Analysis

  • max time kernel
    146s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 10:44

General

  • Target

    World.xml

  • Size

    112KB

  • MD5

    28a1e2b477ebe7de49df597a4117c28e

  • SHA1

    a7cfdaa2e2307f443bead3b1f02e6936772020d6

  • SHA256

    cbd20c5ccc5b11718b782547bb5b818fe368168c1794b2254fed7333959757da

  • SHA512

    087622b16c9165f8007455b161df4f2e6bf1a5de787c73e3beeaee4583c5bad2b2bdb6320ff61e9b036543342045ff3bed6fc3aa1ed885ce7afa0a619967b38d

  • SSDEEP

    1536:qu4P6sZgrZzXA/hmK5ITweUbPyTOQnSwBnN1RSC4OHKtPrAnyfUZyUtDl5+jZ4uq:7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\World.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2308
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2952

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          677f1ea45d67d92c176385a26eff9623

          SHA1

          1c2266328fc0c95f53761dffacbb6d57ac74a235

          SHA256

          9dd3219ce0b2c98a925ecaac42324b9b31d00f0c396ba4a9c1ee45b103a07132

          SHA512

          370ebdb8a757421f946e7ba534c940d0ff24e1ca596b6e1745f90e38c31b58f44f5c7acd5136f790b08a3db5bce0b8ad819224e0ff04c9ac3e62794e9ef0235e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4f1ac75fe8894e6e4b34890c34b5fcde

          SHA1

          7991dfe6bc3bf4e98d576f0276a1f531720e70d8

          SHA256

          5fa6a8edb87acea417fde6e5448861e8149b5fb018456c944d7d3d5fee42d835

          SHA512

          6e3f5c057f5ec2ead7a0a59f69d66936d14a02d950ccd6b9a10a8e3719fc9e37cbcf13ac0855ca45373ecd49ebed2c5997007639068c48628af6ba747c4b6edb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8f1496ea8d597dd099415a3849ba578c

          SHA1

          daf44fc95d7030a8b0dc6894e87e6c6086342164

          SHA256

          b88d1172c9ccf60ad32011ba420250038b8207535073bdd977ea23f2c16e29e2

          SHA512

          79b8277e0cf91a76fe1650eb4339eb186e76b9c7014cf06594a521b7b83f6745ea3ddd1a5f6ff0896277173f321e9aa7666970477c2f038ab5d23d821ffb67d5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5298c96846ac99969cc9ade4f0311c70

          SHA1

          eb08e94e8f4e1c4d53bab2845738bd9ea788e4a9

          SHA256

          58c712e1241c4018a4994583a99dcba556c94db1a57abd57900e8061354f7f26

          SHA512

          9136a9ca9f32ec93c62fe760aac8108d1407ec68e138562bbe9e4b23f06424d31560d9af25eab25fc1e76fbee902eef5dbb6311ab99624dcea5e077a5fcd92e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e3100bde9646a6a6eeaeb4923821ac12

          SHA1

          6221184c68935fa3ca36dd4c8989b4423c65c62e

          SHA256

          be5c5ab5427cf93d3d00c2219ed459fe6992f12ac2323985df3ccdf738a842ad

          SHA512

          a77a6fbbe5b220da29fc41c2bc0139cd7a43884fcaa2945cd7ca8944018c8f3602668fe4f64ae24af73456f2cbb26f0964951ff7178387daf44d6351a99f9892

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0c49721252cffb08eb087a8335ff05ee

          SHA1

          113c56da2f84508015bf620ee52a8888fe227653

          SHA256

          4fc07f15fb1d3658d086b97be4c9010e85fa4b0a56c37f5b7b8dbd9f4fa87b00

          SHA512

          fb71bc22c8d94f4c00d93c0fcdaa3e6d8c3b3790a1798c3a73f6fef7e8f74110cea8c25bcae9d2a3b61b1485f166288b9c76e2829e25545fdcf6fcc4c49ea8c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          82042b2571c0e18fe6b2b94f4ea6c634

          SHA1

          9f589d5c5cdfa4f56ea02cc24028d37e82309ff5

          SHA256

          1b37eebdf35204be3df3003da6097506ba6447ffd8b5705659da97de59a15f83

          SHA512

          11b8749299c6bfee12b238478f41c07e863c857a76f859463eeb1f8ce121df3714eb8d98669279342d606ead607d22925b4a1d3b8b3bc1aa7b69b9899ed30b4f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ef57444f7a3f0403a6188564d790dd1f

          SHA1

          ae288f4bf26c4ad47464edea90cfca411f336956

          SHA256

          c2c647c31cdace54a82a365a845334e2c88aeab4168f3b64f5263fc6765cf37a

          SHA512

          581ac187f69241d044491fc4839fa62c3d33ba50cd2ff203756f79eee52cb4fb023df508d64e7aa90b129762d72cfb4dd13f373f08c58b52db8262ceb98dc663

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b0841a4a1cb0a82f76bcbe024c7f0982

          SHA1

          2565b9ef60725accf01b9efad6038e8e1d39154e

          SHA256

          4ca9d416bc5cc5b2d3c65b7bc1c834d8ee821a4e8b834a96ff8203fbc32f2df7

          SHA512

          1770e8ded28d99dfc7441aa39261cb5a8c86235a925457fba8a4e20bd141e04f36ab3f7ae2f886ed9cc2b5e3d49a949cef32ef249584bf28d8b85da7c714599e

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KX3UJNA9\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab678B.tmp

          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

        • C:\Users\Admin\AppData\Local\Temp\Tar68B9.tmp

          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JEUXKU0E.txt

          Filesize

          608B

          MD5

          a41ba3b16df3dabdc7483c4a69a24ee0

          SHA1

          0365bab07aed658416707892bed9fd5a71da8a94

          SHA256

          a7189251e17ef4ae7edf596b7b73b4782e671f6e92d4123d6eeb61cc42a21ff7

          SHA512

          cdd3cd0b3fae8d68dbc0cb7291d323c1f8eb132268fa21ba29103205c9a7941a169005b7178526efa48cf26a81fc4ac64e759a07783de6e50f32b8236ed39177