Analysis

  • max time kernel
    155s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/ExternalBoot.xml

  • Size

    2KB

  • MD5

    ada14c9e12ebb088628c86ada31184e6

  • SHA1

    a2578366538e3de9ea2c047372217a3ff3ff25fb

  • SHA256

    4bd2d8e664271482adfdb53411298577d2bb7c5cf18a6fff30fd8f40abb17ff4

  • SHA512

    147a0d77b2c8e66a97d22e62d15248fc93c0a82d8529628a9612c7aac7dc48ccb3ca8fda317ccc0372e0c9001e8cdf8fa8d12e47d84412df3ddee0b1bebbd93f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\ExternalBoot.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2924
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c417963d18776bac5d4dc18a4b7f39e9

    SHA1

    aacf90627b027e9d909922ae247c1f98c44145a8

    SHA256

    b5b34196b1e8f04a12503c39da6d7ea7a46d9a89fb17430e208fccb20be4f40d

    SHA512

    fc6bdd80a6266877e9c2268c9addcc3a1110f7e9e7b127837b527d2acc6db7daf73163fefea0309b036a80ef4e73acdc6983fca111115a746442e5f8eece7acd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8f2706b14aafcebd1714c9ec26d7b314

    SHA1

    2e3c981499dcce141d436ef337f342572444f5fd

    SHA256

    b61b9168aeb4e4fb986c3dc039fbe1af289d61ac94b13a250720358fb3bfe6b3

    SHA512

    de4a87837517d8e71a9c5109456b7f67b76205d3fc6cdadcd71afdf6df3af8d1494457d761aad53b12e76cde188c2343274754b48ad09ddf2463debffa5bac9b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e81b1a83106f20f43bc069ae620d9f77

    SHA1

    1c1e475514a044427d4e9dfdc1131de0cdae12a4

    SHA256

    ea5f4378a3d6df4af65c2d438f3c58f0bbe1a64c63c12ed209d29b85100e50c7

    SHA512

    ed6152917032afb78479066d211be53e0a50c7026c1adc04c6a3b1770ec50e1f2b0abfba712b4c4211fcfa040c507b46105af2715a3e67127b082acecff0d48c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5ce712b9f39e3294140ae5c97c02db6c

    SHA1

    f1af4f93e41a1e6db2110a26171188a4b9eb1988

    SHA256

    22cd6d5ce88dcb90eb20a3a05cb4cdc780d7be4c522f682679012515e0c47c55

    SHA512

    a2eb27cd8ca3da743890666c001e24d5a8b684839e90639125f0be718a3e2643b0ddb770ddd2562df67a64725097d1daf33de6fa0ab01cb333ae55aa0ce42d1d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd0be21f0cff8ebf665281337a65157f

    SHA1

    4296565b9e371a3a4dedf02da4dfcc00c1bf0f9a

    SHA256

    cc25506652ca65307e5a4b6b153cccba174630ee9266bc834d59e3868289c6ff

    SHA512

    48a000534f09fe06952dd2553d391466e2e88d2de096abf9a3090aba3a32accabb8c0c8e87b2219dd7e65d495e366ba06037a5bbf51975934864004ba47341be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    039b0169d0b06dd2fc5a1063503a69c0

    SHA1

    29cdd349bca806152fc0dce2e4e642afc2959ba2

    SHA256

    fd1ed3807a484cd69c0d06e8d8694f6a8ac5d9b5c7b9b1fc9b15227f80518c5c

    SHA512

    4cf618ca926cf7172aa50dc6a5a290498e25c3c69c6d883ccd23b4b8f1028191989a5eb74d05ae10ac9cc3812aaf583823e152af3459d944ca57a36bfd7de9c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f5f8c412e5e894ae1baf0973fb5d1f9d

    SHA1

    eb4ee39c715cdbcbf79bd00d45f43a53110d2fbb

    SHA256

    0b5f45b8ccd9285c04286b957a4d2b54b14192f475882d8adacf2b4c9d89861e

    SHA512

    bfc033c3f3a4409197bdc2cd554f02c39b9cfc7f7345ba8cb75f3efc7878a783b03e981c1d78db4333d04430d703cde88f03a10078335e615e0539810e816b95

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f0a970253328478e703c7744c0332c0f

    SHA1

    c876f85ce1952ee12f1823b61adb06e8220e393e

    SHA256

    1efb194a08bc5226801931dbefb1362876f57be39cbc91dadcd64ee8ab131fff

    SHA512

    e558ee849875eb9bc9ed6ba1c51fd308a411b7ca7222604ca5ca70004df13cf925d313054a8d23f4052ae61788c3e7ceccac70928bfcdf6ff56bdf5873b1bf39

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9EM1SEHQ\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabE3CC.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarE43D.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XUPT5FHQ.txt

    Filesize

    601B

    MD5

    d6175a045564c568fad4b6438b15c336

    SHA1

    f9e85eb96e9db3ac68e07c1cd0a82c7e7d9581ec

    SHA256

    8e729e7094cc902121567777fc2608996c83dbede71ea01ce6727b2cf6323d61

    SHA512

    9b15d08611a1cc9dcc7d8cf3af63717637d26b56428cdbca036de417294668a1a6ff02a6f29721f4ce610d371e485ca820050cbc2c4c2e5490c7a097dc467cd7