Analysis

  • max time kernel
    127s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/inetres.xml

  • Size

    1.6MB

  • MD5

    39f0d8dbbe07170c55ff82ff6e0f137e

  • SHA1

    9968c17e869250de0bfb2353362ff981b1152b9c

  • SHA256

    5b9d8f4735a3bfc022542f617c2fd77dbe4b0bfbb506d51e1ed0adf896155356

  • SHA512

    9f27dd0e757cc4b8a6c3e83e4044068440547380fa91d1580b00f1b62f07822376744ee65bb5eafddc4a35b6048b8f32209d00766f88bf09df9847053c1df3c3

  • SSDEEP

    3072:0wQADKm6VNTp6qpxFwFVSl9t4VpR+4Mlu8ROYg1V:eWPq3yrvMD8Yg1V

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\inetres.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2252
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2324
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39fd2ba568569036279e56c9346fdd85

    SHA1

    716e371f070630cc085b06676db432878a716f6d

    SHA256

    ccd3bcb69f156be6ad7570ce4f7fd84c2b8a42b7f9a97b49b6bb54f6ba0d2b01

    SHA512

    8bf61fe29d2f4b5010e5da27dda5743aa764d6240ef6e39f461ed20fb52a211eb21382f4f8fd0c9d0dec3cddbf7acac1cd7e5f5c535419858a415171f26f6cf8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7b8f9944e9095d0451bf669abbf145a7

    SHA1

    07892fa0bb94412c01c3a67b90d8b892a0ea10fe

    SHA256

    b6d77125a49771474be00d47fde145393f0bce5ed7bcdddf12547fbec0b88ed8

    SHA512

    1936a8319d0b01b00784698624520b12c8997a4e4e40ca116b5fe33946ce4ff7733027b99f0dc0108128d541751864addfd987d136a4ce5b8a93f796fe0d2c5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1b17b711653433c1e76eb6f2e8c3d68b

    SHA1

    d00200ad99184c222d8169c510edefdb0625eda5

    SHA256

    09892b21d5b1f1c04e2dc98fdebc44147c22237b52d4429dc8db2d9f71abf63a

    SHA512

    3b43c4186ec6f22b82b72b41048cc190dd6387fd13e6251c8253ec4506d92ea25c2945dbbe10b82fb239a170ddaf20cb1c279c5d5934711fc1d336eeb8de4a7f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9905e0a59866ffc9abe10acd685dc202

    SHA1

    4ec74b18643a28257843bb4744c9df2c58ee95ca

    SHA256

    6002c3bbaa78051007a7c56fbc80be93d2738461d5471f0f8fd57c097e1b593c

    SHA512

    38f7a9918431d70214105f5e5d1dedb6a797d3805ec748b4ae66af5a89f799b4acf029f57217d62fc05b7b75eb0d84e4af46ffcdf3c81cd15322341adc2b0424

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47c703a66ff63ba42b20c139df1a2976

    SHA1

    336f38739561439136b3f2760090aaae64d73d1b

    SHA256

    90e3536c16f1481e87bbb8882ee10b1d44dc8a340b4fe5013849d731d7b81777

    SHA512

    7ce29149b8037758bcef1e4597ad68ca5d2377d9adb5cb39a8b8b767f59328b9efaf37978cf2861f387aa3e9c8aef30bd96a76ed7413d3441e2256c16d73a6fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    18667bda78dceaa61e2e3a952a16c10b

    SHA1

    db7942455763dd644311ae2bd8f33a9ceef3f217

    SHA256

    5abc68263c0b8c84632a2b7f03ecf269933a809cbd3f1fe4ee69be48eb1b5f84

    SHA512

    f9cccc83ab5ec6091e175bf51863c6d5840167f5798dcd5a0d1b44e6a525ebd3d123dfd32f87cfaa22bb62984a53097bc6cc9a1a602a5928c2c13cd7911b8805

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ebd84655943c52a7937a8111f87167a

    SHA1

    2f77f42eba613ef1523d216d3964c8c850a60967

    SHA256

    5f98b65fda7f99fbae04d03d933d1b7a2abf883cfcf8ab406816f2583c529a90

    SHA512

    8a6a94720c18689f2f8aef361c7c45a6b5390a82043c3d72c7e24bb8c711321756aec5b012cf4747da9047518deba0d7224081e32cd822e4768ae86cfef8da3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    23504f6becb8789ebf886c633fa61862

    SHA1

    9ef23935bff0fa84b5a515f517e4aef42d89ff38

    SHA256

    d92e18ab8eaec96946553271917252851da4115db6ddb4f757067766a39bebd2

    SHA512

    3271598e0326811cfbca61d07a952c35a9d0023425bb2952a877ec9365b06ce9b8a1f394337cb556b93480f2d48ff254e7e11d9fd7bb78acb2a6b69ee3dd990d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    271e42206135806857f3670d07367a77

    SHA1

    01a74666bc7bd668d779b3d80362ce9ee74e6d97

    SHA256

    3b4ddade4e26bc57f9ca79e28d90a8480d1a78d414507fec413f8c1bae7eb139

    SHA512

    934f149b407b6d8608e25088f01a90fb072b11c84269b5631673ac1bbfcfb826f07db9b70f29c2b669eec3984c888d6ac1845ba3d751c59e2a53036e9111da0c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AKN11NC\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabE8AD.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarEBFA.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FBXDK72N.txt

    Filesize

    601B

    MD5

    d19dd49a36eb49eb0b171e7fb4eccca6

    SHA1

    836d02f33d6f50fd562ca95bfc405f1542ab90d3

    SHA256

    40a32915e5833b189488435184544d691e590fd18272a01cdfcd7bd96e05dbaa

    SHA512

    d94d8cc881162d65160c8ce47a568b5f5d90478fbe707116187e9ed8bb4da61bbab778c9b5af61d6c79ff637be28e6a5173016303cb4f8e71e0951f0eaf498a1