Overview

overview

1

Static

static

1

GRID-Autos...t).apk

android-10-x64

help_scree...en.xml

windows7-x64

1

help_scree...en.xml

windows10-2004-x64

1

help_scree...en.xml

windows7-x64

1

help_scree...en.xml

windows10-2004-x64

1

help_scree...ja.xml

windows7-x64

1

help_scree...ja.xml

windows10-2004-x64

1

help_scree...zh.xml

windows7-x64

1

help_scree...zh.xml

windows10-2004-x64

1

help_scree...ja.xml

windows7-x64

1

help_scree...ja.xml

windows10-2004-x64

1

help_scree...ls.xml

windows7-x64

1

help_scree...ls.xml

windows10-2004-x64

1

help_scree...zh.xml

windows7-x64

1

help_scree...zh.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    112s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2023 20:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    help_screen_font_ja.xml

  • Size

    150KB

  • MD5

    a98b56dbed348e6a368e07620298a2fc

  • SHA1

    6cf347b744253e353276779885b6ceb834c37de9

  • SHA256

    2c39eca9e7c751094034f2245080377c1ceb9d248e89999374651ef4fc84f1e4

  • SHA512

    1f582c6f99134c456cab6ee03d097516f74c358b2c78c642e2846a397d8d2b4a3d5e55d2eec081201d24805cb13d2d411c713606ee3f3be75b138860fb45d278

  • SSDEEP

    1536:IurZH0ddBM0UNqFTn71LvSYfQKa0wyDof+s7qWABC+4NsUCjuZCDlWkw8TG0M6oi:K

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\help_screen_font_ja.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2920
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2184

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    403470d2a9db02be32a8059520b5f0f7

    SHA1

    026080113564f93374c1e4c8374a8b343d0f47b8

    SHA256

    66fdb4f6385ead9bb330bda7744eaad5b9e98afd023f7a80329e0537000c1d66

    SHA512

    93a1e7636a34113d1a6d6b65cc8310d29b40d1f809c8fb3228b84a88d8171a4a85ce3dd46ebe3e1ca89b000580d4f88efdc94153cb8156aceb1c262ffb6c664f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6adaa4f0bb941b1eaf1140538afa43a1

    SHA1

    4ef6afb59235fb0a1f115b143adda0f0e60ad584

    SHA256

    314c5c473e0ddd8ba22c34bac5671eba7d804110e10d908d8a9a172cdd0c4102

    SHA512

    1583fd54b91b7612e2798726c44767883a87c81d29bbd482781ae329ec9c93ac63c42318c0b24a782e0973a367466b214cb5b793937d38b3815cb9ab1dbeacf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    994619ebbf7753dd44cc2428c647fe38

    SHA1

    427ab4a587cc6ccf7f0fed9cf3774989f25a7f15

    SHA256

    0de551c09e4ae6caf3f971e92af8dda8d531d5fded0a9bd06f230494d7f7284c

    SHA512

    5569bf889002afcf84b09444828edbcb0c106447bbe9e4180d36e77e4896a2213ea9c8a1584f7e9732289a920bc7f4776cd8717c8c2447467d97aa85b143b0af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f931ade8e51f643f4f0a7a1a0e532b7c

    SHA1

    8f0118663b5830509d95bf832b58d29fb6bd5eac

    SHA256

    754e7f4af86465af54315d37f2a9e6d5347014d556566731268449104886f858

    SHA512

    196775d96116e3a9d18c6b69b038a13d3e05a1a60364db809c41e5dadcd3957de1303c404625c6cfc37b3dd311f28fd9d71c4e8589a43cb3ed072eff4b9dcfc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49a0da6f32e125e1c8af08a10453d361

    SHA1

    68edda26ac08b35f96c8e273c1e18ebd06217113

    SHA256

    d4caa996e749c86f9f223c8e3ccc294a34f88b5b3b629bf915259383de1d844c

    SHA512

    0bb7b392361db4bdfbe6c02a10be89ac83f5ece945af299b501f04226368a8e8f1f457c33f99a6cc50f4ea559694c0e82e600781b850eb50e5fd180a5fb6a399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2908e277689bfd9ab87158e1aa75466

    SHA1

    68f4290053380a035de9224387155c591314ceb1

    SHA256

    b60ec708eba85b33526a36633e1996aae44bdedab750c28e84f537c28c591266

    SHA512

    efcafcea84935e2d282dd5f3909b28ac3d65f945c643f546b79fb61c75b74e0875d3c9ba2c6c7b7cf07fa628c50b28c2235a3bfa43b7829729f35f581a4a22c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFAD7.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC04.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit