Resubmissions

06-07-2023 13:22

230706-ql86rabe24 10

23-05-2023 17:55

230523-whe2dshc81 10

Analysis

  • max time kernel
    133s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2023 13:22

General

  • Target

    shape_24.xml

  • Size

    2KB

  • MD5

    37690f00271a0ff1a0fbca284d53a6e3

  • SHA1

    b81ff382620c4b4c8fbaa4dfd0f2c80d54f2ece8

  • SHA256

    2353646e97606fdc63fe94f6ed28cea42e911bfc5a57777cf48268fecf5389f4

  • SHA512

    a9a37ae837896d80f0c0a00fb94bcacb7be599790054b7a2e9ed833de1c8d4774d8593816420169257868ce4f8bfff11b567d6f12319de2c01876b550002be9d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_24.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3036
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    676f614a99ae5edcca8322b4f9b9e1ff

    SHA1

    767f9ed52994d96e9a2ba015be60196be7d1c863

    SHA256

    01510292a3e208f3649123eb438be2e7ba91bf7140a61d902f79cf7787c5eee3

    SHA512

    1fca4f02a702e0e0ac88fd8608bb17ec51def56d39195c989e474b409e55e786aa7fd3f13e8a31a703dde60a1d55e583bea72beb84480e82f4a62e38e47dbca1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99a56cee7887b5e9af18eb6252f174e7

    SHA1

    62675511d255c9e1546771a75c72f757a172fb9b

    SHA256

    ccd46596bd8093d889650387307a17d2e570c50a9d01ddcc081d1e8ab00bc386

    SHA512

    df11f38d95dc771308f6bddc594e29f23067b88e1e6366473bb5acbb15a0892b7e7ac457709de01d36e9011ec422552d063a427bf80416462d5ec068abcd4da7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e48e6b69c8daa4c05aa0d110e2b09a3

    SHA1

    d253328a1863e17a5ed5901a4e87509045a6d225

    SHA256

    e3920d0c5ab58cfc77365dfeb2501f25c800ac98f21beb7892c91d491c8ad2fa

    SHA512

    3d9fd5e80490b33e333b30dd98e317fd7b42ee45c1c345675e21013bd2f06c56e1957d7569a8d32ea3c0ea3414512f35755b835093c905afc80274ea1866d894

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3ae4c0c27dc4ca7ac6987bb727b41c32

    SHA1

    73d20ca40161af7179e79d00ed48820fe5f34d8e

    SHA256

    8332fee7768c003279117fc5eb6e7ab9142931d6fb296f3d05398efd625c8d43

    SHA512

    2e119611894789f32e91e241edf5852b60243ef336684c310130d331fdd7c40b16a2e4490a5fbe97d64d45f9611b1587120e6a35a803f4a87bc810a8c46f0fd9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b95111b8838e2d454d927cb222b5be32

    SHA1

    1e1f8b68222f3db3330938e165a8a07d38eeadb3

    SHA256

    8d98ed71d7457d6f002a37efb138cb846b954642b4712ee1527fa92c8b3315da

    SHA512

    bbea8bbfff88d86a9be2e7491d9a9ee25e6a3a9360bd59ff2e2e94b189b00c9c2bd1e723ef004da38a83895b2d41181d1f7269e81293971ed3cba65614ec2b64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d3cc3bc829a9a92223a7472576ed9f83

    SHA1

    5528d320f0c89bfd0c4a54cd261172a5a8e4fdcb

    SHA256

    63cf65e0f015007e8c50509ef8a8799b6bb1602a2141edc5fa05a37d321b8808

    SHA512

    8e8afe34e16e9254ae110160a8279cf75f26ab2e904cd8376cd70fc9215125c8895b7c88716ba1e14d9d32d7f8502a3f45c42e1c9a14fa9e9e54609562d12ca7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab590B.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar598E.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\90DC8EY3.txt

    Filesize

    601B

    MD5

    a174070a94f6b309aecc6007e9811b47

    SHA1

    602f0a43f48a524026974839bafcaee1f70e8c3b

    SHA256

    d063b9e24afd87f0e70b98a2ff68044561b166a3ae4ce8424e479e18a364cddf

    SHA512

    5ba6f173ccebbe1c7f2a37e965d83ede8383b5303e0cd1bd80abf243f13919a01d6bd60d8b0b2b180f4aee99382ab36c0a5d894121ec301ca08eef35f324a4f0