Analysis

  • max time kernel
    138s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    stella_e2e.xml

  • Size

    4KB

  • MD5

    deb02e17bcc92fef2298a466d71f9457

  • SHA1

    e4259e3c073d4cb4af07bb3a2147fb1e8d7943cb

  • SHA256

    83d0ffc0ea968c3b71c194ecb47bbeb4512137a06e8f7ff7b3973ca23dc467bf

  • SHA512

    cda1fc10cba541658d1f826d735641c2058fadbaf42a9f05e1d8cd3b25fe146db53187548b131bd248e56f34dfebeb3e7b2c1d53784dbe88c8266731aa7401cc

  • SSDEEP

    96:38fSxf3sWhw3h0A+sJCxox9rxT57OxjrWthy9xFnNLWtEy8PM+cRSjOA+Ay:OSxf3sWhw3hysJCxoxHtSZ6tMNoaPsAw

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_e2e.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6f1341a8c40929c7f52029a6816c77f3

    SHA1

    8259068b6496adcae274126b0138b9faa07f7a14

    SHA256

    312d7da8963c19551aea063a14ab148e25f3d56b5c3d84d2ac3716ead1dcfee7

    SHA512

    0a9ee1731945e344badfbf9050fa6b859586464ccda7affb7d9b7f5c02a2d4ad499a41dcf92f52f6bd98830dbf75c7156e10f8294f9a12fbcdf356bbbf9e3995

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99ee9f91eaeaa90e158295908bd2aaf9

    SHA1

    763df7de35bb5110dbbd5d15d862a9b68e9f13ae

    SHA256

    7c2c3fd8085b33b9fb6c09f6d68afdda9f27194fc8ffc0fc9b68b07364425611

    SHA512

    17d6bc3df25ee5ecad38a4a7ddc95635949b0ce16e2db7bc28a93499de67c56a9b28a86db1de1aae9b32cfb89953d22c3b0ccf185a1522e1237733069bd50545

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5eb0d814e2d502c10889a5de98804aa5

    SHA1

    fd049906451e7715fb3ccb40784c2a04d6818deb

    SHA256

    bd4f7f9a2331fa0bdbd129eda7871fec8df92110fe9002c531a943c1a7f973c2

    SHA512

    58c252e0277ac4c37d0583921681f146de865e0975d6228ee23286865ac00902f6af07a5bfc9f0625fb4c5c20f193200a146561369c1166ea5ef103ef680518f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ca5454be1e60ec029558130f04719751

    SHA1

    c63c074e0f4ce11b0df3b5255ef6f9a3c972f8cb

    SHA256

    e4c708c2fbe32e005fa854c922526ba1cd172928df13ed955fd181e4316acd5e

    SHA512

    78831e15fe8c729d453838bf77b6e834e653a05c7cfa94934006437c011f6ac5eac37289688b2a416f1e3bcd5ed6ed5e31ebe23e30af9a2fce07ff98cba239ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64a3c08d32265f69ed9f253a86f84b77

    SHA1

    bac4e846a9195c476505b7d4f2123e12ed1ed30f

    SHA256

    aaa610624e654203f6fa8be1ff408679d56db29d41223669787835e8c1679856

    SHA512

    1db8d2985fa6debd1bfd696e2cf68c226d66a9c43e2441b27fa265df90f5ba742bc190145ee2bb8dc714e58ca6dbbb775628cfe167083bcef9c7e43258282e06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    910586d74b60dd3ac2f6d2cc4143da1b

    SHA1

    8d5c2f0f32769c75ad4f5635f2282f15c8640f40

    SHA256

    4dc8f8baf9b28483618028dfcc2d119508ddc18bffd27f6f0319470872c16b3f

    SHA512

    ab747a8f7a10ec1fbd8c0074b709b894daec6fee071b47d5333416bfc9510c30e2ba5271a33f6160f3ced780ac3caec93120bad6787422ae0c65629ffd14235c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eea55acf29846b36f019cc4eebb792e6

    SHA1

    0770e828954de550f44d2c64500b117dead273a4

    SHA256

    86b86a2e57ba7476923852fe46115182a313f99731c22987cb84d25dec202cd3

    SHA512

    5cae5f6a3172859841a0c2adb2deaa83415878f4db517b761393dea46cde1a171b6afbe12ed0feaac8e5bf49be53c4a6988cf9d0bffcef631cb3ab2a215b470d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    07417fbb43d0534c9d4f5077845b6842

    SHA1

    1d6d582da6492f595a33f627625d489e0513ba13

    SHA256

    2007c24f49665f7d5052f6372e7e0fbcd0af68351b6c5bd1be7bbbc96614631a

    SHA512

    c47d2a7544a5d10086a3314b3d94e9344fee64684779ba71cdb35680e9845f25e65543366d1f6d45ef154400a5e03fc213139c6bbd8923fa6795cbe699b3854c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ce6c922699361f4c22e448f7fce993c

    SHA1

    feffbc7cf6ba5f664c59222c861bd8ebadeec3c9

    SHA256

    e532918448ecfc88f64a2f5ad19a0f70f26a93e58a6b60ebe068e3fc85d9481b

    SHA512

    b12884545c24fb8755eca4b593a4ccca69a64278bb1896536704f36d684cc78d6c5b5b13d1c8b95901167f8f91716a9863112b9ab955e468e2ea1e924faa4176

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    22bb77ed23dd60081be28f4f9b562d6e

    SHA1

    8f78a9063bf9ce9a8c8644af50ea5f45994b7607

    SHA256

    0b9332ea53dc6df8e593e764bd48c33e07bb575421de48439badbdf2dab6de86

    SHA512

    3728acb0e0c1db7ca6669e60e8e29274c422a642b6be7e52b1e5c717d079883c2bf8a9ae961b7c44d1e66f934962def16dc42fc8b0c6a664906e8a6670d4e12e

  • C:\Users\Admin\AppData\Local\Temp\TarB39E.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf