Resubmissions

06/07/2023, 18:35

230706-w8fqlsdg43 7

06/07/2023, 18:32

230706-w6mfdadg35 7

06/07/2023, 18:27

230706-w34kgsdg32 7

05/07/2023, 09:21

230705-lbqjfabd66 7

05/07/2023, 08:59

230705-kxxdfach7v 7

05/07/2023, 08:41

230705-klwmrscg9y 7

05/07/2023, 07:15

230705-h3aqhscf6z 7

05/07/2023, 07:13

230705-h2e9lsba95 7

05/07/2023, 06:50

230705-hl6fvscf2t 7

Analysis

  • max time kernel
    102s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230705-en
  • resource tags

    arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 18:32

General

  • Target

    ic_content_sticker_location_emerald.xml

  • Size

    1KB

  • MD5

    aadfe32db3ccc31c96197f0591e0fa18

  • SHA1

    59ce2e9a22fff2e9a1b68578c429f5d710463d0e

  • SHA256

    71d43fecf9f2ef6e37022c8446194d74f11b7c05816ce321f6a84279c870b4fc

  • SHA512

    914f19b03527d440752bc284fa46af19ae7cf9f4d2c11cb7bb2753fd50526181e6ca5abed68c695236227b5d8e39db1b5f9359c2d0470a4eaa147c244cc91ddd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_emerald.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2084

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cf713d77731d87d76a3e0344e191471c

    SHA1

    68d350ee0972b846c97db38e66af36befeded13b

    SHA256

    8dc09798f721835c636c255f60dea9c55b512fdf7a463d4356d7d98698260cd2

    SHA512

    1bf5b25202453bf25860140ccb185d92efe5fc437051ed836987d51291797bb6fee936302e105521f08bffa270dbcd705bb32dffd07dcfbb0330bb298851bb0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cfdfa2f64806de45b9b9f0b902fe72a3

    SHA1

    2887f112c241c2f82764683d0f852a6085a66268

    SHA256

    5754e1c76b248ae0de9c6f41f8bcfb5697e982865946a10a4daaf29c0a6db00f

    SHA512

    0eaee8db7b870f77aa4daea4e231bda04668784d548b91ed50cccbf60aead3e3ebcbcb7bb99b537832ff950778fcda3ae64ca202b05a5b6a20ac955f343cb5c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37264a0550dd609e5416e4be8debda26

    SHA1

    857c11a5944f331aea67bed037b3c25bf28112de

    SHA256

    7cf059302a32441b850fa8994f3ede36ca6da9c62fff8dec254489ee2b932a29

    SHA512

    b39f786e63fdf331190a66e780112e093c409734b8fadb1a07d5f63e10d35178eac13b2797d58917766b3f4241c87f00c0c12bbf1e99da4f4a8dc0234af5222a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    95cc881dc551210d9160daacb32050f2

    SHA1

    e504ad1b9d5af822d1ffc718426cefe4e6d978a5

    SHA256

    edf71ef4cc40355ccc7539914d7dda33c383006d37c3f49cb40387e97524df60

    SHA512

    21979d26bec89fd5cc745af1f8864fc72e016d0f0ca4c1e4a06ca6415a6b0e8843b9f55ccb3c9855d95fc90bed5656b7bec38a72869e735d4d1ba8e920b65e18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e36d5f9361ee7edf0b1a2bdc76a2348b

    SHA1

    f51d009d2b5086f9b7506b2d39cba214ccf85fe0

    SHA256

    f8beff0a24064b23b7f3bfaa593fc3f28622cb97d7e52859123fda3f551dbab0

    SHA512

    753a96b1e2765ce70b5b860f35f53aaed176a782f08f2f611e772957b5956357411d8e42db6786d4dee5f090c141f7fb089d0012af6962eb77e9ed6786e67f11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc9380dd30c96916c4cf607390255d29

    SHA1

    6b8de33d285919b40808962d98f6ea95bb0ed990

    SHA256

    34d8cbe7281c0faf71209ab6f1772babaa8bb65d09c0fa7baa19e7e6b1fcb3c9

    SHA512

    f08a505d6713db65a802971ba375c48c3f0415bb07d4d9e38889b1d61f393e1c506e81b18354276d66455df5e0967af59e9d284ddbcfccabd69aaf246da8c54c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8b29fe983291abcabca5dceb0eb15bef

    SHA1

    c4d5fe35bde311a76a71786a79da926f611826e3

    SHA256

    394e98498d9c1dfc2db0a1c46304f98377863c9f7aa4e6afd0d16f6a459550fa

    SHA512

    1efcc42a32855c29575e1773770e91bddf2a73961b0a4dbe62991c126f5a6ea5094a12e9ef30d3003e126c3bf792be2d1e2a5c6f16e0d035c03f1e434d084f7e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANFZKI5S\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabCA91.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarCAD5.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PKEW1KMV.txt

    Filesize

    606B

    MD5

    f2c0ea8f8140f7d59ac9a266d609e4f2

    SHA1

    1816e2d7c518ca38b09bb49f89ac0317b9adecbd

    SHA256

    d7762eb56dd766abaedefc027de41b66fe5693a4b5db559239ada5d424f4713c

    SHA512

    be34260867d4c4f7d5c9dc08bd65808d773a256732c43ed74cd704ecffc4395e50fad43fab5f2e1120bc6799f4d2bbc2ce61a71f014fe067f711983335efff85