Overview

overview

10

Static

static

7

a5ca7aaf8b...ec.apk

android-9-x86

10

a5ca7aaf8b...ec.apk

android-10-x64

10

a5ca7aaf8b...ec.apk

android-11-x64

10

SFTi.ps1

windows7-x64

1

SFTi.ps1

windows10-2004-x64

1

actionsQueue.js

windows7-x64

1

actionsQueue.js

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

shape_01.xml

windows7-x64

1

shape_01.xml

windows10-2004-x64

3

shape_02.xml

windows7-x64

1

shape_02.xml

windows10-2004-x64

3

shape_03.xml

windows7-x64

1

shape_03.xml

windows10-2004-x64

3

shape_04.xml

windows7-x64

1

shape_04.xml

windows10-2004-x64

3

shape_05.xml

windows7-x64

1

shape_05.xml

windows10-2004-x64

3

shape_06.xml

windows7-x64

1

shape_06.xml

windows10-2004-x64

3

shape_07.xml

windows7-x64

1

shape_07.xml

windows10-2004-x64

3

shape_08.xml

windows7-x64

1

shape_08.xml

windows10-2004-x64

3

shape_09.xml

windows7-x64

1

shape_09.xml

windows10-2004-x64

3

shape_10.xml

windows7-x64

1

shape_10.xml

windows10-2004-x64

3

shape_11.xml

windows7-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-08-2023 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shape_02.xml

  • Size

    871B

  • MD5

    b1f4cc6d1c954e73cc6e7d8b47c4db8f

  • SHA1

    986ea9addedb45a0d3c8c6c70a636e870959b79d

  • SHA256

    0b0c35ce63044f7756cf201f5978f44c439805e524c365ae9949994347487b79

  • SHA512

    77d46d25ddf91c010f69ebad82800575b4cb0be4bc5e8199bd5d877a2e6a624e0f455268d8f26aaae2f5180a3c2b6dbe8bb782017c6e342960c1e7a26ae43d64

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_02.xml"
    1⤵
      PID:4828
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 4828 -s 472
        2⤵
        • Program crash
        PID:3152
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 408 -p 4828 -ip 4828
      1⤵
        PID:4884

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4828-133-0x00007FF95F6B0000-0x00007FF95F6C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4828-134-0x00007FF99F630000-0x00007FF99F825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4828-135-0x00007FF99F630000-0x00007FF99F825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4828-136-0x00007FF99D0C0000-0x00007FF99D389000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4828-137-0x00007FF95F6B0000-0x00007FF95F6C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4828-138-0x00007FF99F630000-0x00007FF99F825000-memory.dmp

        Filesize

        2.0MB

        Download