Analysis

  • max time kernel
    146s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 10:44

General

  • Target

    LiveCharts.xml

  • Size

    215KB

  • MD5

    5be563dcd4b0f60d71384cb31d44aae7

  • SHA1

    df3c88103204b8ab85aca2dc7b99f602aee25e02

  • SHA256

    ce3283e4afd74377d313f9c1d247afe8164e626c95f710f928734da6cfab9311

  • SHA512

    af651258acfb4ae3be78b19c54a39d2c84dfb682b9f897c19cf912eaa35602abe6cbee228cb6d9492052fe71b04d53d3dc34988ff7b55277f4e97b8ece785e3e

  • SSDEEP

    1536:mcbn1+gpUi4nQ/iXT/rinSDhnUJ0JUPrejY++Di5wqAzJMO:mcbn1dUi4nQ/iXTDqSDhtY++Di5Q

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\LiveCharts.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1912
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2920

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c50ac6326e74f033089791da853b0539

          SHA1

          6923c4d18f91afa88de4237c9047879f2030736a

          SHA256

          3a3c0be89d745be20bbea3bb5ee01021836f1a1d0b60e46f9a8bd5546f4128ed

          SHA512

          071795b87acfd91ad9803b72aba5d77dd34e6bf84422bf16121890ce5268fdaa5ebfc11fc29d7bfd49b5f5822e42451a326d48b7084066f45723599a3b29ddcb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          95b466667415c00dd82d86090b373a29

          SHA1

          afae7bd96569bce16f3f3fa2fb986b1abbeafd38

          SHA256

          a8112a68768b57ad59fb9aae5d22f4ca8f9df7776d26478993f3ef5ba4c1c16d

          SHA512

          72eea9e8a5f0d8ebb5c4addf792de4b904e2ab7ebb7b988ef97c96d2f877fcaac2aab46d8136270cc17489be27507e16d2506d489c0f833eb49402b0ff7147c1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          da1f6ae0b0629cfc21ce0dc00fef53f6

          SHA1

          548efb6d1b76c3f22731f8c959662a28a2f80ce2

          SHA256

          25e4a81829fe775107d4225ce7070de97cb4f1e6d2b5a95c65b3e8632887da3b

          SHA512

          554f4b9557b562e8f9a9cc7e1c6243242344f506f04f05da513af8eb3ad4636357ad2c67f22ef32aed07d43fe2a8ab869bc96a74db8dc4ca256dedba7fef1d1e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fd09809083de6d39265e0d52d90025f5

          SHA1

          dca301129d50fba8f203189a8a92adba8c74b7d9

          SHA256

          6fcd5cab783ec66102f58ef84eee20ba87be8bca831fe35d775c5a58cf5862b8

          SHA512

          834db9342922560f1ca58f1a11e84bb95cff5eaa633151359a1c5a94a4c171d470bcd28273e04d4111aab267fd9ff7b29794704b3332c193cfed802726211502

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2bfa927f3efc2ec6622371733b8381e1

          SHA1

          e5c07d68a685f833b07910d4d186b1064651a310

          SHA256

          c4d881a695e35fb186c7a09b677d1ee3551e3c177da4c9bc79ad948e0ac1250a

          SHA512

          d2331543f053243101b443da03e94ca859c38ba654a67920e6d0c9512932984c3beb179ee3094add329c151d667f0a4bdc564bc397cf3c74f92b538459c1146e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3a2ee03a60ead9bf23dead4484d399d7

          SHA1

          5190263e1b444f11bdf4ae5b033f9bce7c5917d0

          SHA256

          ba8094e30a1058e820048d261d78b5970e009b3cd2c165872c1cd1d57c62e381

          SHA512

          8afd51c19124661ed9fb4e1854affe2fab2380dc4fa99154b401707b90ee210b2dc63dab07eba3d3dc94d04daa301c867663e87bfc2f6e82e870d6f4a8eaa67a

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2025E2R\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab64DE.tmp

          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

        • C:\Users\Admin\AppData\Local\Temp\Tar656E.tmp

          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SO5BGTRV.txt

          Filesize

          606B

          MD5

          13dacfcb8e9cd8fbea7a902b504f9153

          SHA1

          8fee4d91002893eda83f55dc139d3ceed3ec0826

          SHA256

          26cea27c7eefd885bcf397a5c4f6ff062db30f61f0b17f545ede048d3cb5d137

          SHA512

          4617b415d861c042655c15e107b202d43397c4fa2e77964407a214f2cd255b0c2ac630ad74bc026456140fc4db38396b49dfe61228c37e3615a5240bf5331373