Analysis

  • max time kernel
    134s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 20:33

General

  • Target

    shape_21.xml

  • Size

    2KB

  • MD5

    37690f00271a0ff1a0fbca284d53a6e3

  • SHA1

    b81ff382620c4b4c8fbaa4dfd0f2c80d54f2ece8

  • SHA256

    2353646e97606fdc63fe94f6ed28cea42e911bfc5a57777cf48268fecf5389f4

  • SHA512

    a9a37ae837896d80f0c0a00fb94bcacb7be599790054b7a2e9ed833de1c8d4774d8593816420169257868ce4f8bfff11b567d6f12319de2c01876b550002be9d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\shape_21.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:576
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:592
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a83fd8a32083f8e5959478cbaad12d0b

    SHA1

    f11cdc9cbf46fa0aa29077affeac770c75e726d1

    SHA256

    1e7702c04952ed73ceab6569d7eeb1f3fb93125a3e07de6fd34b1dced3876636

    SHA512

    7f040ded846ee00bf0e2612b4488650b936d6a42db858dfad172adb6a98a9decc981a285ae74be4a80651c19256fd62ccbd9d753c1c90fe793dfb7a791975303

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    43ba16120260a15d1bf57d11f97cdf82

    SHA1

    0446e6c657c01d8c5006b6870afa39f722b5f02d

    SHA256

    194b955bf531181b9db2455887bc7f9d6caf4ae88486327da91294d76d879cb4

    SHA512

    4a774eb851270546c163297dfd7fb87d2281dd31a5168bd9408e52dff8c273d235c0d1407fcbbc4d0f469cd72d7553a23b50fbb3ea1e9ba5a63e06051218d189

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a1bb4956c65dab2cb83a5c393264864b

    SHA1

    215a2da413008da2bc7f2a4fcf4c9169eebb0604

    SHA256

    96199dd05dab5b7a468376a810b263ad20812c2a00b64e50fb57ba58ec08dbd7

    SHA512

    d8b7348d230e3c8704ebcd4baf4d8da09abdd40cc61deaf7817fa3f1e5083323f403b469e4f020da42f4136967d4a752a3d0428cf53bee2eef04b153be24b3a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37826e83f4b57ff562a9511c73065dcb

    SHA1

    8d66c5a5f808eb5b074160f21c056d9603aa00ee

    SHA256

    02d189b9e272d16e7de5e9c275b32113a4a84aa528b8557cbbfecd59746bdea9

    SHA512

    a45e75ae3976998f61b5488f62a6bb527c52d5dd7a99c7ccf8438d61e7ea97df0a469d02c6981776005a5060a1b1d8400bb3ec322ec8b66a41490cd78bb66747

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc2a9d7dceb0e148fb88379b1c578a65

    SHA1

    0fa3d004c8989b4ee80f18977d4836f27f3abc60

    SHA256

    457f110ec122b59a37bdb7046582f582ad2272f648e00b979d6e15a1ca094acf

    SHA512

    91532fdfc913dc9b6e0a66822ac14bdaf3920e08552941dd90fb45bc1e81c1fba5f981e38b57365d6f2b8f7700c0f9eb87e06385459db2842e1fbd8d5e096ed3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    10768b5292c52e9c4b672d43f2e6ab99

    SHA1

    d161f3eb27b3a2e5f3def58e2ccff799788f9205

    SHA256

    d67bca5d0fb6124423758b162cf9015ff81f2ff24abdaeedb88d0b368aa818e2

    SHA512

    dabcd567c1a1b031db64d315266705655d460f0a46c738363b41ed82d514deddecc6d9be73f7937b0e6d2df53a0bb3e5beb81807f70ae28af5c779d01c6daac9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f1ef7442d6eb38529b6fbde3b95bd1d

    SHA1

    a22057e1b1a6b890eefa7c0f66b1b43c88bb5d60

    SHA256

    d11bfb1db0f3432d3e027ef9210d743a0571d5ef32b071ec7de38f1c4a5f0ad6

    SHA512

    0e84e1833bfe977b4e6806cb03b95b2e52d1e82130ec58e3e2e1bbd417f84320604ee93a2926e51c6c0664c86c2dc815a64f22e40971822dd6460d0216330555

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    49f3d03f6c6367a0f7c0cdc6f39757b5

    SHA1

    d306c8bab980bfe5a1a9243210177790fb575489

    SHA256

    e8479d90551cd34f4fd2d9745b8da942f5e98f96ca906b1a0c95fc5cf1f66357

    SHA512

    7092fe2414fcaee4d1a123d8f8a9b220d1e7e0383e11d1451b93aff4b8c976895ee7a6360cd222f82d19ff96a2fa5bef167855f93602d3a80b5d4c25d7a5c679

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aff3257691e88c5d3d9998449176316c

    SHA1

    b8b76ef5943b7a9843c7c0e46ec6d1c7bebbec6d

    SHA256

    a7af1e85935df224ddb1a1e57912dc0220710d051caddeb4e52873d2f9af8614

    SHA512

    78d3691119dafbd88c347836eda7dfedee423228c77a60be9f1609b8dccf4f8e3500316fe91dda3aa84033c5a95ac25d8d02fb484169c1847b96e9c70581977b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    169b8ab20989b846fbb27fafd45d2a93

    SHA1

    4f7b5a217c8dd119d610878f76a5221e9b0112ac

    SHA256

    d2b5ed967e94be0a91220cd5d0fdb2026e446922ea61075e185cea6c844a4e97

    SHA512

    5a682ff591d30a287d272522d6d67a64ee9d33ca433adb873858f1d898d06898bd58a5527e298f10eaae62a911f8e95866a236beaa6e42c1ebeaf226f37aa4fe

  • C:\Users\Admin\AppData\Local\Temp\Cab9DD8.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarD87A.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27