Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/syscond-en-US/AddRemovePrograms.xml

  • Size

    10KB

  • MD5

    dfe20a0ca8674d6eaea280c139e2688a

  • SHA1

    97027b92d40f5029ff296a9ea3105b775b50c209

  • SHA256

    c97cd236f8be2b235685d3d16632482839208604db3f550f9524eafda33b9ca9

  • SHA512

    120c45bd17045b6f3d4a9295e1888d81ffa99ed0f1d146aa2eec387c1187eef8c718179771bc0cdbe01a37a487d933f55c92f6f37954f392f007cbfaa2aec877

  • SSDEEP

    192:Eyvs59wT2mCtKNSMRdMi4LBDZDHZEzT+ygx5LDkFdzj9nWyihWhqeGzpbeEKJ28m:ZvyiCDdyTO54zj9na8hqe6pbeEK5jq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\syscond-en-US\AddRemovePrograms.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64c62dfb557850f71eef068287ee3621

    SHA1

    1045c7e1f592ecd4c09c86c9e59706022093ecd8

    SHA256

    47fcbc052ecc36c73a983ada5d5fbc3e4e4e68ef5a617d52d9cbb6144d7a95b5

    SHA512

    76ac9d6ecd73e449be62f844eaa7a57d323fc017d350af938da6b31c96ed886bd9e3f500143fb2155ab0c0f4e2eab65445f1f3ac9f2b37a5a29b29e883b5c7bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    337a1ea5fe4bf23babd953e928dbcb7b

    SHA1

    3f4512d0195bb536c15f61ec980e5a72165bd940

    SHA256

    509243ceb4df23a7cdec0ce3f8a3ebd616067943407f541fafa7d18e37bbcca8

    SHA512

    af53e9bdcfd746311ce1a32a9004b7502258209c0f66463765e0844898fae4e7d8159ff1f4d4bbf1aa3e5e6e8ce51786c8e1cdb88801eb1745af16e8fc6d15f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a7413b7d00c58c7627ee6fcca46b3919

    SHA1

    0e3ac53772c5cf63818844d664f4baa667d5ef58

    SHA256

    12fc5318c5ded51eecbd76feae4f116afa8d35e0d63e411c276e2043597f7e82

    SHA512

    cf63b85740f5dcb37d63d320bbc4082a4e175e06e3e1924a1a2e1f12c60d16b97e8cbed1e5bf0ec92d645b6b084832e7bf43a0ff7069b91783b029582f518b3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    22caf612f4845741c441f856c7786130

    SHA1

    12fa3985fcec010d0cd250d0a46d6d432307130c

    SHA256

    4ed797a8458487805a1fab7f28963b4493199bed1c44a07f5c04e2284797e333

    SHA512

    4c439f538d719c35da5ed00923a7dd76defa98093f0a2d84833f35bec4db28265542885713c7a5645008ba754671f67174b60f82ca26b3753aeb7de5a9eafbeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d0da97e7db0b76fd49371cc4785ca13e

    SHA1

    94ed650acd825a7eba697586bcb35e5913dd7663

    SHA256

    74c9fd38d20112a230c48672595f4aa80bb9436bdf516f40482f8581ab0c4ebd

    SHA512

    e2e2f2cd84eb3be6d31179b001500a1a152d636559d833a084fd01aa2ad75e58dd92f72872b5d75ebf95f19145f49835ae4fd6896c1f174dcaa8a464ceba13a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b3c4662b8e74ee56aca8259e7a61e3b6

    SHA1

    6ecca51fd100ffd0b8d3dbe9a957a130a5a236d3

    SHA256

    74389c918ec3f2615cdfab1cbb9f30c4e90d92f40c2f083091e00b0e900ddb45

    SHA512

    4434b54b73bdc0fb73a31d7be8a0a47f0485484d94b9fb155a596dcbe7840f4353a4471da83f4208d8f545d4c115b55662a4a56ccdd0d5fd925e2fa96c52eca1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e357244b1e6f1b4a280015239c2c0b3a

    SHA1

    43d8ead85b83e111a1073c8fe259c2012ae04ea6

    SHA256

    7401f00d218388a5d13f482ba6d809fc5285d07d53c7c5df9b7b2b95a251c523

    SHA512

    3dfc29187e2da85cd96e3511c665eb2b2f951e749a23615248b6c7c5b96fef5c1adcc32fbf03dfc50fbcfaf34f0633cd94d5dc73a0b1e9639a89e4c5e2ff29a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2f5f2693becb14ca42a3d76451d85e1b

    SHA1

    cdcec6315787234e420949319e9e4e8576b9d0f2

    SHA256

    cdfb23ab3527a49b8bf6dffd6cd52e9c2f122a5ef4692580f639e75bc3fae119

    SHA512

    b100e93be483a732c5f7a2af8bfd21812582ff47765dc8d9ebd6958cf24d29d895fe2d0d88c73ebcb5db620a6bd9f42cee1f03aa4d41ef5b37e2e82443f5b234

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    411db3ed4a3e24c8f701265db4539a86

    SHA1

    92a2d096818363cb89518cda5d52351f23c1f867

    SHA256

    531d2267ce4212fb9ecff9cc3bbd81fa81faa3ef376d2047bc5b66c21a7129d3

    SHA512

    632418cb099a9426b18b429c501b613af38063c38e2f02c090bb470e28cd1c8df2a4917ec0d5f003ecba468bf271a62697d72e6b3fdbbf39a2ca790207f8de5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c21abafc6825daff0503f034417863c0

    SHA1

    9d062faf16f940311a69491861518e40476625e4

    SHA256

    3003a6e6d259d0448d3869a506d1cb77493e574795e7872f743dbb9269df7a28

    SHA512

    2200492087d4dd0143d92c5b61042728d74f9f83d5fab9cf64966c5e7e845d5e409cd488807682953ad56db2e9a8e2a1db71b2e6d2f00d2eb09b156e8adb5db0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977QBXKR\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabF01C.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarF0EA.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LW0ZO4EJ.txt

    Filesize

    601B

    MD5

    a27df31e8044c16cf0597880596b5ef0

    SHA1

    011fbd78a96d7034940b65abdbbe5ca7d6b45154

    SHA256

    a9884b09e4e753a04a69192601c378bce7657c7ebfb58c34f2a25c62bb2f6b4c

    SHA512

    7069eb3e0472315561170667f3ced3f27f20b3218f1dd3b40f694f1f9dece73f9972088bf07acd17907a678318bf83cb543092f4d8a7f9cb65135416226e30c7