Analysis

  • max time kernel
    137s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    08-08-2023 22:08

General

  • Target

    FAB2.xml

  • Size

    1KB

  • MD5

    a5024fe1b8259adff02d901bf33dbcf4

  • SHA1

    bc45a9613897ba56d1784045fc7bd8f575602348

  • SHA256

    61093297596e0335d5f4ed34807ad214dbdbe1c15d08cb51c7777707dc66f5b2

  • SHA512

    ea60da36d50118171c78d99dfdb955b4925c13221b45e755c2542bf9e0a60c355fb8e0f6c0a7189ea74c2d1630cb3c0532cec390cc62ca0254dc5e70ecbf227a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\FAB2.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2104
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    98e4c951fcbb3f0069755afaf409eca8

    SHA1

    4d83b21e086182f601b058449d46740049e0aacf

    SHA256

    f1d0ad4c5b73e5e28ecb4764ad9ab6882661eae598f64a9541913f5f2a30180d

    SHA512

    f88b9e147e99c2269e2a64f64adacc2ce2b2639b2e9b08381f0fb7703b9569df5ffdf04bcf88e7b1dfb8e37163e564c63a69a653546adcc6fa5f6fa0bb66f4bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1f2879056b9527734dab4d61eacc70a

    SHA1

    3bc7be34daa77a997044d72e6ec9a61bd7e3095f

    SHA256

    03b9a76c4e8cd013d4ca3fff266b52e76e8949a1a259720485b868cf4d598e36

    SHA512

    3207d024bd1e957e2d35134f9afd17ffbe2a17d293ede4c2209078edc2876cdc035ecd7f9bbebcdc4f07bf263c0f65c613d1818ec14afb065fd9c2512a7824ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    748babf141e9c99f29a70102d50462d1

    SHA1

    bc574311776a1bc42ae4b523a4e2ea006742896c

    SHA256

    fb6a23de62ce57132501e754603b49e563be333ebd87da9091a0f75901bba801

    SHA512

    2b5a64f3cbd31cade6db04534a59551b23ff9385b2fff94478f740af9fe9b2ed1040bf555d88850bb07fb8d357b10ae8c3148764487d4c11e2496af503f953c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ccbb4d578a63ccc20df99b4f870dee1f

    SHA1

    4c7aa966bcfa0e5cc35f9d90aa78595606700915

    SHA256

    ac057510ebc0a2fb64967610cbc8daf6a9f57cab597de6465a21c83aefc92799

    SHA512

    26b55fd06185308464108dc83f0a921adc6a885be557efc497cfb21a82732b41cb9b42b94daec28b61ddbd4ed23483ad7d8dab4ae6f2dd9ee0b3b949707a5750

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    75256a7f1bb8a863d9b4c4c22ab63a01

    SHA1

    8f9ad34072c49e02a830162c2e8ceaf2da48c161

    SHA256

    888e2fd3d9c3c25c2130a96947a1c4e2f5696f9fbdae598135f7e5a403a23bad

    SHA512

    6e5ed6a441d99a3a9f76f7b2aa847d31a8d20bec56be58e7be6bdfe56aa907d568be2cf65f8ebc1ac7ce2a4fca37839efa4591d0a2e6c2c4929a68fbb262bc59

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ef77640e6c56307e0d7e96d0413edddf

    SHA1

    cf81845ec4225670fbee69a6b78bd30ceab20997

    SHA256

    578c3a857c636ae9db40fe79811a7843f00c2c5fd3afca570446ccff0826defe

    SHA512

    56a6ea63c335854ee6cf7c1ccb24ebc6124ffa95bdab5107d306b3f158e8e4b7a9f4132e5d0c0e77fcae03f899804f5764cd12a235b4ee60bb4ab3a647b0a933

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e761e08d47aa86640d8b292421a7aa53

    SHA1

    259605002fbe496dae1d0b1fc7b07b10f873e9b0

    SHA256

    30c5baadbb7709c938489288267afb6c44ed203cd7b9008d950d5c94e8d13561

    SHA512

    983600c2b64f9c6de946394dc4cdd2a650335ad3b57bf88fbf2dd5673fd3a9b335a65787f279651dada77047e0f78b84383b52968f15ee3c485c96ac44b5b827

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64c1e14830b51b50fac1ff9ac59bf4b4

    SHA1

    bd27d15189931a42e5e1aa69006a4feaf2cc3612

    SHA256

    70227cca60b207231cf945f7444038b10ae54328b4ee61f1316960876fbe2804

    SHA512

    f5196c05c42f0122c4cf803095ba4646b9ed79d92922179ceb69e60669407088a33542c833f44d2063aa413b76492048c675bdb7691049ab9c5678a1ee513191

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    02adb7e890158b4380eb9896c1a714d7

    SHA1

    7d2edb2fe88f1c6c1cae3aa5830c472970e17d08

    SHA256

    0f6eccba0bba82585441c82525103d5402e658fd348963f67590751c9305c8b3

    SHA512

    ae2b4954d12bc1fed6f543193a0941a63e56b57649732fd1c71ff5cda5f1719617bc1de4089aa312fdb4d42e7ee9d38e37d3856f84e29da52b93d9039d8b7bae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    59e42a78c40bc9e98ae8987efd0f0ac4

    SHA1

    c9cb1a18cac1570605cc1864802b53daba2cbaa4

    SHA256

    4a8a8435729d480255cc8db642e460f8ff59c25e1b707c11a0bee8e9161af4e9

    SHA512

    3c583b981cc5f315b0426721799f51c019c4c36343cb3dce27c8c680d64f4e28c21d2c0870fef59d0795c3f1cabc19fb80c006a11d512373bb544e83b6c0ba59

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    753bef25e6c640a472a7f407d84593b9

    SHA1

    bcec61fb8d0e0a51a2d654e6241703855554830c

    SHA256

    85e5221ae68a48a24417c3351d7910b58d4bec8a40acbec3d71e08feb7528706

    SHA512

    56507afaf2fa44a8a4d424c44bc345259c1acb0b76faa2410701a0db1c346e99da88466a8654d3a18d876bbbd664d735b9e00dc8ff1e23e86e93f5b0bddf6ad1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    49b7f409e26dd6dfb08592d0f3976f84

    SHA1

    856a6f1e695dd93dd1a19b09520ad7e4e4056b28

    SHA256

    272c5b0158ae94132a8c017be9c836bd5dacdb886c74c9b7ffb99278d48b016d

    SHA512

    e349838e1f7b9ebb74a1191a3b102c04ebbc192364b86dafd565a3a27ef468a52a1050d175a0ca966bff9f5b4319d1206493204fd06264f372884a8c389dd322

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fff2d456a461b63a5dd82c032bd842ed

    SHA1

    b95a87fd9e7f44fd9e0344612412764321c413d4

    SHA256

    16d91d6862c0baeb32315bfbe8f56b0d734da0666392ed7470f14385d00c195d

    SHA512

    593a50e1ee44791a2ad88673285b401f230a939926381db98ced25066a0333faa97d1eb9a7bc20320dc02cf29d939b04dbd39b1f1db085c1fac784307b6d91ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    32e3c534402e0680206bb76383c5d749

    SHA1

    e9679feb8593fbe4628e0074943399f01d210209

    SHA256

    c371495a387cd859e31f496e32f995844adbcf456158fc1c9e26cd37672f28ff

    SHA512

    015d4f5e7a63bd200fb6e487de1be88902153712a57cfca04364079ecc70efbb12427fc8ac661db834134c70464b73390f806d563028565524d717165a5628d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ae1a6674cecd9899b63274a52a63091d

    SHA1

    cf4e942de7fe760fd961fc153bd5907d953a9fcd

    SHA256

    6910440a5b43127bd215e1f3bebb5ab42dd0c42ae5a9d33b1a21061ecc61204a

    SHA512

    860bb68701e9127f58ff1be1024981faa4020ffcc841a40918fdcb04a0e49567d2fa0d8ed970cd7dec0310fe8eb5f61b16a5c3ca32ac9c3de30528421d12298a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4211fcf06ccfc0f2290cc6308f51a0c9

    SHA1

    c7523976f7bd4c834d420338c332a0732d04b8e2

    SHA256

    e8405cf2d6d194868a553a19c6868acdf602711c3ccfabb90136c2bff611c89b

    SHA512

    d0dda97e2253d153e1cc52c1bb1315c767c387acc46071bb129d06f38c02bfda93579f79fd54fb4bfb01427e6c295721fe1addd87df8415c6fe6cdfce06b9941

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    deeceda0bc433e79d81e04857da1261a

    SHA1

    f0eb452a819e8e3b77c6c11032e81ffa3f9c37a8

    SHA256

    49da9dea1e3e8f6254e34a8df15427e053b7069758f2add312670cc5dd5ba806

    SHA512

    f55d74f13675d1e8afb9874c7ca4b2be997e826ea90bb3e2aa6c33632518e07e6c76a8bf9005b67eb7a79bd1e901a9c2a547ec346458204c9f1024cebff37870

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    66c608373fb10ad3b1f40fd9380279c4

    SHA1

    032132fbb6d2f032c8fad9514dec3ea1c53cedd0

    SHA256

    e01e00ec79aea2462c8f4ef7349ad8a2ffdb80b35422f6a1dc6457e024963e3c

    SHA512

    511d00281a7c7b2c9db2bcaf894bd043c6d6979a26d755d47c9432da1334224314d4af8f7420dc2a7e7392c514f92aad762cc6eb6e4fce59bd9495a1a7385914

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bb6129c85cc002bfc466401a0bce5c47

    SHA1

    05523cb2073b9baf656d0436220bfbd81775773f

    SHA256

    6a24a188b54e89db9ab6fbf3ce379bf78ca89793ab555cb3364a968cb1ddc76c

    SHA512

    52b0429d3fd32f977cba1726d94945a9eecc27ced983e395ba05f58090b221e0a79058bc4261905c87de15da4ae7c7481d89203839f440591b90a9ab072aa5d5

  • C:\Users\Admin\AppData\Local\Temp\Cab9BE5.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar9C84.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27