Analysis

  • max time kernel
    118s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/AppXRuntime.xml

  • Size

    3KB

  • MD5

    88d794ea092ef395433cfa321d06e5e4

  • SHA1

    f1f7c7dfbd04ac5a92cbde88bd4f087781d63c40

  • SHA256

    5afc969e4212a6511f307385c99b8868e8c873183dc271bbb95ba571b24eb53e

  • SHA512

    ebb770102b8202de4bb7319cbc2cda860e4de5d1e95f0fbef4d4890aa2b22cd48cf73909d028a37b507926b4fad573716fba16e50b8f9eca8d5feab00ac17cca

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\AppXRuntime.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    793ca275600926cc421b31f5edec559f

    SHA1

    f5580124bec4a3a66591ea17ba4a83db5e5b6c0f

    SHA256

    a7dafe5404335bae65e1993880f04a2923782c5e5401c0e20b276cc6864b5d31

    SHA512

    97eaef7cc6067dc78445f3ed71830e2a0ac61a0f9dc7e6dc0dae06b65bf87751b5a2a822587a9ef1fb5769a4ee11672d496677e7dd178ec713a80cdf17c410b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16f9ff82054080f6d03da3895a59e47e

    SHA1

    3218bd5c920179405b800b61c73eced2cbe4f7ac

    SHA256

    a2403a9da42bcfe5c01463d11c4151b9016434c1cd7c68e3ac99842f5c0233d8

    SHA512

    3a7c312f2c018ece3e9055ca13b10d3f162cbf283e4b12d10aa20f7b471eb14a0b26c5926bab7e637ba693ec2b11307b22a6f1a19147b524005e5e292338170c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7a42dfcfed946f054b153511c21d1b03

    SHA1

    3622adfa9a1df6b2c29398d8e5ebb02c269a04e1

    SHA256

    aacd66951b8549883222651017e1dbe7e3b82f725111f396968e0c9f9f5349f4

    SHA512

    742e7fdb4b153fb0f9c76a0f8e6a08bd2b798ed8b1fc31ec400e0031760668627b01ea7fc20cc8278b433ffa8f2a439aacca7f1944dd245b113e296d1a1e773a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ac6be7e66a4eab58709b8d7a5efbe49

    SHA1

    e4c07fda8da895f43699e42efd3966a7d559a539

    SHA256

    e83d7570e2bb6be376f2d810d152aaedcd2af3f9e7c26917e54c500d7054eff5

    SHA512

    50ead2b371eed2f6de8117630528456e6d568c31035a97128a7fb7a6e047f95698f7f8959d987bc409ca740b2d1b2b842936a4dcc212ffc8dc74c9dd10041e6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    15314b4e1c7c02793ed1ebd05246a91e

    SHA1

    1285e174d7bc0d459b2f4266c9a28235aa5eda6f

    SHA256

    ec53fc78b89d8950d775483eda6da3b44ff3211201aefd9e94efe71fb4c3f81d

    SHA512

    16641e9672a5cedc83f87e103f924b1c612c4538bac9e7807194b96e836a3fb143703b00150d90c6e68bd511cfff4d35c94d6f1930123355bc8f834085f10207

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f763cd5670b27058518f9e190bb18f19

    SHA1

    eec1d8e2b1a08c6b34f6227d39de5e76c88773e3

    SHA256

    22824ea6d34bf01903ff76d69281e2841bb526bc69dd57b9d602b6f152001177

    SHA512

    f2ee80de45a3752be957eb0b14e20ebdfd15dca347928a427622febc15fef69936a4c00517c24f009f1e2ecab2272cf2231218d06f25df6b69d591f5b3df1cfc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37c586168a233d3b4d053870f800a132

    SHA1

    e4ccf7345c95ae7e8fad1d0abc64b298fd0c3690

    SHA256

    d79237ead77223cf22837b89ea5bc7c47cb45f8de43c8bdf7d0a5a8a97249e8b

    SHA512

    da8a93aeff471636d81788e1c78a8e30dbdb43ebabcba578226017e092757dc882bccda64c941ba56cc2ba82513dc8acfffa8478ee6c944dad875b13faa31466

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc84751d9c92087a993d40631d41f7bf

    SHA1

    fd5de167dcc646411b32208fd6233214e1386085

    SHA256

    dd78fc8937fafd3d0e457452d72c8c73227cc011c6210428bb746d5ca54a031e

    SHA512

    5163f158f9a17713c87b2905cb3def9eb81e85abfe3bfd349ae0d394a9dcc0aa0ba2378ba1d52c1cc5c9b39bab068d1c006723a617f2ef9b7b2c30d500447544

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c414c1e2fe2b57057854d992087e793

    SHA1

    69538297a501a2d0e1ed1ab1e0ff7bb13e705be3

    SHA256

    f0544bb78a9cfbb42f39cef374ada53699976bb41030e0e0db7809325b843259

    SHA512

    67249521b310e94bc19f3c3f777b1329cab3b3904e7fc55548d1330d2847a66a0f6ed7f704a43fb822766f9aad0db79ef5f42187ed1b46f740cb8661a68086a8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UORESFNG\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\CabE496.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarE5C3.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CWOVQI41.txt

    Filesize

    603B

    MD5

    88be65ee07b7bfdf6899736d7fae3a64

    SHA1

    3da8644c8a9200c4cdddaba331a0645d61c527fb

    SHA256

    8153859689003493cec4eb103cea502d35fd2bd9e556014a10b999090a5e2249

    SHA512

    bc4c201daadeb145f5b7afa461377fe632a98ae59d13ce0ef03d470cea648ce05048f7cf31fddabd355a01adbe030cd2cd2d28c708f71a60fec1e885e41f365c