Analysis

  • max time kernel
    134s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230824-en
  • resource tags

    arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    stella_wa.xml

  • Size

    9KB

  • MD5

    4ee3c0dc45185231589902397c7a4c38

  • SHA1

    28a4882e91c2bbb68562fd9373efe43d24dce3ff

  • SHA256

    8fead4d413917d70a317375083a0cab7bcde24530fed6d9eb39de05bf14348f2

  • SHA512

    c22274e0cfe22cddc65f0d258ec623360ba34d8ddeb09a2e7c88290d949cb20f76cb6e8ba8f02c7f5ee7ef4ab551d2d61f680c1dfa0b9acb30143f76d908eec5

  • SSDEEP

    192:OCxf3sWhw3hysJPiaJfdvLZacjO/SbEgle3iVIept8CMei3ttdLx7Kx:Oa/sW63hNJPV9VZvjbj03ISpei3ttdLI

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\stella_wa.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2384
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8c53425ae5ef7ffaaeaaa8b5c311de52

    SHA1

    a432190588a84dc8306e12db7b27d68f7f39015d

    SHA256

    145a0e0f4ec6a60a17070c6d60c2e331bb05e087f2875dab6307d85afd3baa46

    SHA512

    e9d9f379c0e446996437bf2dbdee686975005a88a746630356746222d48beedf55f581ed60623025ade8b9510ab4b481ff9e764aae8ae9221c21890b23132019

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e10dcd79aff47bdb0aedd70e4f5d1bd

    SHA1

    af5cf7bf70e18ed697f0302d9a1bb8d0731e0342

    SHA256

    358ce1b87ed990f5b22e1060dcc64728656c174b1cb14b754b4e78df4b143290

    SHA512

    988c4eb12f9f013e38e3a22cd2109c548e79f9055d7df0f5d1de7eaeb3f2d5bbb82d047a3048dd1e571d0a0c8e00ede698528b8b8f998da38bebf5809e2cae61

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fe351c778d1fedc294b5d643dada5e72

    SHA1

    ca03914166afec897052ad874777f9fa198fe385

    SHA256

    dd85b1c2356449f296d6a49b0497911d82f9a9ab7f49b0b9c3facd7b2411ee1c

    SHA512

    5b081969d37a4699fe48c19528e47142095d6526688092df46240a0407228caabdf477a7dc26149c93e94b11bdf2d2e57aa826b917657275668876326ed9a231

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    387087cc02030ff45dac091ef147a14f

    SHA1

    97ef517740a7aae410bd6444a0cdb2b24b2ac3b8

    SHA256

    187b0551af418bd3e35cd337d60db5901f006a9d392d4e41d26590b785a9e6e8

    SHA512

    308d2f6d2085aed92ef8a7761d940eece098436cc8ec5792e3d8aac1b59b598f8bce054b7e9eb1a6ea2ac6bd612a381279ea81d75cffdcf88c2f7ac9e7dc43a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    80ff49abd4cc99d1730cfc7faf2bc279

    SHA1

    7f4c49226be31e69602cd0dbb3067c9d28a406b5

    SHA256

    085aa8001bc70dee27b35e1d97d92b1edf46cf36d2e982de27543feb28e9efd3

    SHA512

    ddaccd6bd4ccf838c37db15ac41b331a8c549738eab5b6f3516437aa4b38ca8a1eb93de9f7a8d03b167dd1276b5613892210ae7fd5ac283edcca1f1233a6d474

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a95b3cda588e1fe406b330695fa53275

    SHA1

    b6979fc5d7c051fa88d06b4892e5abe80cf22a96

    SHA256

    404e7d284106c722f9715ebde3ee90548451a7cb4df3a72f59c9d31f73496dab

    SHA512

    2bec74853ad01b1e637347ebc78b7d8e4eebe42f7a72da636a236dcb9178d80180aa04e715e5a011b90b191ff1eacc58eda5ece5d9db054c91c892377f9794d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d8d6c80cc8598b96d45781aef6d0b543

    SHA1

    f332bdfda6cd87487608ad0abf495fecf6c84c41

    SHA256

    0b3442cbeaf410a9375b7276c50f6f72e75004ece59d58cdd71cfacb23f59ed8

    SHA512

    006e3f5e7ba31318eb42ab7ea817dacde445f68ea8ec7322eaadc0b03b1f768eca5fbc1278caa8480f0a3d447b151908ae88adfa71d27247e56f4d1925b60ac7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e7e1612cda44c527fd6fe67cdf162ef5

    SHA1

    7c1a736d8c4fd3be21aa9ec197ca1a2d1e7160b4

    SHA256

    54f212dc329ade1da93a3812e3570a1a1bb6d4caacd691ad0fc4a24b28101782

    SHA512

    ebfabe053f2065a591a980fb9bd644b71746ef63ff21508f629aeed18e4f9b7348964e84d7db680377707f4cbcda3b85f1b4577f3e18bdba28b6cb6f0a997c01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7dc0e1811fdf26d28394399ddaeddb0

    SHA1

    1b02c6562c294e6e10958ca9f91070679d6e9324

    SHA256

    193e8fc921b9cc4e95cac6b8fab204902780a2b1db37c965b0053a930a1ad117

    SHA512

    f02b601d32f23346389e31cab0d4cffce5aa7c7db77766d5a250ff37ce615a14dd09faf8ba3e6bc987f10726394355e24a31256524fa00137fddd53af1e32518

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ddcccb0261525290c7fad18aecf8458

    SHA1

    7f99df0dc51572255892d7f9475807aa5ea821b4

    SHA256

    b92376283cd7bdeec9c96f930b31eb4aa9287ebd006403803becf68fc7ce55c3

    SHA512

    134f869acb81859d77cc03f6dd62f37628e5a514763c064cef8dca6a1ffce161f18cf98c683aad1ecc0a92d3eabd480a5d8c540bb6d789f65f6558996dbbc9f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3ce591fb31e91193dc996551eb05854a

    SHA1

    fd4e3bd443497d4de4292709769d7df45bf9d888

    SHA256

    e64ee963a2aac59141445800abbbfc7df43280e5bc0d9b72df0dfae87003cb90

    SHA512

    06480de9902132b424080406876b1c60ea83edbdb0b5e80d81e5805bff62613d3d14344c039ba07e54ea0951f405998a0de5f7988156b7c6128d68b1267e683d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1fb3502fbdb948f3875147df4f6098fc

    SHA1

    bc2c1bd97da2740fac84b526111cd5bf79e417e6

    SHA256

    1043d5504178da2a358bc41cf77e00e52553a425518c33764e49e2f880aec4ca

    SHA512

    a889708467e6a4ed9ea67dc1d645f3343b21a22588a9b366e1152a3843d47bf59e93f7dedfb4daaecc5f57368cecf8cef4db29e44a9d59be55be1a4c3a912e5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7c94e14ac66d867e0955308cc574204e

    SHA1

    4e96d66ce32ce7117fde5ab5a3f7f2099c2ebf5a

    SHA256

    056cc46377dca1530713b54889aa7784165155f7cc2c7de01975a7e24c306196

    SHA512

    945a9ebb87d05a019bf77e86baa2e422dcae1bab5640f834f3f16822f497ad05348f5f0aaa0ae166c6c9d0a27480dbc519fc08adbc629f62f7bbb52e484a02fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e367392999aff1c930262e7736b6c599

    SHA1

    9badff23ae4c1a32da2db5b2a071694c0029263b

    SHA256

    85c1fba0573773ebbfa556527d75980349565b29c929773d2a31f2a30f1435cf

    SHA512

    a096375c538f6798cc56d572217fbe424b968d4367b2547a398ad2729c2bdae3a1a39fc63ea494cb4ca218258861c98088bd8ab0c69aaf96c163efecc3575b10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1a3e173671e8151277fe5f929d75835b

    SHA1

    133adf32f798fa8d429e0f214362332dde68a1ce

    SHA256

    3c3e86604ec4af51ab3824fd7ea27ae88ccd3c05878532a6272150ab1f61cf5a

    SHA512

    c8e319462549ad299309c07be0ee382e4035676b2ced5c5bcd07d214a78b086cd5e5f854b366f77b1bceb0ae086d46cca5dcd080c884c3173d6df371a5f022fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fb61a2940c66f517c52580699495404b

    SHA1

    e1b2fdca1d6350ac0769884d9d8249dfa5a6b54e

    SHA256

    de90eadf9a326d91925ddd9c791057ac2bda5a17e854335681113d2a325fd9cd

    SHA512

    7247464a34256ccd3d69691c03f32fa20485f16c2dfc43f191e06dde9483e2e640e44b8ebd4d96e6b97a20ea55639ef9e8fe53fc58605936a3ddaf811947e58f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b1c1b274db24501973f4624a248144d4

    SHA1

    1caf9ba7665b33b6eb9ab08659c46daf595f78c8

    SHA256

    22845d119a884921bdd355eca43d0f1760f06cbdbafeea4d8d8f450b2b6e0665

    SHA512

    e0ad2618f59f3a2734bd0be12a07a27c120a0768a3c8ee51e5a2dc9594600d6ec768eee4245d8974f2068c7e61b5e7c6044f2671ee3b3baebfd26cce1081b3c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21b88f6a01dcbc663509f661b0a62fc7

    SHA1

    f68a3f6ad008cb4c8b8f4b504533a49640723118

    SHA256

    2b6a6e17f1136a36f0142b8584921b0f867e5076d427fb5852fa8e4bf036a9e0

    SHA512

    11d6f557b6386aec03e1bd17f8193f41c3e2a95202e16a6f988569cd65fbc909deebb772627362971552ead141d35e27a78aa64c2b33d3fb842d10d62fbe557b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5db4c353d651c4da9dac96f6a64f6784

    SHA1

    80f3095667ab49fa41c1d36dafe29fbc6a2ccffb

    SHA256

    c92bca4cd44dd7d9be3b260b9f2ef5964ff55556088c4bba5ebd2963bbdd2fc8

    SHA512

    aa4e083fccf5f70a1d2f0e3238088750af7b79a7716cd42d62a03263a8428b16233c506ef897dd3190482cbc2970dfa0c16214d5ac431a30a574165f4e083b19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f6911f624a7d1e9e16e2f0ccf01bdf35

    SHA1

    9d1ce36abbf17b8619be86829f0bf12e5f997f59

    SHA256

    ea36b3888988d01b25ec96469933b4a2ad4181054da82eaf39ec61011572739c

    SHA512

    43bfa9a0f4f94ba0b7dbfd77466a7321efaedb9ffeba820f569de191d07ed07e42d0f27861600c252077f7dcc1b940aef5f20ea9d45ea29f2f2bb3ebc8f1e1c4

  • C:\Users\Admin\AppData\Local\Temp\Cab21D5.tmp

    Filesize

    61KB

    MD5

    e56ec378251cd65923ad88c1e14d0b6e

    SHA1

    7f5d986e0a34dd81487f6439fb0446ffa52a712e

    SHA256

    32ccf567c07b62b6078cf03d097e21cbf7ef67a4ce312c9c34a47f865b3ad0a0

    SHA512

    2737a622ca45b532aebc202184b3e35cde8684e5296cb1f008e7831921be2895a43f952c1df88d33011a7b9586aafbd88483f6c134cb5e8e98c236f5abb5f3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar2401.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf