Overview

overview

1

Static

static

1

settings.xml

windows7-x64

1

settings.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    330s
  • max time network
    334s
  • platform
    windows7_x64
  • resource
    win7-20230705-en
  • resource tags

    arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2023 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    settings.xml

  • Size

    7KB

  • MD5

    0787fbc0571a188f380e196716072027

  • SHA1

    9bc2ec83c1c496f07dd0f3b60f405d83b756539a

  • SHA256

    70ffcdb0c3394209835bf1ed09ec43ab2520af15bb6f2020d66e9173f7e50049

  • SHA512

    0df314bbdb62e9ed585e0803142b147b6b881be6e20f1a3cbd488c246b02a257b498f1a9a81d499733da7b30c7a67e905a0d227889e958b60cf11f578116edfb

  • SSDEEP

    96:GzGWYqTaHD+aW+n0W1WkGeFQroqqTaHD+XaFE7roVeYRewqFtecqye+1ceEmMEec:GjfWVsKsOVOuA7givvfNPru

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\settings.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2852

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    910935b552b3f71f3913559f853db0b3

    SHA1

    90bed90342cd856f0a7708574555f8326ce60be0

    SHA256

    4a1deec1eb79eaa7c6f9ba91e57a1149cd07fdff82b5cde96376657f429d54a9

    SHA512

    900564dc0f0b0e667a62827769414bb85142880e190d81a374f0ee9a8a3aba18f6fba6fd09ea5426edc2a31cba05d50b6cd3985d9da23d31564c2c8aa3af031d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2eeed48ae494bacdfe3349530a655a3f

    SHA1

    1bb62783f77d981a91f9d9ddbe04a940b936098d

    SHA256

    9f172eec317fa233600f7ba8f21339efb2f1942739af9b60e6546e3017cbd576

    SHA512

    983f397c99b65b0ed02dc80cb1ab825d590e897d0b110871dafe046bbed206a824146fba783300927cfb60fd6ff817d191a2895d04f4af1cbe03cffee9b60fbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d71890a90b518990226f656da18aa3d5

    SHA1

    f73e906c53698224977d9902947a8be4eddc81bb

    SHA256

    fa2594a367ae20e5a33d3971e4e801fe8112cba058c5592fbaaa63649e2c5024

    SHA512

    24eedbf4e0b50fcd13da050754ecda5b7953daa7de8ba5711a047bc0502956ef5b616759408dbfbb5d9c31f8fbb10837a5e102b5be91c0a0c5c5895fb4acb154

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6b2e7dff76bf8838c94988087770a19

    SHA1

    0c44d853cfc1a6e767e482b7bb8c3389301f67db

    SHA256

    8a5ddd8f768ec631f7dccdfbc6fd4c738b87a2386f0302db7928493bf70e7f58

    SHA512

    2ceaf0c29cdb4568be836ef4cdbe44a209931d9bc349e5265bd573002d7f38d95227f888ea4e08f81d0838aec14350e46340f8a005e31395b1b45570010cb328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a56aac58466be6f6c3bac0b0f7e2a4e7

    SHA1

    6d2bf518c59fe82208581b77d480ca32d59f6065

    SHA256

    b2e641275933d8ee77f6165fbeb52ca25c201347bc2cfd52ce78ed97590314fc

    SHA512

    a9154b5e301a04c91dfd7ba0ae7520f6d3d053667341cbe2d2a3aebabcd68a80fffaca89419305aa9a609681b29eb1ccc479dc441e174126bc3157d0af4cfbcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5566b4f098339d87647b5144d894d92c

    SHA1

    422aa44aae91325e85e546d542aa8b2a83ed0c06

    SHA256

    4ec4d794d389e0dd132c989603657c60044eec940081a6157dc434a47d6fbd58

    SHA512

    3ae7d9ba020b2e128c5fd351201d80166563f62ac4fa8b9bedafcc55d4beef2b271625e3fd38b0896f9c3a46e5f998afa0d30c8bc4564ae69b3b798188642707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ac98ce76a7e4ecdcd138d59844851dd

    SHA1

    8fc6f156d039eccaae882679419caa2c95785257

    SHA256

    7b425ead3369ee89ab564309c29efdc4a80b10d56047cf99d44b92a8e846f918

    SHA512

    4ca595089e7bfe4d16868ea69bfd347e48710f483a5759ad76440daedc3d44f3a737813d50bb5d678c49046bcf5349b17dc1da62ea754bad0cd1a184b130a560

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db2ba6e91d5b0d53b415b2b3bbad29f6

    SHA1

    bf81ee317c8524cd4dc1fa8ae88a3280ee459600

    SHA256

    3fa88a0096e0ce07e4461427793342a8f05e43fa015c6b77c07eabd124fa7d11

    SHA512

    c2503db6996193e56a8a9831c2d1978e247564f0af4e34b7720c0333bd602776ba38756fec2b34fc8830585a91b2b077f922e43787e4ca29d3179209dcb3bb0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecb0fb4b95ea931929a678a089a88ce2

    SHA1

    a82ab196b2f01762c743ade65208d5b7773d9fe1

    SHA256

    578efb3024f86d12b811427c0bca8b6c5d3253127efca0249ebf2b6395fe029d

    SHA512

    b0c856e733234f9934215eccc920429ba15a75d114ab8d4181f3c77da1c2783a80a5b514a2311536c4513a5e41fdd7d188a57fbc8cb1c5da706705bfa5f1e6f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I9HDCK2\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab827B.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar834A.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VSGEBHQX.txt
    Filesize

    606B

    MD5

    f6270f000942748bd6b7d53a08b73a0e

    SHA1

    0960adf6bbcddb15de6d6a9fa9735702c5a22d40

    SHA256

    1677f7998df8fcc7a1089697b718212fad3b48cd9575f230f74aaadadb50671a

    SHA512

    f04ab871b335eedc4faf73de1d0a01aa785f6893651db1184336489a7c90bc49c2f06f2bc79d4bbff3c84988574298aed4089a414817f0ec1f322064a2f2b75a

    Download Submit