Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    ic_content_sticker_location_emerald.xml

  • Size

    1KB

  • MD5

    aadfe32db3ccc31c96197f0591e0fa18

  • SHA1

    59ce2e9a22fff2e9a1b68578c429f5d710463d0e

  • SHA256

    71d43fecf9f2ef6e37022c8446194d74f11b7c05816ce321f6a84279c870b4fc

  • SHA512

    914f19b03527d440752bc284fa46af19ae7cf9f4d2c11cb7bb2753fd50526181e6ca5abed68c695236227b5d8e39db1b5f9359c2d0470a4eaa147c244cc91ddd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_emerald.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04e44f558cca1fdbbd505e33109fa552

    SHA1

    3f16e8a4848b90947b1ec9a4c0ca1c0af8028e4d

    SHA256

    6018e1802828c206fb6e743c4339ffc939a2f38476fbd3d47e0235be2e4ef265

    SHA512

    f7f9e5a29c85b92acbb11334395fb5d8e4b8deade196538cac49d0230d86451ab56055585141d26ae40240040cff11ed6965d4671e67258de2276626ba89098f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1f207d126b7057ccf767fba74c1ff9d

    SHA1

    47d5ff8eb17e5ee942bf943c66c34131b7a707cc

    SHA256

    973fd97e4c8939e6e6506409ffcc39118660a09bb80f8814b165e39e4ed3879d

    SHA512

    7d227e4bb7eca4141ab7739e08418a8ff5ba4567a49b4416c549c1c53f8aaf1f4b1c41d018f0a5bc91aa85fe167c71ffb7b413a69fa1dc6dc4278afe9e7f9109

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8cad6890af63746633df30f83457d754

    SHA1

    99a65c99fa74305ad4e2321ac9d2c0c4ef4c007a

    SHA256

    21f253aaea4f6287834c81ab82fbd584c18a542a27c03b86545e4ccb546b9173

    SHA512

    43b2e8abc4ada4c506a6df78a364723f33ec9c764ca334c95dd0f7ec4d2dee887d0d25b39b04bb30369757e1bd79bc140ae0bfe51d331961715cdbbfa7bc555d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0f7ca5ab92893bfffe17696168235f2f

    SHA1

    1d350c127e0eee59da39d0fdd67f3c94bc98178e

    SHA256

    28872659d0a8be4ccfa633202a44b32a0099764f4f0ddc1c625ea236c3c60fa0

    SHA512

    c5d2fa34a6f90bff6ceb90d82ed8c36a9bc729a2e9638cf4fddc9891d4bd4c08b8c3771f2f2e82885b9a8cb1d5ee87ae5f7e534e314fb4ec6e89432f481a4a1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ebd966cef0d146af4a65ba0023e8b80

    SHA1

    fdc37b64725dff3d4b55be3a9c5d5f3f54d0be2b

    SHA256

    60e8818ea3e116800fef32083e22c5e9a4660be3627cb00bf34b0f9e7a6e1434

    SHA512

    89ed768ea0c7a149f35bdd40b8d262e0f0b4ed2e75383cda377e16bb2703c1f0afd5f6a286e903acc70b0e85e3aeeae48064024bd9bdb021f85aac0045fd125e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    00b4f9c389708e4f69bd6ed0e4a4c400

    SHA1

    12c58f9df2aeafbbf75cbfb2f79b7e0608f82d7a

    SHA256

    dc9df4f223ddd430092904ea893bf2c2fe481aa58371010aa7ebc33114ac4c3e

    SHA512

    e01a945d120705f044bcd378fc0183871feec9e3c271c9612554369f813805ddcb29b3020b4e31d4d3aeb06f38d83bef4eaf989e988ea03f5b2b1c3ef888c88a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57f193c7054565649d949345bdc96ab5

    SHA1

    1947d850d8bc0e40527aa8e7764044a5750f5dad

    SHA256

    fc2c42d847bcad10d2ac705a920e39f4c416a7731d64656ec94aff5b5a6865fa

    SHA512

    6cc73dcc1e76b8c7e6bc55da455af21447acf1b046ccd9e65146c52200e0da479158b92b424a0115001e7b5d269b832343cfe723de08f29beb25982d3ea8838b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33ddca65e79634eb10ff9e2a3fd79f3e

    SHA1

    25aabada192391f599b9cada9694a261778b13f1

    SHA256

    8eca5694bbb78b9039b85a572405cb543a5ccbc37a73a4bd5f746710afc00734

    SHA512

    3029650619381d34bdb6cda34dd424fabae31ec825bd28188985b73467aee1ed99742246fb852843e20961dcfd3bd5e7d1ccb1442cb0b2c09f29b366ca84ca64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b2d89686fb2803d2b9dafbe11f5df35e

    SHA1

    ebde7658e93f61e0a9208b3b7284797306c885c2

    SHA256

    cbae84d47b85b8c71e5ebaffb6eda531acf1b0426d2ae3aa23c3967b509ded7d

    SHA512

    ef6c3fbebfa7f6ce28976532efbd67fad7687cfab9467642a01b245bcdbefff1a43b08d647b9e6e9ce6a6afd55252348b3f5ddcdd51022c3a7119c1fd063a41c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3441c1f60c16696e9a16df75d15ab07

    SHA1

    759396e5da16253e1360d962a9b3555c2974b5e7

    SHA256

    f78f56d0353b1b5769b7d303b06150d3ca9db8cffcc25cc42b8f6f2dcabdd608

    SHA512

    2fd3c6c3a1663bb9df72645548f2777f065fa01195494af916453cb674a60ab9a7dd1f4a28282de7bfeecbcd730f27cd029bdf5b8a7ba05fc4d8c3a3bb8bc27e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e9a52386c88b5cc7c7a36588ceb2e02

    SHA1

    69d4e8ac4b73a3125a7763396b5f574e2b4139be

    SHA256

    f740b3c6ea921be917bba780cb4ce2ef78b0632154a398c2508d27308cd1c502

    SHA512

    5ff37a4109974027a87124b805d14b302b5b1387e676b9a29b080d083e3af764bfb7cb28759b057d88b5b8fde8709cb919ed97f52a88239c4a63450966072d46

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3e3122244b37a13dd364c7c1f78cfc1d

    SHA1

    4a81bdcb32412ac91349c08b0ba3aff293763b68

    SHA256

    7ff6972af9e9ed008ad75b3f8f358638c70477e81adbc244077b683f94cf748f

    SHA512

    f4c9863cdd23eb5e9c82a2488732dc65c95977c918c9e63e521bd0853a120609fb495274695fb9f18896bbd2de6acb8b85ecd0428e0221c251c973049edcf5f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c0dcf9798bdf8d2d787f8df737c2574f

    SHA1

    05a5d8f8add590bf6bc51433b4e83412a0d33660

    SHA256

    95f9cd55a142861e2eae9b432eb121a54d7c257e9baa340703c4e7f60de6b11b

    SHA512

    2da0e4a9fdb87c435ac47fff68d94316e805f8564d4696b4702da41fb7b68fd55f69da94e634af856ea4fbba17856931307fc11030b9727365609f359bc42c5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cdd7ad8efc4e2415bffcb19de75c8db8

    SHA1

    2048febd0da7a1a042d1fec3a533523d221fa91d

    SHA256

    19e55712fdf9b732de6586b746204e1f204ddff9bee838ccb1e71681aa43583f

    SHA512

    e55d7c7794583b7e2097652a82a4e32344262c13dece01bd5a93304c3ef484e28a1a669a216b92bc6f9eef495e1c02d0b2db2020a8f36542c8491414c2ae133e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8bdf178640e9dc548af0f34a7b0f6431

    SHA1

    95af97a3d33e976de289812ccef254e716d79bd4

    SHA256

    60821ca7c566b35da277782832cd9e7cc7266ccf6a44fe026d5f130fe8fe9abe

    SHA512

    d1dff2ca1ba293f369a54c7bd9b82f28ce212fea881cc45d9524f9609ed2d01c8fdea084b4cd7f566821358e191e4d18d1e4eb708c1e9ca1bbd95eae392c1915

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1d5bde38af4b9024134e567b19a02b8d

    SHA1

    c6a052c44cde29e3e166c22b9c1e21b9a4b47d24

    SHA256

    65e4b9550761dad49a81fdd078214babdb83f522206276f8ba27f330728e9372

    SHA512

    6c16554702782171fed66eaccd0cea10e59ae8c276c14581f2f59aef8d5101ce514cc398b9f3bbec74e422c7ef57693cf2e76e10b2cae8d90c7f841c11c61891

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04e44f558cca1fdbbd505e33109fa552

    SHA1

    3f16e8a4848b90947b1ec9a4c0ca1c0af8028e4d

    SHA256

    6018e1802828c206fb6e743c4339ffc939a2f38476fbd3d47e0235be2e4ef265

    SHA512

    f7f9e5a29c85b92acbb11334395fb5d8e4b8deade196538cac49d0230d86451ab56055585141d26ae40240040cff11ed6965d4671e67258de2276626ba89098f

  • C:\Users\Admin\AppData\Local\Temp\CabA892.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarA944.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf