Overview

overview

5

Static

static

1

PO-SAC1734...ls.htm

windows7-x64

1

PO-SAC1734...ls.htm

windows10-2004-x64

5

Analysis

  • max time kernel
    121s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2023 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO-SAC1734 2023_xls.htm

  • Size

    3KB

  • MD5

    7d1fa5825ca5847b8026568517fe70bd

  • SHA1

    29acfbe976e0f9597ce59dd892deb7f53d358946

  • SHA256

    05e417ef3adc57c91e38d7bb8d4c7d6dcd9bc933073e48e4e2228c279dee9e90

  • SHA512

    27d755dab010a362b65e41e81c8f6cdc6f4aac3e2ace379a1ba9b7fcca52b9eba9a8430f78bc5b8c85d453c9a6f1de33a9aae886f6c838289afe5238612e0e0d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\PO-SAC1734 2023_xls.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:816

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    33609b63b1427c1f1e30166be30dc4f9

    SHA1

    3c46df6a5800d01ef0f736b921a8170ef7f53ce8

    SHA256

    be039051f471b504c962006e43f40d5beda52a15683a6a5d70eaa2bee5e409bd

    SHA512

    c22a28f676111c3063b2106daef60ebb9e4f6d7e2afe15fe7f656e46553b1b62eb3791d83db8bf081c624278b75997fda2f5dd975a0bf2868957eb65bb625a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9d829f99d89d0d931859b6c1aa84eba

    SHA1

    d0da563af20d3c2b8d1050bf08d0d0a1e8aedbce

    SHA256

    574ba370a2664a8d1a2f680e315fe110c8627dbf6f62b16272353b1f544b8da1

    SHA512

    25f2df646206be14ba166f52a0afcdfc44a2f5781fea97ee9e4dc2039bf88c18abeb2a718197b2218a618c2cc1eb05386359d636f401532a3ef62cd2e8184ae5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7060b72eaf6988ba8ddd31dd3e33a7ad

    SHA1

    1afd0e290b5f8fed883f57d5b007dd4ca3634553

    SHA256

    6dd22e5e54ed213f659e376075136c51002822994ed5192ecaea6a7c3cd92883

    SHA512

    866b0ed824560e6cb194fe852bd57a56f3b8dd523838cc9a13d26e6d18d595670442ecb903921a993017b1d8f424f203085fd5520620bb3eb1c895b9ef02294e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26af4e0eedc33ddcebacd03e6eb9731e

    SHA1

    3892dbb3336ddb38c155f41f31e95e75d5d49791

    SHA256

    e451fa58dbfa76eab613938e1c22dbee03bac9aaa9ec78c5c10363f570b12711

    SHA512

    74517dbef0a9e24176ee06a13b859a176a065794a369ad217058df77c7654731c58a04dd3fc4849d5bc7be77ce5e32eaae5a2338a480f5458dac6a2c69cd411e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc69e67770efc11861dcc78abb5285f5

    SHA1

    2472b24884d8f062992f7858529328d67f3c64cd

    SHA256

    e5b9ed9ece26b7b6beb8b287caea5c024926045635ac056e0986ed9428e957ad

    SHA512

    e01e86362bab1cd172d9601d602ede2b633df430ce6b2ff99c36ad81203d22f3c6d119817776b89a4654d3a0857a9677bfe43274e6d66935424104a2f9191a2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    408187a0b63de90818b25cde44e4f0fe

    SHA1

    4ce9ca111b71775c809e5006981a93666a643fd4

    SHA256

    db584f4aa1da0c5e29c3b0550081ce9b11aaca33e89d745c0dc4e8d235c63793

    SHA512

    06b46f740e1367074ac0667a916e0ab4edab416ff750943d7c493febb9d6bdc884205077131c3a544049f59b10b2597b683be2757b591e39ca484cfe23f19145

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5022c2831e6743db41a31e49fba2dd31

    SHA1

    471bdeb0079917dd70657f8e8e8fcc1e74aceff4

    SHA256

    d24d96be769c36c36e60b8eae7e10b031076d12cbc9a17c95a8d58c77a56c27d

    SHA512

    afc84e912ce4a502cde41343400009520013d749e5cc8794ae7799740a2f1ad716e3d945a96b6c0dd421201f619a31d335dba49f833b9669b03253f2af7f0c29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5f76782c05f1507f855851ffc90981e

    SHA1

    c35c74dedd43ef78ea2a74bbf31c269ad21e1b9a

    SHA256

    52084ef0d99a037f7cbd45091eaa31d4b45cc74d91ee614448dcbad811ed2446

    SHA512

    3f51523a50303daef7bc7d46a51028d9c929d234f19fa467d59ff53db49edd8ce41caab2c2585d28d54daafd6b7e7dc9e62e570097a952e49838f967e31e0adc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8469d12398fecf642beccce8972f5449

    SHA1

    81a6deb43118d40e4b90e618cea189c8fcc0a4df

    SHA256

    13e4c3782a79ea0a6562a60e6582f40c9d158860d045529557bc954f14b21c14

    SHA512

    33db2586342435b0ef432134964eb18c1340c3ead2970f33f7eea8731db5ab654cc4101b3256a568db7294af59ef9cc525effc5c72c1ac8e6a7db1dee932c9ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f18bfc7c5c00d0b9c865832f3797690

    SHA1

    28e9072eaa6ec41d96a4ae06d0e4468f7d16e558

    SHA256

    c2fd35c6a8027ccc9cb66f5ec4c340e927557b4723d8d5755fac71afcbff18ce

    SHA512

    296488e77d6c55b949331f7d44820b04bcfb047ac4168d5751b7bc582413aa17da9870eca8ca98a7f20fa59e92b8024ba1db413d7b60bb058f8e5ae6dda48be4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b70d2c39992191c7b3ac3f7329255630

    SHA1

    2e93f1eadb81796047f39bd56f80f22a01ed1b60

    SHA256

    02f71f749443978e948921ac7f0947a71c918e7e79fc2f4ed5cf59ca4537590d

    SHA512

    655229eb337f440820fad30a4cbc01e3760ffa7e0e56be0617c737f58973550615cf4fcf937f8df74a3d9daf675ad47250c01dd69cfa0134581c477df2e686a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f24f87aa28b692dfd366e52d07a05653

    SHA1

    619bf34e8614a6eb630b5fe7def64584986d4d45

    SHA256

    111a40ebecd398809df6761c21a7d156c893014e650a3fcef53b2ada73d0ed80

    SHA512

    d1acf2877ee301d40b4010df0b4c4fb3c169cdf4ed8d828da19ca13af7b9eab787a7c41dbbc140b92c59303b5aeb55bf6d6ae2f53d27ba783db93e0e055d71e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e98ceafe6961a2140610ec447496e28

    SHA1

    181c933671ef84b554fda882c19a39bc5450333f

    SHA256

    be67edd6047519d8eae3e31a45b41c808dd3933434928ffc7c54a9ac88099d5a

    SHA512

    20927359a234ee654ebca3079d975e7c6fa8ada80a6221e7d5ae6c15f49b95f2994f87d13825532b7d799d071a4448f1b9b443722795883562db1a6023a766c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DEHEN72\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab36AB.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar377B.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4TNBAMQY.txt
    Filesize

    601B

    MD5

    fc5bb68c91cbd24152aa45e77e6d2ecd

    SHA1

    b6d0e79f380d397ff52716b2abd2c1ced2c5a511

    SHA256

    577fd7e91aae46cbae2acc66df0eea191022a2a8c5e5ce2ded98e180b2d1ea4d

    SHA512

    de5bac72d959d022d2c7e48bd8c665056079921459351b64fb7566a35e0b2fda078207776cebca7b4a166be0e807bfc56ba2b61a43f40704da44f73b6efa02b7

    Download Submit