Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    ic_content_sticker_location_black.xml

  • Size

    1KB

  • MD5

    fb77f4f57cfc4c4a6016d10c56e879d9

  • SHA1

    d98ed1a853a61e722f35525e47b16616d5b56fce

  • SHA256

    c6f4e62c0d25cc789058a5563bcc546bd10f492f2e95fa5cd3824951680f1b1b

  • SHA512

    78ec21798b9adca5822ac03446a8e66017281c6767d99114e524c57952942c745699e58e3228441e54ba42654f91156ee5a26fd8025afbe4e5543e053d63f627

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_black.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8180bc335db36813ce2d7881b4793539

    SHA1

    a69536a9fe38397370731c2f2fdaec219fe3e8de

    SHA256

    b8bd6b1dbff08a99f61ed4fa424a8593e8e62d4368905b2da31a4d8c5c3db51a

    SHA512

    26ab86c67c1feba007ffe68207e69f8e05838d8284e4a22d0a524179df6236950ff34ce0bf1e88a54916dda1c97f1000f725f6ad8599696bc674825c14e1a05c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eec76c86c232ff8109b73211ea3135f9

    SHA1

    95e90e029af5f35a61f4eeceeb3eaed2ee877ded

    SHA256

    a43888cd28fb5a984046837f30a1e93c2774a316baa9f5e7e7d88e3a6d4dd5bc

    SHA512

    8308119d8e76ff555e1df50ee56d1d846bd263cfc5eb00baea5f700339b05e41b2431950b93053fc08b32902cf9896c3e717dc4e56d3dc3927292f27722e7030

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1905d53be08a6be3e1eb82e62f44eb53

    SHA1

    571eddd99544ccbb6ca19ad918ef33bd90e61d2c

    SHA256

    6d17081a12bf0454945d5da7bf1a5cabfba6571c26c2e4818a61cdc859933b99

    SHA512

    e53c34ddc95283ce5d3f1c2557ba92d9fae1b918de7a9ece793e618a829cb47491c799725507dc706314cb3e206f0db7e4c24960401a0a73ec5844fc3310b83d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    80edd6ccf6389c73c3598fb5731ced2b

    SHA1

    95917aebafb93d2aec1e0822c1cd2e5f59fae271

    SHA256

    9df8056b60c6ea4c12b2a2918e7493084a002669d81a45d9752e3f31f43f7490

    SHA512

    aaf663e6a9351cbbc7796307cac5e091e9da9d39c3706f0d262a9a7b9d59736716a908c68804acdbc5cc4860a76cb67ef8fee4665337083ccf268ade938f16bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f97a8c21588485fbd1a96d45b677b83d

    SHA1

    e967d4ebe63eb88d2d07a77712531ed9f659b9a0

    SHA256

    39e03d12d58fe1e3e81a1fab48971dace680a2e97f112b74939d2a351a5f7b11

    SHA512

    6e082effed34e800f75638cb5311d83380438f0a81a47360ca17907c35da9b4303c52f57d39382f2aa8b77b649f2c909fce16a3d8c7763ba108dbeecef572b25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    361666607c06c44f2146c5a75da99cf7

    SHA1

    c504243d2e0891b09b2ba37ef9bea7645ee09b59

    SHA256

    f513c258f878f9a2a59721e1f5b663b4176f1c9fa32ae7657c2594b16e95e1bc

    SHA512

    a5dc68ec377981df12ff5572be1ffc0bbd817437419952b70026bc7633b2115a97b5267b508b93ea472704b1afa231fcf73eb538d173d6a11dc457415c3c1d04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ff4de3e425fe2676317216c8dc0e0b9

    SHA1

    87878e893b4df610ae58ad2647821eb850edd6a6

    SHA256

    2ca993ad88f5556ac1b606211de77ae4efab909163a6bddf65256cb284b1d3ca

    SHA512

    7863017296f1009bdfdf2aa6c461538a34d5bfb14495e2d96b00a689ff0b956092e271d9f0213f3964136e45122fba535a51137982d28b17c02452da8f3bde83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e205801d5342aa4ed87d268d29b40e3

    SHA1

    1c92dddfd00738fcbeb7881d0a3d4aef0583dd6b

    SHA256

    24dd39974b78ff4d8e9b69504d5e3e2e20d0281f1503c3aefdd5bf5b9a485560

    SHA512

    0473a9491077ceace9a3592d2b0b718edce267eabffbdb0cc2c810f83496c24dfa8d6f291b8e6e0996beb1d3d4507ddf573e037556636413da9d7615f8e9a100

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7c7d07883f8c9b6b8833d5a60fefce24

    SHA1

    02fc2e9dc3fb5ed08bbf91cd2018a8de8c907982

    SHA256

    5fbd44c9be53b2a1e9ef1efcfc74cce41a3debe774c6a1a49f928065d8900877

    SHA512

    a985d176c34d7cd5022d1c16a34c2cd5980234eec02c731a471e2880b1fe3ae1429d5d361203481d80e3b4c39d6dc03211dae6055d639479d89ef04da14a2acd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0d530603f27c6b386ea3222636b6669f

    SHA1

    01271df6b4b050033e3b812e2645d1ce7c45643c

    SHA256

    1daefb8a20cca726daa892a2808f2ea226cf8da33447aafcfc85661a0c3b9a2c

    SHA512

    cda21d2428fe7cd3d291c11c1133b7dcc89066f201bf67cf7d09b51b7e002761a49352a2e33c111ca2007feb6f686588b66d81a082c97eec373e6eddf428c506

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c4945458ff86fcd1371fcb1e60413aa1

    SHA1

    3fdf51a5daa67588502de2a275dd86c5b5643262

    SHA256

    3a3f958eb25139be1f78ad4032439e12c39a543498892aa36d1262e6fef84a6a

    SHA512

    813a5eb7653c663ae7ef680576f64091f2672c0a6eacfd407d49e9aed2e477e89bc7018a428aec22c5537b20651b2eee1fa139ea287bb5a61619849115166218

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1c27278ff9fdfd262bd312a559c7ec08

    SHA1

    a1f3a02b0944a6a0be5ddb1c3058260a51e59e9d

    SHA256

    f58d2e65d8df0f46e8bb8eb479714b8d00735777f1b80917b1f2f4d0c7a5720b

    SHA512

    4afe131893cdaeb5fbb930400cf35caa18cb2f4b560db383fab580163d6715bf5cb74403548f07a9e3fa7fdecb80cbe73f6a6c3e078216d9ac8fa9e3c19ca7b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    96a9613d6fe3094f3ff19ee29c128e37

    SHA1

    2007b849dd3586e8e96d28378e5d936c4d3cc866

    SHA256

    fd3b488da317cfda5d44c26774b53b2edaba529263323d77fe7f989744c3b3bd

    SHA512

    ec33f651f7630cb8e5ef610ac4f42af9782c79a266b9ba69a37eab8b6107c1b3468135ebc5b5bfc3be5c8f9b04a6d539d418e8090abfa0d5a43f04e9f7a850cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b1fe142fe0c14b2d83cc421315366156

    SHA1

    3ad35a24eab9a5b11268302f898c0f2017240bc3

    SHA256

    a7f4c38ed1f729e2c9726c6f02d0b4377e366ccaa403f822b05e696e85463470

    SHA512

    c06024cf8d897481dbcd92c278f904c305c8e26be5839839e13d03dd9bc90e08456f19ed7cd8e3b39c33a3ba474233535a461b50864328ddfcb6293cfad7714a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8ffad4116374483ec13bfeb791f4a509

    SHA1

    da4cc33a903193212dea99b984bc2e4eda6a04c3

    SHA256

    56fb63d02d58fcf3183dbec44942cec4dc3f5af87e8484ae08ec0e471b81ae64

    SHA512

    53e0c909b9766977b90b36c82a4e0bbf7072df893ac8a9eb2bfc3a21c40d6da5cb1306ba494b9c57e5b8c4fe49848b8f74f821a8e24732f3056d761afae23ed8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e7f08c170ffbb59670454991f8dbd69

    SHA1

    72cd23601697a87750b484d8735bce89ecf656dc

    SHA256

    276d6f4cafc649f23a49e13399caf8830d90760a8c20ebbcae8260529f185ef0

    SHA512

    378d19439ce4cd806a5cadbe067c96e0c06a6d2c61a73d3c3331e576fab5feda967308084cf06fa34d64cd2f59ead22935a18835328e27982721e2b12a85e632

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7157cc58ee10d10741dd3103c4c8f3a6

    SHA1

    e6e5078aa3d05d9955c0c7ad0404d11c1d905b0c

    SHA256

    efd1910590653e8dba5d7be37c5ffe1d4ff9709b76b9adfbf7668a2bc1fd42f5

    SHA512

    49d7b95cc1f59b919a14d385fc8ec408e1d9eebf663c6cb52c8e3275d05b409299d16899c65e44016b5f48c81d217a16fdada33839b9c55cba979bcd3eae4bc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fcfe95e709beb15a9f7c60b77f90c161

    SHA1

    408d76d5bb5a38ef28c30ce09bd5284f59aa8dd1

    SHA256

    22b2cd7c70d5e62a0366e5eb88fa99c9e9d3e83295cb6fbc33b91a1cad4e8e15

    SHA512

    33513e148f334e32a1062293cef9530cfbd908438af385edb5a7e680988507468bc95de799e05d2a5f00fe84bc54893917ee4359b4ba219acca4f056932ad4de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4328278965796f29a320f50e29084838

    SHA1

    6739e2d07472f1314303aa8b9e7b392d010287a5

    SHA256

    0a8146fbde0b9a148ef19727c35df6bae307293877836d976a2293b0783d29bd

    SHA512

    25ceadc7bf669d3344403218a19ee54b1fd0b45f6c6cd7878a4749f72784fbeaf950d0a3f7e84a7644f165b9018d4a94a8887630d799c606f9c9e5587a2d341d

  • C:\Users\Admin\AppData\Local\Temp\CabC035.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\CabC103.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarC147.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf