Overview

overview

7

Static

static

7

KMTR (Comp...3).apk

android-10-x64

BG07_1v1.ps1

windows7-x64

1

BG07_1v1.ps1

windows10-2004-x64

1

classroom.html

windows7-x64

1

classroom.html

windows10-2004-x64

1

sticker_alien.xml

windows7-x64

1

sticker_alien.xml

windows10-2004-x64

3

sticker_ba...ll.xml

windows7-x64

1

sticker_ba...ll.xml

windows10-2004-x64

3

sticker_blondewig.xml

windows7-x64

1

sticker_blondewig.xml

windows10-2004-x64

3

sticker_boquet.xml

windows7-x64

1

sticker_boquet.xml

windows10-2004-x64

3

sticker_bow.xml

windows7-x64

1

sticker_bow.xml

windows10-2004-x64

3

sticker_bowler.xml

windows7-x64

1

sticker_bowler.xml

windows10-2004-x64

3

sticker_bowling.xml

windows7-x64

1

sticker_bowling.xml

windows10-2004-x64

3

sticker_burger.xml

windows7-x64

1

sticker_burger.xml

windows10-2004-x64

3

sticker_cake.xml

windows7-x64

1

sticker_cake.xml

windows10-2004-x64

3

sticker_candy.xml

windows7-x64

1

sticker_candy.xml

windows10-2004-x64

3

sticker_circle.xml

windows7-x64

1

sticker_circle.xml

windows10-2004-x64

5

sticker_coffee.xml

windows7-x64

1

sticker_coffee.xml

windows10-2004-x64

3

sticker_croissant.xml

windows7-x64

1

sticker_croissant.xml

windows10-2004-x64

3

sticker_crown.xml

windows7-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17/07/2023, 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sticker_burger.xml

  • Size

    12KB

  • MD5

    c8dae564f4f7e19e4470d9b8a05deafa

  • SHA1

    8ec5a0a801578126c1f2a6049a20af7a28fa75ec

  • SHA256

    0718314beea0b292343ab7debdd77611c5ed50757f0a11fd9c6d62a6e56cd8f3

  • SHA512

    e5a017270c364aaeb41a4373ad6df0d076d351deeebf5b7d5a2b42ad3eedb028ef8adc9b30d9740a5cff646d839f640502874be4a72b3b9f0e5e7d5387bf1911

  • SSDEEP

    192:NL0GHZ2aWgaqtObzlKuxnxiH6DOYWexZwH2R39VcBha8pw0yWY:No5BYSKu9bDAexeH2NcO8e0M

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\sticker_burger.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2424
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59f1985863cf37fce3882d2c261080ae

    SHA1

    0e7b060667d75b23cafa126bd2f3532ff4650468

    SHA256

    74099cb55dbec8777cd3008f391bd237dd888c2e86c60bbf554a13563f374a6b

    SHA512

    25a27e29500a6d83e5a1f334691b2dc2d14c44d6bb320683dd531ca99b02eaf96c04c2dceb7345deb34d4f60f30ab03c73a8cefab8b683f1589b8fde7fd05e2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    080e0537a8ad03cf9070f1c79f9528b8

    SHA1

    95a052d2ef1ba51b8f89025ccd78446f9b7796c5

    SHA256

    9e1899fb06adb06b1a807c5f9684f06e6eee9e6b61c2133724f58fbb96797585

    SHA512

    225662fdfc8ab235b1196043e2990d2c0bcfbc9dc372fbc30642c41128064958027db9c6a9f1e830e2a935dce465e34b550fe00c937f6b1c9283dcd4a841591d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a24e80c880e1817637ddfe026ebf350e

    SHA1

    76574eb23b8ff5b3a656eacadc19e74cc97eaa4d

    SHA256

    4c11104a83206491dc4f126caab4cd108e637fce6ae050184d4fb485957e65a5

    SHA512

    b5bd30ba8aa6e23c9d75eadca6e7cca9434448128c51a3e74dd5b2d1fc76697684ad87a719cc3749f4927d74f34228bfd67d06f957d2cd1ec58d8d4c6bd3aab1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb069e11822997267e1926c48cc24984

    SHA1

    6fe4a28513650a19cf4f810d49936d4ede3b3d73

    SHA256

    07abe8c9ee6fd2c602f618bc59e85ef06f2622ff5ec443b21a22772c4af3924e

    SHA512

    71a90df51aa463c732f56de082fe203c4d3cbbba4bf90723194bd2046aca9f388fe92c1e24a8e2659ef257279b0074634dd46799409e93bd0e441e85af71d42e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bee5fa79b6681092c0bc464d72d6d733

    SHA1

    4686d4aad3bf5a070db071d8f3a5862ac527d907

    SHA256

    97b5113d14daad91afd3001b3f89039f1dc1fbb3675582b4089c8e2c3ca5b9b8

    SHA512

    cae40134fceb9d95e0d11b106aaadda48f6e4da6e7e769d189155ea8929be44e803885ad84716c9a3ef330726fe436ad3b758b33023e79d59f728e2c5abb46c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    892b731eed154181b26832c484b9804b

    SHA1

    90e0e83a1a42fe042a7386c3c9c19c658bd0d5da

    SHA256

    ef80ef08aa7f9078aabe074c4004d1be378a9db9ff9e4f0fe9c184f8f315cdab

    SHA512

    646ed6ad670b49a386eab93dd768d3cca602e576915dd18ceb2ec0fcdbbac3ae4017cc1e37fc0372a907f685b2eb90903458d0041a8e95dd3c5d1b2ada9e1c4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e57d5636c3897b35366b923bd51d914

    SHA1

    181e0a3b7b4e19a5346d9721bf75aaef84db3701

    SHA256

    d9dfa937393f96b9f6d17b1071e22a6b96bd3b5dcd58fbb77c047384602e53e9

    SHA512

    6ff4828210136a20b0c39adfa601550fadf9d5ac5e8bd61a595b11ec0b9997c3402e0a58042db7c7ef9c2bf7997cb3522f68f6092b837d56b05f4aa6707f26b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43842e1a4e6ac9d290dd0b41575391a7

    SHA1

    1d62fdf603d676c09a8098f1253b735de009d3d9

    SHA256

    c70f461a1c36243a25b74fdb6df638b65f7b07bb9d46f0dcb49159896885220f

    SHA512

    8f2d0fdfc481626fde5d53744300abee1bc7967a0702faeedc2dd4ecfd831e45dbb60d6ee0784c51fdd637988e78410a15acc7b4fdd245d194ed0de6bcbb3d51

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64WRFCMO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB4B2.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB532.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C0QN912T.txt
    Filesize

    606B

    MD5

    7fc42e51d254d2dbfe93e14efc4ddbb6

    SHA1

    324d7876f6068307a753d5b248a69982b5649de5

    SHA256

    e9af38b6e036ff09763349009317c615e152821eaf0a61cb8b5e93efec4714be

    SHA512

    5444b03531048cc9f3aef57fc77b874402f95a6fcb2af25cb2378ab28cbd238d33700cd769cbc64cc673b531abff4aa226b2df224ebf4b507f5c6e5b0500a7d6

    Download Submit