Analysis

  • max time kernel
    128s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/AuditSettings.xml

  • Size

    1KB

  • MD5

    9a36a7410b4ef98b36da553e050b9788

  • SHA1

    4ba6e5225a7c5daf30f4947b9288b708e8e557e8

  • SHA256

    ebac316580540b7ee8e399f890470527e456f2c6a103fcc899f4b2442d8e69f7

  • SHA512

    7cd81f2bedde51bca3a1f5a0889870be71ef521e5c331f1c8ba4ce97bf604adfff6cafa0fe707ed55df62bc340c45baa189e3d07f20a466ee7254f3c6abe6b74

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\AuditSettings.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2504
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    84fa371d0a0e98463a149c4657f8a8b7

    SHA1

    0c3c3c7d9792e8908fd0ad47172debb60fb501e4

    SHA256

    d1ed0f7c6f987fee37ee2eaaaa46b6fce251c827b6d54522c9113100171eb03b

    SHA512

    ac31330d124cf2404e4088cfcb8c023a2138fe8d6f411d6ec9ad571707960199fd1f670b7f2b5774160ab629606f93a6d03ed7dabb68a2c398e6bd0de9549077

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16ae487ddc0ed0e9e44319b943d12b62

    SHA1

    02fde60044e40bb4a91036f95ad39b8a12e66812

    SHA256

    13f382b7f62f15dcb3bc8648d3de2396ab8f7040a4877be55a9d4141e1db261f

    SHA512

    4a9891ae43723da4fdc4047ed9588e9bdff62a9768356404822319b3c424b39b1b1dfe5344f25121217af5db9bc3b1fb44f9725f5fa1c88da6870a32780e876f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    244d1aa7e743114b8ad6ccac09e370d6

    SHA1

    15787fe7cc785f495033dba08d9b35e3c5a63fc2

    SHA256

    1e869f31df48fcb5cee5fcdf4120fe6f05cf2e82b33e9a3f0df7a05f2026688a

    SHA512

    e6214a0b46d9bc27ed659af66bdbbdf13152431ab4a4a06ca5f7f656c1175fda6cb92a5ef1fe3db11ee0ef3de97d32e2c6d540d5b7dc0410413619293f632c97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21007657f35c0daa5e1b8b264ad43198

    SHA1

    01993026f6e5711c7b400fe5d23d0d40b20a107a

    SHA256

    133f578a47114fe310616efd00ade258ee914418f6ff0af03f832df4d43a0df8

    SHA512

    608038ee78303a77da1ec3ea2d05ba63182c23b0e19497d79de14d103b4032f7341828cc92da87bf3c542d2ca69807cdf6578b189193da9373c221e841f9acc6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2e33c2888af1ffc48aee416d98647736

    SHA1

    deb899de12252e3c5f26ffceb76df49adfea0994

    SHA256

    e6b1d58ebb95f9b6dd4c2fe386e6a05363ea616252ef7df964e96a3aa1295e37

    SHA512

    d19b0ae1fd2212f63a689ea497f01112ae2c35e673bfdfe83c80c60de9fd6796069d17f44e86ef185c0d14a09e38535e090a65d257027ba15e5d8058bb2c405e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4bba875ddb59eccc4b0e62ba52b88ac1

    SHA1

    adca4d130050ed0f30a09fe901bbcc603adb33fd

    SHA256

    e8aa473ba9dfd4c1fd542e0245025544be076328cfda58d43d32b36e9697bee6

    SHA512

    ec6eda255652cd272f21cf55e5bf8ff42a2513ea0b98163b3119e0bf9d32eedd0a2a5bbba72fcd2f2fb9b5a4cb12924521e94eb470189727102fe52ed2e84d84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb2e583103b30e3834b555f9c60c18f3

    SHA1

    8046e23ac6c70951ff3830795d0a464727db725b

    SHA256

    8ae71f41776605fdb8a526a2a19c2e794219584711b1e3586a96ec55026930ee

    SHA512

    f63673ab2a7672ea144dd896c2e3f40527e9621bba473e15d78b01439ed7ef3e0ee742da4f6098c2f505a36f121e6b660b0502f48493a18b2598bfc0d7cdb46b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9cd9596675340d7b9b4f64ccf955e8d3

    SHA1

    cdd10f3e2e1511754dfdeb20d311239d28908e91

    SHA256

    e0011f97168677de8d66d13a99cc9d6dbc84eac206002891f02aac3bb46cc641

    SHA512

    1ee93f2864a2579a50d754adc5ca42ada96c79896075056110625ebdba0f06ea91cb894787c18571345208fc96a42c9dd18ff25eb97e114d43b4e4ee5bc73aa0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    627fc9c04457f915e81dcf04d49de036

    SHA1

    e394dd3643c392bdc1df86542d411458b1a6bfbd

    SHA256

    a10f3fab0751c00a2adc15ad3452f278c26618a1706c84370b4913d3ef03270a

    SHA512

    5a22b8b92dc02a92ffa1281e36a6a215dd289760b09110a4bd4d8e064d586ce2b21efade169167d6aad71a3b10bb8dae1d65354ca6ab999cfb71f1e6d3e8c882

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2UNMO2B\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab3E3B.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar408F.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O8Y9CJMM.txt

    Filesize

    603B

    MD5

    78e70b543fd3aae8d0499e7c7867f54f

    SHA1

    48266c8fd7982968d7b0007a9f07e191fe07075c

    SHA256

    74570ce3ccbce569a64784cee5df1759225d13e21d5da98598be928d45924038

    SHA512

    d016bb02c1d16b0d44509df42eb306d59116d583c099e8d3404747296edcde430b8a057df3e96bb15410c23958aa0703ba4fdfb78a9898e70c88aefd395f4b09