Analysis

  • max time kernel
    137s
  • max time network
    185s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/FileSys.xml

  • Size

    6KB

  • MD5

    499e7751b019078a8a997d67e8805686

  • SHA1

    8d3bc566a990569dcd87a4862f4ea74b5a8d7696

  • SHA256

    bc713bc684b0bdda9342da9fa7e36caf7f328f32915144c6eca49b674917df88

  • SHA512

    0ccb75c55eeddfaaaf658087904bfca12c520d542789527e1248785ead66bf9f3de8478b2661814f549c6ec0bf8ebaefa1ec250199b1a6e3ccf95f6f60637d12

  • SSDEEP

    192:sYl9Bi4JFLHTSRPTsOyA0VXAQsMAy5PVzRMS6l0TE:ztJFLHTSRPTsOylXgMf9zRMV2E

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\FileSys.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2252
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    139b80bb613cbb722859a30ca42088f7

    SHA1

    480b26b9935d27f4db1e4ac8325f9b1178c59623

    SHA256

    0539c05d78c904934eb151bf69851940ac8c02acbcb3bd6abf91e4942420cadc

    SHA512

    4be286e84ac7d7c45a0e4a4301e6c7af680a6b704b63ee9e5daa3b773329a6383a85445e4132264307dd4ac541be8a7342a98f38b553ac91ae3bfa1ac6b3ea59

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2a2b5f8269e8f6e5666a7f8706c58849

    SHA1

    61ae24fb3224319b3bbede198880119b9a6e908e

    SHA256

    58d0a3d64900ac527d29d31fff287277ede4a8334cb993975d094e2363acc0b6

    SHA512

    54f1559f75a9fb1709e3be40eb10b6ec7c8a0e2fd266b13d3f2fef2e3d54e5a391bde00ea03554dcc7aaded7a4d524bc5d327b32967c20354efca2c1958f9942

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8a5bdc16d880c9f60c53756614300b88

    SHA1

    90f94af9544f762d0084b6a684c242cb12171d56

    SHA256

    3caf5f18a34da77ba5c8763ba8cbfe407b4672ee113fbcf3bae361f2e3947de1

    SHA512

    9bcefb40f512dd132d0bc4b30c89268bb3aed05b552994a1a4860804a8ef2f335fd4617cb48e681c0902ab08d9aeb3a1f6a831c3fc6f5acb7f4a4f2c646ba8ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47dc0aa582e4f2a8487903479c3f1cf5

    SHA1

    e3bdfe6ccbd40b41071217a72ccdcb9c5bc222cc

    SHA256

    4e568ab7c906a4f40f5bd874720bf216f6b8088ecfe3bc67175b71fd34f0d808

    SHA512

    92e5d596bd2691b87d859c37b63a020bf5539c5de86a3896d9442e5ebf1bec45b30f04b095dd963b695015295bcb2be36cef6f065fe04127af39983791dae054

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    38c7210dd9f1114bd7f9af99a30e5af3

    SHA1

    df5058898c9645855354491a82e1358aea4a09cd

    SHA256

    066c3c9ce0fec5aea37ea162ce95e91f6243897998868d3aec7e4a385d2abd23

    SHA512

    418f28f5e185301427c75bf640f01c607a17fd395be26229567d2f4b4c27cf675c60c8c60fc7fc62185bc311ae934267863a0f0224397ca6d10c24270d526530

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb0492de0acc55c39800bf9849ea5520

    SHA1

    7738768ef4b99448714f78c9bce9ac26931a7eb7

    SHA256

    a3586ae01d247bfd519f446c34264773e5b9b276548c4920825e771277aef50e

    SHA512

    f4e31d4c2bd6e835e03bdcbdc6d167cbede41e5e13ca42b252fba869b85b5180542ceccdef69daef5dfb4e3dfdb51e50d82974a32646a6c9fff55c73a4f79884

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4118d0224a3e87505ef64239468e7e32

    SHA1

    0681608b76b8640f76d8792ba3ff7c584747b8a4

    SHA256

    484b72dbe35d48f8175b77474e9308ebd6e9dd42cfdb46301014bf99830fc206

    SHA512

    d50c82bb7aff340bbd241e4cbd632ffc2f5d7079a40dbd2e5aa0a6173d3a67a45cfb15789fe05a53603871bbe72ac8ce1dffe3e965baadfa822ba2671e4ce261

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3326b9e6b5a6d6cdb768730968ce4ad

    SHA1

    89f0777ea8e7ec5038ff2a8ff3b51bb35d29b4e8

    SHA256

    7f2fd219914933f930c910d698a77a09f620d3198b36faa6302178eeac2fca2d

    SHA512

    aa290790ccc577f71ff25e5b2d5dbda65afd7e9dd4e4379647d31f858bed6aa86debbad67711d389a9c6a6aab770ba34bd9defe493d3903806295c525900c12b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7739f8cf374996a92b789cac7b0e8313

    SHA1

    357910a94b6002016a815cd73626dc40165006a5

    SHA256

    32fda2816f3ac242447addafbf55d0b6a04124f930c761e87713db4a257d2398

    SHA512

    2171db3f1add93d5e5cfb1c9a1a8263c133b8ab7b3b3816fe3d1ddd8b73ff31b0e36df4b83258096dec1ef0ffc900a6ebc2d38f3f3f08478d420dfe8ff4c2d5b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULULORKV\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab60D6.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar716F.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DGXJNCQ0.txt

    Filesize

    601B

    MD5

    7cee43ae253055ff7513cfa1cacada4c

    SHA1

    712031df9eaa8a2ad0ec4700a1bb939d8c7e6f53

    SHA256

    18c990e45b41eb9b60568cfde104c9c4d400e71e5e61b88237746bd63ee87e93

    SHA512

    e289740aa4418ab1cc9592815275c81980e39bf438d0d69d4d2871e9f9730fff798bd0ab688adbca80b4f675bd94fac2e7fb5d0c3a44bdfa6b9ea8f8643c71b5