Analysis

  • max time kernel
    129s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/syscond-en-US/AppCompat.xml

  • Size

    9KB

  • MD5

    93c28840d18ed15af63308926f5aac66

  • SHA1

    5ed7a8056f1e8a68fea17c6ef81b695df8a3ea70

  • SHA256

    0ac43a8df0e8795968c0f9b6ecc6fbf620b761c128545ad689eec5dff21f5f1d

  • SHA512

    653b9905dc0bbde62f06efa1c613f4e4a0823331d31d396db0226fdb41a9ad4d148c1b5dabfa0ca64a74156f5ad446428f3344ffe75828a7c8225d3f0d214758

  • SSDEEP

    192:EsMVhCuGKXl6hIAtZUqxw66Utw0Uvk3EUN2X/TDcvEn:J/uX6GAjj6mcvk3EUN2XXcvQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\syscond-en-US\AppCompat.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0322dba4d8bac6c7d633ff40e2ad0b34

    SHA1

    e4e66006e741c2a9088d08ed9f9e1b4fccc957b1

    SHA256

    9c3eec1fe0443dfc9f6c36aca6820d7bc445257913e532ae21cf09feaa1bc3c2

    SHA512

    c660f08e1be69eba0396dbc828554145341acdb46e14e15985144a31e1aeff3db67c68066a90d82005460b8e1a6ba065a788a7e98570f9c748c28c69ea5e7021

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f13eab1c7c1c9b34c8ca37064e827ca0

    SHA1

    8684e1f150337d92ca1f84fb59b23ead9436a5b2

    SHA256

    7c389d79a5758c723a9442d4426a9b1af362bd2116bc21227b5136fd64dd5e19

    SHA512

    a02e470098c2160c026b0e0ff7f62519802c2e87b0567869fd1ff88ccd073c85c7402af8bb6e004d5344752ff88582c374898fe95659afec5abbd6a99694ea4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e55921da2807c28a759da317a43b23d

    SHA1

    4616747a0c73fe0c5ec7781039fefdcf2380707e

    SHA256

    a288cd33c2c24e8e171c0c067517f233753eecddf69cc2fbccd2085843b4a1ff

    SHA512

    69d1186e594152c9a4b962c64c62d8f0e738d2fd0a0c30e6308f7c4b3ba1f2c356e9a85dfe02dff703f980738cd0af2fa2bedd5873b2f7e21ad7d145da3d7b05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    61935412f1dae0d0b4fc59c8229988e8

    SHA1

    04f5ef11d7338dddc1ee24993d51fe91c2d78f1d

    SHA256

    dc04044b7b945db7563ccc469b3d384948945869e00ae63ef3e83ffa73270a2a

    SHA512

    4f3fa41888fb2309c1c06ab816ab0fbfe9840b60d7455896a09a029584dfaa0c7533cbb5667e679b6cd3eb8fdfbebaacbb1f5f3f9c273bcc25aae2c4cf5ef759

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    78bcf6c022ea2ca2c302c5f7302588c6

    SHA1

    a2bb7a5f821c150cc7180faa3660f291d488bd43

    SHA256

    f8fdd901e830c358bf1ac13676705723329f4b41d0374ef5bdd2554d1987f15f

    SHA512

    5cef939100a586e94cc69d3abcec2dc303e78b65a6b9345c53596b1fe516b367dfccb6b56d3ef942279daca611f9b6bc38e3476d0749eef51c6aa7ca190a8338

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c9ac6e5373f63583909c33439748e7cd

    SHA1

    77e8b64f9e59703aeefb8b6405232e5abcf759a9

    SHA256

    2f7e55d00fe3216528efefe8d93317a35a3f975e7da83ac4904161768e25cc21

    SHA512

    d61282e1c0473aca1860771ebbccf47c7e54b57f50713a7c42460ee4a4a1c7a29deae87de44eff92b5ba424431e98a4c6c45b4e805385b7510103da76585f3d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a7a98a62e5e34965e04406562abd75e4

    SHA1

    bf2bbdaac1d641aa0d54d602bc5cca93d65028fd

    SHA256

    dcf2ada021c74847037ab5798254d7203c6b4c7ea2b50af407e5ee41b25672c9

    SHA512

    5b4f04230a7878431aa8037d61cafe2128d07df03cc0a25ded5b7ed5e043e8d0d445de623254f565bb0a99a43a5106ddb4ae3ef25c079d9e6f51e0098a65d2b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f035722987a743f70ce92e011aad90e4

    SHA1

    de062e3984eeafd99b10a4d6b87770660ea646f3

    SHA256

    6f2513a65a41ed5c20bd73ff247d857c5c3adfbf251f3ca3a6ad72598547465d

    SHA512

    db80ecc13fa50b2a6e0d2e6cb3861fc1cd9efe2541272f3c3a3d314b5aba2737bf7a4e8e728373c82bc91cf183423760057a03f1aa924cd716c9b0079f61f632

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULULORKV\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab36DB.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar378A.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1UC0VQUW.txt

    Filesize

    601B

    MD5

    83dc15224e51e589a715bda468aee41b

    SHA1

    6cd8322437227717a2eea10f0fc5fc21fdb86ee9

    SHA256

    1d0824faa730344758cea81dc384d8b63b50004bf0e9ad336fe1e0985ca41d55

    SHA512

    5f9a78f8d338cddcf2b16fe790dd4917429f632978ec284d789302f21d1c700ee2d563f8ce184582f5dbc5c7d3492e5c06e11d7a90d281b2a40b8c219aca177d