Analysis

  • max time kernel
    120s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2023 01:18

General

  • Target

    rev_3286/EventForwarding.xml

  • Size

    1KB

  • MD5

    ef4ad318ea464cde69829a9201d7d526

  • SHA1

    a3b7cc6ebb70c45cd752121d0afa30a35b72c9d3

  • SHA256

    8e3854b06f7dfef7c0e68e1258f1d33a4b888a97f075a5d25757fa987acb5704

  • SHA512

    0abca7fa5c44572841fab002f19d05756f5566b8e3ce6d172662a37ae7053d9d0838639e2ec5843ec8d5c9c05205dc6dd150eb4f91ecebefef6afefb370d869b

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\rev_3286\EventForwarding.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:928
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1628
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    da4186658c37463bbbe11214264f5c1c

    SHA1

    4249f422283ed75318ebabc0a2ed4490a2dde6ce

    SHA256

    f20007302ae9350c529f6c987d977536031f8f96e0bbc8beb617a29950dc3604

    SHA512

    be0be4090ce350c5d93a039aa6d22e347c61ad59d927423c10651ee27ae85f14d6e59c1a2c0d3a1376da04f3a4c4563b90bfb8dd7422e008c7b07bdd96a30938

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f3abc69d3759fe96c722d8ad19390aeb

    SHA1

    3eb8881aa1e47a574804e21dde0e4e1b6b6fca4a

    SHA256

    66c874e18cd607c56e89127c007f34ecff2867b1897c822b646055935bad1cd1

    SHA512

    73570bd4e64924ec84f663b641acd61a453b96906425d0049fb1f615fa1c3d23ce7cc987fbb1b72b222effe82099f5e2fb456cbbd04a5ea553785bdc04eeef43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9b900227107fdf61f90249a2e2cc1b65

    SHA1

    6fa14a95ce27b856679d3602a53f4f2cd2db61c8

    SHA256

    7480f453e96844e0955cb43e6d95fb19494b629864a930f795ad36afd8bd32d9

    SHA512

    a83c8218484a309294817d46d21228be3258445abf291ef43c4afe7d9415afb46ea6fef0ab62619c6639a399e2df75c9847336bd0301549fd336a1ec08c393b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5fe730f643d7f1285a0348003ff24865

    SHA1

    977f3e6009e14cf9249397155dd57dd5f4dce3aa

    SHA256

    40c81980f49900375fdf806965d2a1428afc690034e27bbed8eca123a6f7f919

    SHA512

    c12a50f0eee4be000bf66d15f0475cf48b89609e190f6d0a2518c245310c8c07cceaab02b5c0d067ed3fde2dfea035dd6c96f36e2e2d0d6bf31b9c4419672b4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    03bbaed053cdd51a01c46e7fc250664f

    SHA1

    440d9e8c594aefcffaacb18101eeb69164fd7e9c

    SHA256

    f5fc6e6b74083dd5221d14027ac70a53ceaf7e50733eaaf814cc65f16c3611e0

    SHA512

    108e058be7d76daf542c985be6aba8f0458cdfeb524d9e0fe61812917751db4d84c7d808264736f15490006ed507fd9f9b1605a1925e250f78961c966f408d4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a6172099bffc591176adb62698847324

    SHA1

    8225e5877f8e2e6a0314c32eafc26e2c0360b8ca

    SHA256

    4191af00722cb99c28dfd1daeca52cf3a27c05caeb31f9deceb3fc286073d934

    SHA512

    4904f0b79491c13f9a22e76dcadf76aa3441f30c7525125553435a0ee2fc51dba817608e7f2ce76719b2c4ff5d82bd208fb43899d3b0f4bf2d11ee993f1663c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    560c702d75020b44e914ef7845936e39

    SHA1

    34b7a33b651414bb740cc4e00585f2705850b9a6

    SHA256

    badcda03ee505592e104708a06fc0b9ec1760f26f25d494ea305f6f6cb1f5ae9

    SHA512

    e841facfa641a7369cf62f7643c88afdb5f4c8e2d794d14ed120bb52284e2da8138ade8466f5d83a057d6380cd765f03e9026c432f35da17d9fc3fb4dd05c6c8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12APMO2Y\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab4398.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar43F9.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CF1AYE14.txt

    Filesize

    601B

    MD5

    906c6319f7db7c8c10667fb7a49b27f7

    SHA1

    43ea62f08f111dbfcdb9f40f00a464acb273e091

    SHA256

    120f9a465a18c797d25b279ed6429b2cbb81267417f3cc5a72fa4a51c97ed27d

    SHA512

    fb96e3dc435a96876f2824b30a42f7065840cf36405eefbfed0d8cbfa6f68914282ab5530ef4c9332b52756476e0cc68b11c64931b5b7ecaf20bb894e2759337