Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    clockLightTheme.xml

  • Size

    3KB

  • MD5

    2235609a58ada82f2110d941341a720d

  • SHA1

    d3b06251eb8f131034ba1ea3b0db982cb31bd813

  • SHA256

    d89ab1d4bc636a73d64ef1d8976d517f13449a11af28d70e88ca3d0c40e114a7

  • SHA512

    ff7543b27941add4a92579f1a55f3b40a16cd8ec8cc43b678b229be38a3878267fcdbb80b040e91132fd938082c47e6e237f62ac3903422ad9499cf7164228d5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\clockLightTheme.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1856
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7f173c80d200a7ff4d4d792d3abe7962

    SHA1

    ddfa5e2511892dd51f750dbb25e64494536f113e

    SHA256

    97bba31adba1362e7ed05c1bd52001a54ea16747bb0c6ec207a80a8a77c13c45

    SHA512

    25b24dc35c04d5915424c7ed245a07353e544328a34f2e38a85d95c50768720a4e6c264cdfad8936e1c31bd90e3f45b42d94921a439b7da85f4527a657ef880b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2110d775fffe43fed5bbc6db7ea57036

    SHA1

    b46c0109ae191ac7a69bfd0278942a2cb46e41f1

    SHA256

    4e02d092dad77834311fce28899a0000e81ac4f1c234c781266e535743720c06

    SHA512

    34901b843706bc2e7712100f82e6f562922ee3a65be437b1062806327506744d61348f78a54a63185f4af611d9600f2126baaa89c718fb7a8612b5cc63563bd5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0c693a33a1127a9cdc7ecbe3be401b23

    SHA1

    2f6246b195499c4544a2e6869477bf51a9043a2d

    SHA256

    b4786001473ce24b65e43e88ce56dd681ff3050951a804b04fb56dbc83fdd326

    SHA512

    bea37b612fbf751f02165aa2b2aa45cd0f5efe12c646767c1b9cb7f34fd6cdd5346b111c3266374788ee6135810ee9677ad41a2e46dfb3a9dd395e4601044c4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    507f775b3f39f213d12a036b37612b17

    SHA1

    db6c69265f21c2826a83e158eddba91be3118ee5

    SHA256

    e8a9ab3eab3d78c75641bb385d9661f20c2a1a891d68ca2b5e75e20b84b5220f

    SHA512

    9d966b1caa7813af94e205380b3302f2a4b78d54433a6fe88772e6f97273930dfad9d23d2014b44a87ded0aae57eb6c45429e83dcf848bb35d98b91a799c7d91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d6cd1837c2e7bf79bdb7765a54cfea17

    SHA1

    4626b52bdf4d3088a57a53e394906f27ee108c02

    SHA256

    20e3162839d8ea4ed6fd9a1c5a83ddd6bf09521efa6d4642012df8546932620c

    SHA512

    b99e9c3b98fce77249cbd246b3cdafcb49bda51e89fd735a010f97ee971eaa8924377bbc4277dbcdbf6df7cc9c050da0ad7919959748b0193955caa67ef0f1ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d39f59f17764b4dc53fc5b900b8020d2

    SHA1

    f2e20a716a302440132adb38400d0cffba0ab61f

    SHA256

    f2b14035f27ccad259d94bcedb8926cd22768375b012d40993b6691a591d9e7d

    SHA512

    b86b885e3c5d494476990b318cee018cdcc6607304fe0a86aae5df4ef01e99d5ab0a9af8b6b6374664d8942bef783ca74999eb561d9a5b21a2fba6ef64499b3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d6f8c839764e3135738a333358757993

    SHA1

    feac617e58066c1d12024e7d76622ebb45d52cc1

    SHA256

    c5493a35bf77ce64a248f8865e2a0f15f49b31eef25fdd832a443cbaa39f740b

    SHA512

    9387f88fb5426e13ba8e6024d3532880ed3140aa322159fe13f7550887480ac5b47f8848deba111a12c2b2ebd3ea776f3e53e1a432d60b178898ca8eb3eeba6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c62f47a32c06378d50c4a73daf9aa17

    SHA1

    9ae7d9aba83cbcd8718f751cf7770c69b828daa2

    SHA256

    45e343f5a8085ad1cf4ea2f886f34d95c39709db7b22f7896c5e55ec98c2671e

    SHA512

    8baf7b20436c144fc85402d884ec637ec34ae6ebb14fb99c53d71888e22935b4907f7f1c640223c18b20cfcb7e07d20cc907a28816c5feb5b2b304640284e599

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3d13378ac7e9d684c4e6be9f4fb5208

    SHA1

    ed595bb257d916abfeb87e88b6fa61df6bdaabe5

    SHA256

    004efad978061d3a41389c934d77b9e0afbc44acfd05381532c34760d604b0b6

    SHA512

    182bca9fd5add611347d67478a03f75ad89843526f44da2c754e0c9460c5507b6e9bd0c2eb89a8b57e7112235cb2949226391069d523e125d11af36579911568

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2caf13bf6b10c2d6864955b33907268e

    SHA1

    b70b759d7382a19a444eeba2bb5e5897fb848d77

    SHA256

    fa1925f210c2ff27b335fcffaf1dc83ad5024ff5e37338a7a2b3abb69ea57743

    SHA512

    311f258d22dc4a3160d628ddb84a07f64f66d8ea1237970a44c0a23d96b253e82eaac2bfb43e86707c3116a2be926a7742903aee7e28b91ccef8c1528057520b

  • C:\Users\Admin\AppData\Local\Temp\TarC1D1.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf