766

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06d9efcfdbdbfb2a174688d684f6da23

    SHA1

    574200e649d1e7915e1312624e2c8c8f816c39ee

    SHA256

    097957b1daf4f0611c0b52d998d25fbdcd0a5de998f5232cf848082941e7b9ce

    SHA512

    90300f692ecb0999fe6ded1af3918f973f5a0121a0958b3a5d76f0495039e55459e21c1d2c38b705d7b3572dda7f6e9a2aec33f59adfc80630b6588d6968f5a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    130edaafe227af49dd696893249e3f52

    SHA1

    52d5ee80f7c7598a449fa678cc5b74d0c323839d

    SHA256

    0c2eae52694183da483487cfe4978f502741ec683a64f0a15638581a695069cd

    SHA512

    0d7bfbefde76ebf856cdc5e3a170e1182bba45c5fd52f0dafb78d710390a8fbf1395b76f14352c7c74ae3c8b1631788f501c4dc1f4ddba0147f53fcc31e674c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1be0508c026ade66def5a7d2f3b743f0

    SHA1

    a8f634403443c398e89e2b5bbaa509e78ff6d9af

    SHA256

    a3de7cfc54a42e7178160a688da24200a5736e412926eb8f704f2fccf63ec0cf

    SHA512

    86f02966d90d478d435bbb43a25b7dd5f9d8c6b9f56f2ac7173f9cc836768fd0118ea3e35cbe78ec93bd012c59d52f32cb0a802f5a96aca501b381dc3266e82c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9eeabb6328085f63041d51c3da3d178

    SHA1

    43f3947204b28dc8b92a4dd3d745e4e629a2886f

    SHA256

    875e6b5ce7a8e09e922537c0fdf307b7b32f9a476d389d33cb0836bc77bb4955

    SHA512

    83e0402d879f5600f4db4774d9b4c194b225e233da272fa325c594f58f76a896f76100e101bc15c15e4e93dcc8efbb011922edd1168ac1d5b02a9aae9b540aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    369ecc13e646387dde6664971056811a

    SHA1

    39809c1ba8e230e185b636bc85bbdb97d6dbdfc9

    SHA256

    fe613993019529ad467a987c17145a49dc78a7db680e7bc60badc766e3c17190

    SHA512

    aba86fa55ed358bf5729a49cdf1e2049f8d316d60c41cf4cbf4189e19552df954a11f7e109f3e0dee0760147dc82738e8cb1a6ff5c7d6c342303a179ddff1536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66ac1e567346a420972348e5537fef9e

    SHA1

    357d470adcc655489a9c7a38dd414fb74cb9d79f

    SHA256

    3eb82debe986038277ca350a99b001eae5d98129f6d96de843edb8c9cbaafaab

    SHA512

    a47e4428d766be77584b376e57f7f43e489794a89c5746c4f17160005c1191b9270b3e652db07c9f352252b66a1bc12f5f63ff8d0573c3fbcf379b2dd7f596f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    019194ec39b22fe9703879fd5a9279a9

    SHA1

    80a344b0a51ae209c0eb541c99fc227172814f44

    SHA256

    6b971d0fc05afec1f52b003d6cadd166179cc6b04a058cb1a29eda67461359a8

    SHA512

    ffddb7ace35d5bd409066565976d2febc7bcdf1461359898597041e5a5b73d3a03e1b0ae756f2b8ae358f706539e7b4afdddb84a5660a5a679253cec0db6e984

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90WC9I6\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA170.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA52C.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6D55MEUS.txt
    Filesize

    601B

    MD5

    c36240e106defe372451d883f2b8d778

    SHA1

    7c99703898cbefd4d5c12ef82e13815693d673be

    SHA256

    c024e405029327f4f85f7f3314bbea21ee363c0a27ecb781e8306b376e02f29c

    SHA512

    048d7e9154da31cd10851332b4028db6b57060c67d1bb4792836aa9b154931979062be11f5f43cbcf3a3a5ad25ab1a7808302751d6f30d83e37d681d414e5460

    Download Submit