Analysis

  • max time kernel
    117s
  • max time network
    186s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/WinCal.xml

  • Size

    1KB

  • MD5

    bede56a7aef6b3db49ab7d2eb3f2870a

  • SHA1

    bc18289b953a8ac6c0c8e519f72e6adee933ff98

  • SHA256

    1fc29fc668043aa03ffeb2d61868d3369479c3cef2c4725d162cf5344dcbdcfa

  • SHA512

    2bde0a5f1983b08379c262f86aadf8635834674981faf7feb3ebc39b12ece95b21203be82fde2fe88f6a662836374a7ac3d6fb8057d5273923259b3af206a3a6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\WinCal.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:928
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:928 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    1374905c6a0ea88cee9147abcfc57958

    SHA1

    869ce1ebe5d0843868c1a436e8644e898112d147

    SHA256

    6079e2e1be8c189278893c0840504c155f5f679396f950294ca88241af6eab08

    SHA512

    e32db482cc7e01ee3f01bbc1b79dc6e0aca38ff5b24ec563e7dbee080c8d8eededfa0a989dd320a9b68431b94b3bbfaaa1f466a8bc3b9874343cf83a9efdb1ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f0240540316c5a3e68fe97f55a01619d

    SHA1

    1a9d7931e98d80d43588d4feba4babe3ff78cdb7

    SHA256

    39fff6d1a9b55e755ecbf8d53206873dbea6d46f4d297d8b2362541c4cfb6b76

    SHA512

    3444632e5745e5728b5243661ffaf65c2171385effa4eada2ecfef1690604cc8250250a707820d852903aa98dc40f241d56a99728f081d63e9fff45db816525a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    ca0017cfef0ea6e418c08af453d39ce5

    SHA1

    f356107d1cc3099b610deebacb9cfb63c28f68c8

    SHA256

    3b806dcf2222136801fd92794e03f39a7dc930bfc642597a111e8c7d09700d26

    SHA512

    ee074644bd3f6669488ed17851b54fd1cd7a55b5b8c4c03ab4a44a15782aabbb64519e0177dbfe57e825405039e02e7f48ffba0ddb604810196272337f9bf943

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    4cd5b22c0e3fd9ca93055d19b0cd07b0

    SHA1

    5abe41b6fdbfca40b18034f9f880982230288985

    SHA256

    6d07e94120d2e44fc92c89b04746f64d654a9c55407eeeea58fe504b4deed2a5

    SHA512

    c60d10dccea85ebcfb64aec5aab198d00f1a9f380e5ba784070189a0506b1f34d458acac51925d24f6665554a81e6de4f4e50d6ee5379edcfc253dad18b06ab8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a715eed19c93fdeaa3a8b8944f0f1ddc

    SHA1

    cafa2514e439e1dc458b532b0d547eeddaa6bceb

    SHA256

    3280c769c8c9636dd016126b333aeea7cf19d40e236e52cdd3d8727bf9604066

    SHA512

    af2f171d93af29303e07b14b0e6e2fe860ad8e74a3663a4cdb877d709165a845c1d96ac87c22983953aaae83ec4ef1c522c424c9117caa77a32fd2705bb5c6c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    fbaa9efd81b0418aaf828e49e4bfbf33

    SHA1

    123264cf5f194ac3fc3adc39d8f5612c9f894aec

    SHA256

    d60d7a2da61795f53027874c353ffe1a2ad80824a3778b6de2a199d213a461eb

    SHA512

    d7d9a78fd3ff6ddb845126f3a259864d1bfb33893efaa711af1d62ef735fddc3cb93f581a30e807172ecc8200d0c6dfada516f2f3468d4409ad72ff1bd82fbda

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f7195104c0b65efe858ccd68d368ecc1

    SHA1

    c95b5357cf5d306a2ca85f453944c052a03d24f8

    SHA256

    c4afde2788df990ec8a9c8a77c36ecd45f1fad87c56485cd4ca092e54d3adb02

    SHA512

    7e3ff493057a5c441f3314e1035f6dbff9b2e3b9ea3b9a1b7f66144d586b82110ec1a1e80d6f26d4fb4c99b22a666f29951b3f5e5185f8190a36c74dfffd689d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    dfab7861c9f95c7d542a1107e44e6c24

    SHA1

    452f66c1a05506619ca34afe0f4ed060b784b7a6

    SHA256

    d5d81a747a7c8ee01428e6a4a6c952cbc1b89dd8b035ebda7ddd34bb0e585e66

    SHA512

    28f8c8df6af7332137dd34397058d84892dc663fdd02bf3ae6f7ee40baa468863630a20df7dddf1f30feb674b4abd5214019b8e4bbbc2ec37345639d8414e4ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c3a98423690839da334cec8b75443953

    SHA1

    4528942c2cc4de7832db8869332f73d9f561ccff

    SHA256

    37b30d8b72f4f6d6bf362cc5fba98067e18061eb54fd5bf283c39537565a2454

    SHA512

    1a3c360664c1f4b27ca819fb0eeb8e94f6b71ec4c06783ca483d81c027e9cfed76f33995c51ecde630f32d5afe764578c4a434a9e3858d02872110f140a57ab5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIFCPV5U\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabDAC8.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarDCDE.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MO3EFOZ0.txt

    Filesize

    601B

    MD5

    7dad4504e9d28f5fd42238f426233f6b

    SHA1

    a603f9129c4e4df12c96dd53b1573799855426f0

    SHA256

    83a26c6325d138c64356086c4b63bf28fba6ad37351fb38b9fde52c3e73f9127

    SHA512

    8c9295b965235935eb12b7366498bc5e12661129a384588ce314ee767ba3f6fdb3837ecf58437e4e833cfe456f2919562c9710a5fe9aaa5c99ab0c8ec0b86cd1