Analysis

  • max time kernel
    100s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    02/07/2023, 01:17

General

  • Target

    Kirsty/lib/Bunifu.UI.WinForms.BunifuShadowPanel.xml

  • Size

    7KB

  • MD5

    f9ba79a783640929abe7d521d0cc5ff4

  • SHA1

    5f18d4042e659bc3187b9566482f521f2d6b9b5b

  • SHA256

    929c04c3ff78815270d712833b58bfdd68fdb30823fee5b4e4addaf36ae83b86

  • SHA512

    b4a69c900a8155954a9af9ea0c7a36e50a992b7b70bb2564c4144789ec492feb2609f64262c173a5f1b8df827e7400cc2ae6571af35f7cb6c95f6bbc067c9ffa

  • SSDEEP

    96:92Of8a201jW2gt+2bPanU2uTLiobMCv3DbMWbnMqaWM46xMy+KiKQ5J:8bQgdTIuTLiobHv3Dbzbn/aWw5iKQP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Kirsty\lib\Bunifu.UI.WinForms.BunifuShadowPanel.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1036
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1532

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f7c65d64a05eadf1840beff69b65b2ef

          SHA1

          79a205117918f8ed0982299092bbc216345eb558

          SHA256

          92c4d5dbee06a506373ca6565e40e90a6b2cf087bd5f0c1bdb6a99475f381db0

          SHA512

          e7ae1deb897ee91361eea2f85771c40a15897dd03516ac4c7cb3296e3e2687581f60269180adbec6b4bb2952496eba568953574d444609e6b3a3c85f5aa65910

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3bf637b3c252c18bea4aceba241efa3e

          SHA1

          7827c2dcae78c207ca6543f24530e55d2ce785f8

          SHA256

          813a7701b0138a69c95ae4d6f3940d5fa5ae6162744ecefa16412a1dacd29678

          SHA512

          d8a02bb58640b0d263cbec27d4765414d3fd6a23f637258322c7b265386a1087728a2c2eda595b1a2d18ff707f55bac8fa4107c709c36ed79a917e64e52fefde

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          bf3fcf057acf5f65ca208073f44590ee

          SHA1

          e27566f5c0ff4038ec672a0d7cdd44dd2a286b5a

          SHA256

          1de4306b89c602c921dacbcc35871e214eb227ed3262f71085736c515f79793b

          SHA512

          b47c75c117a1d82f467e884547b142fd93b5f7383587de9989f32ecd696ac783a53ac650532911dcfd6e5fe129b4b6dc95ee104be8652683230d8d57f74e4a26

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d094d5363c127ffd4a3703abfa674fb7

          SHA1

          1f37de4920f719362c11be7ea72cc16df2643c4f

          SHA256

          7196587fd1978498c29455d29d681a1b87e7aa548d83988804fc0f074b799aad

          SHA512

          d153654fb78cc42cd75f273e847ab7c5aa9198aff4415663675c9cc2e6ad940eb1fa355161f16c661464b69ae18d4a563d339b034bb51ea1c274e740305e771a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3fe78dc801630d5ff57055a1beccbb7b

          SHA1

          3cde7f110ea842a97e089e95c9d8ed3272098e03

          SHA256

          e85f485ace1c33a879313bb504303eb02d5d7bf3f4d62c522b94cade43bac13e

          SHA512

          15aae7e2022145f50dc0f927fb0777425635bee256a967a5f71303bed10ccafc4bbdc6465ed676a6300d930c807b38899ae013c246ea2448077f00291e81b81f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a535020aff2d937466a5d13bba847389

          SHA1

          6d2e5c3a7629eaa7cce71e45444232a7c0611382

          SHA256

          605eb5f36eb40bf5c9edd236ea1971e022634188fb630c65f8fe7d134a36935b

          SHA512

          078e7457412bf4fd6d2ba14cc551362c0397c2e1418715de47fa7802a37faf6e351f143cddd044bd38cac2aff674c6dbba162bdd29f40d022393bad1a0f77f91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          404bc2b5c4814aa72e9fd62799af7cfd

          SHA1

          15eb8118380cf6008636f18a6ade1f81780bf0ad

          SHA256

          8e69f3d25dd3bff04a6faa0d05db364b79a09af077418fd981d050aec786072e

          SHA512

          61992aad9939d3aa33e8c9957b0b30e4c180bdf789539792c9eb9e6638bc4c961777d091a69991485b1240672108c7d8964d76c6bcc6d19f48ebf38db8d37437

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          87e9194dc16697b92cd9dd8997b72615

          SHA1

          fed2880a2ee153630de676823986acd9fbd180b4

          SHA256

          53606ec63c4489ce5eebf0e231a60aacc5135c5d3bc50ca002d19b0730569269

          SHA512

          65920498eb707659ef7e23a0dd208ed0977d922df505d0af9f46b8cb9d8cb8001a3e1a3c16b1d34d025b4c7920bab2362124cd10221c9d14d3088fb94c0b60cd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          29b76888bb725ba7f53b013cb4fd4cec

          SHA1

          630b774899c681eb4472608d89b0938ae51bd6d0

          SHA256

          1a1c3681f92add6c7955aaa0d55c41156a8a11434557de33ee016afbc7899878

          SHA512

          3dd36daff2912202922d3bb7161a94b21193a72cfd4f9ed9c6b707d9c860b4a788fc063220951d62d11034b9913aea1a50d9fd9b9e9b52ccb23ea57b5e57ae98

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLULAID0\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab45AA.tmp

          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

        • C:\Users\Admin\AppData\Local\Temp\Tar46A8.tmp

          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2SOOY3NC.txt

          Filesize

          606B

          MD5

          378329ae10f7c9c491dca77bef92e11a

          SHA1

          16f4e9a84bef45e0cd9b597446ac443b73a65ad5

          SHA256

          759d69a17d56529c9dc6af9786e146cc89c2de50cdf52c93036ddaed3e274866

          SHA512

          cc8a474049ffd9a2d600cceab7ac12d62ffcb113cda58b59528dc338697433636680a816fac0e4492344f0f33ec3e9bfb4b97eeef81ce033bb3d93cfc98ae171