Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    ic_content_sticker_location.xml

  • Size

    1KB

  • MD5

    4e1bfd935af6c3abdbde4cd2eba4a72b

  • SHA1

    a698232554fe0e28e65556549d97977a4fcf375e

  • SHA256

    b887e3205ff5b8e38c1ad986ea7f534c73c2a28f989639fc1f4fb672521e1e3a

  • SHA512

    697f7b42c02f1ce5fde22474c5c10cc1adc838eab76eb47269cccf4c7fc1cdebbe3de1f81d231c87cc3c8bf090502c4e405fba92ccf345163644d17d17baf84f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:748 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c8696fe3e560e9a48138fa652ca84e99

    SHA1

    4dfc41cde1b26b0753093c2c6ab135b2c8826067

    SHA256

    fd6646f62df70185cf3b2cc08ee33620108f260a92fe4f64274e936706e6c6f3

    SHA512

    2cbf5f11297579efcf84b2696eb58ed798b0db5abb3865268d1c20fc93562120ae05e0f6171213daa775479844fb3b9d73b95094c057b6aa736d5f8de2ef1dc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    072d1e31c6ca1e2ba5f0664c79830869

    SHA1

    cd22969851f8d73b6f607b08de435051d9f09741

    SHA256

    9eb6be1042ecdb81d93e10f034c1f8c30702baa3092296cf356f38bb54bd9151

    SHA512

    e7f1b067a14c79edaa3c3aae4c0f600019dbd00decfd78300f256004e7a436c88dacd297846a56b6a046f923e90e7d95e30414b2eacb0c82627ea325f0c36129

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0b7bf4935b38e8dfc14db7fb3d7caf91

    SHA1

    c2b1c5b74dde7d3b1268f9bc90fa8dc039f93ab4

    SHA256

    ad4215987e1ac5d31d6ab9fd7060aed3868cb8440bf957146214ba1da9a6c8a2

    SHA512

    59699a670e6305b4ef61e0eef5548c322ff6afd896c6de22177470b6439ebd4039958d03f3870934d568373c3e5c76817723477c93148aa803b4c8c6bdc9f186

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b9374f756f004310eb00d62cc3c88480

    SHA1

    767c70a3c43883d9105bf8f981173cc5f04d1778

    SHA256

    42ce45282c4fa14804a7ac268b235b8ea880e7f0ebe65058be37e5b7e514e387

    SHA512

    a650a6d98d546967a445756360a1e757963f37e36b0d3de2846c793cd7fb6a4bf3c289a4f3313ee89754d7a9a23a484b429999c00a4ef5bd420a790045ff4bc3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    732efda432dabf760b5635aaff69557a

    SHA1

    f853a8f64188afb35c1afd52f40f4d5d0ae1792c

    SHA256

    037d6382a1d08dc44e7c4ced4279a19952dff3e976dbc210121a3b55a38efd24

    SHA512

    e026d1973b32f5a113dc3e4f66dc00eb382805d7711f23d81d900802dda4ed3907af25d926ecf8baf3038129e54e76e06649fc715b0e68d902745d55e4fb5258

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a3c1c49cadb844da12c8c5647527b534

    SHA1

    f7a9bcc19cde4ca7c29197e090acce7699380dcf

    SHA256

    c80200aa4d5edfa522e97f34ecf1f0cb753ef7b1c348acd960b7453b1417f69f

    SHA512

    764f3c63f19c9eaa8c0caa5fb1741bda772ecff9f1cf563eae0e56436d7be29daa606c13b0a40de5101d9e9ec293e50e9c7c448ffcdb40e4cb6d57c49ac3ee64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    41e02f0facbdfb60a0ddd845359290ce

    SHA1

    4efbef61c57020695e784a1bbe6c35aa5653df44

    SHA256

    4c0e473a4f030e68c7686bc74e54956f50c51e69c1237a5aa5331eff432622ca

    SHA512

    965a199df4138a58f589bfbe7c4c76a134a0c2aef14d60b5bd906b888b2b4128ced9232586634137a327b75e34e854b39aa0bb322be330cba3b427054596c1a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    4393093c3dff3fff659bd9f0d9ba2450

    SHA1

    50f87485de64236926ee2c010d9a1c4ff666d28b

    SHA256

    2fdcd2fc938c686e2d9f031aacc56eafafbd3bda0b4335171c610bbe0f344e7f

    SHA512

    345c44750bd72cbaaaff64d552c8abfb3783fbc21d1bb1258d657fb9a88308944e7c6f5ac8b2d0a4b994a11428a7641a85f98b318f31334d9a86ea93251e2e27

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c5f622171a115595c255be5f29dc19b0

    SHA1

    42d8b79b7d315e508e2aa888412781baef1e5534

    SHA256

    2d557963a173baf0ff9adc4571cc273ca8c2cc8d83aa9458774fb31b3e155bce

    SHA512

    3fdc15acc5284da328fd09bd5f93646937252a1bd1087aa26de870166593141ab4d9cf870ed800fed1d31d59d07a5bcc5edfb41599c078b1f37360509935f963

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    08862b99e659d37cd0211ad33aa67c97

    SHA1

    cf23a456357be2842ad1d773b33d4008bd920739

    SHA256

    b59eb8939cbc30ce37c25af3aff2ec5ef3b6d4bfb24cc90764c812dbde527421

    SHA512

    edb222b18cab607a2ca2cf246ebed1d1775ff2cbd7a20c8b8ac777b2a3fb09a1885ed9efa9a4519f75e7eeacb6ad1d6e2b3fdcd6e3f9c5c442c1e080aa4dfadd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    05543ecb9ccc9d12893df71cec94cf8d

    SHA1

    d43144bee3696733345714c6d8d6d9003693b212

    SHA256

    5fdccec293a722314ffd3fb44de4cfac0564694c8395af9da1805e87da62abd5

    SHA512

    f0773ad02f9f70d1dd522c9b5ca44d3e6be8755574f4634b6b2ab2699eacbcbeb1cc17d97028bf4ac18d450fd9a13be60aea02a4fd7266c7462b15e7daed99a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    89a16121c5fa94e78184fa8abfce0370

    SHA1

    f400b68c0f6fafa84031cdeb314bd052dc7c482c

    SHA256

    a76c10bb3745153abed7b345d599b08e3d880314bbd5a3210088d5d6149afc08

    SHA512

    b3780d8adf76ee5176e90ec22b25e96261ea30e2575c9964093735c18bb826ba77387cd9371d15136697c539caa1543642d66e83018dd4bc7c7aa5c9b5df1677

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    eed5dd527d3d693f27d0a877a9284c19

    SHA1

    f150eb217626a6e00495890e9f91029b461e2811

    SHA256

    be64f7ed53950d230f5408eb3ee2965ac182c3af27642a9d9b345fee924d7ae9

    SHA512

    888ddc467023853623ceadabfc02144cdb73f2bba669a2b6ab5d48491e2e77afb88f968ccad70013d2f1e2c572e5eb6e54a5faaa542badd82f149b46ee43938e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b0427107bacac0d346bd5b567860b048

    SHA1

    7d3b13992aff3589bc9c0d6e49e411a7077b4774

    SHA256

    58d9a74143330b860a15b617427aa00916c2132db89fdf0c1d37902745fbd4f0

    SHA512

    f54d51fa41edfcc1687e03b14f2e13810ce46033966d1b05ea15d13c3334b8fddc879ea41fef581168a5cab0e40eaeb0b0e15df35ebe3c3d7683389675ca99c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    955317f82adddb3116e35ba93275d76c

    SHA1

    aaa9630b59a5cf2d339ebad450c94cf0dabd747f

    SHA256

    49c696c097d0868ac74cf23f1f438a3c9fadebeecee66910887102599c3b905b

    SHA512

    061273ae1362c3e220a083251bab410fd6f02e20550b342a80c4955b27f9e4f192a77809b8308b2058d1e2bcd614eb2a1f04ae4842f4a622440904de6529457b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    2f566724695fa9d62c1340ef6796cbd1

    SHA1

    f8ef2682e2d04fbeb94effe826b3d5b8e7b1e47f

    SHA256

    a88b4b2fe0e027791819cc8256396a69435688253dd07291fb25735f78d2d243

    SHA512

    74bf7b4f241a8f9abbcba3f2a15f39b13b82f53b8a1417e5f46357bfd56a28d8c354675cb0239adc7863637b48cfabbc87512ad7205bc7cb61cadb77e094dbf9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c2e7983afba788997c41b567b874f8a0

    SHA1

    64f0737c83d2c6ec84372a271b33dc329af91e47

    SHA256

    deda4aeb8914b153687fb26adc3a89f8d215ced30d919472a775bed50682ab45

    SHA512

    45554ff044dbe75fd910b22cd0c892e8a262cb0c87d32967525dbf6725368d8d53b281ed41f19924aba4b77b3ed4da597d6f300d40022b98f677f1c253058fe8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b3af06308a80496c74ee2e6a94c871ed

    SHA1

    8182b8e08351c85748c0aa66ab9767c396ca163e

    SHA256

    32a22a2a43280fd8014e861e0fa6b4027182d6abe76da8c492a9496700c08744

    SHA512

    be6c83ea50c040eca96d79d4f29bdce7dc0a695d2f90ff0583912421c3bbd215e7d5e9feaaa6bf16cdbb9e1f6e726e9820abec3bef0a67a5b9fd63488f763585

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    fb4803e04b4ccfd16032c3c498fa508e

    SHA1

    6df35ef40910e682c3ec1419fab85920113a71d3

    SHA256

    565ff9e744ba825a4c280a087b39190353491bae352e8c1a18fa9fa94eb77d1f

    SHA512

    6325a3fc5646fa95d9f19377b9a278a303ab0f46f3d97ee7c0240490e81253e379d823099b56b7d36b6d74d3f4890abe10e88295e07156a59e9d29c2f0539c5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    3eb7ac1c0ba3cc76d292c95f47182edb

    SHA1

    65fd17f0881fd5c4ccb7ef480bd7f0680a3df0ed

    SHA256

    8fa9d59b473cd9f20c579299272fc4997737c5c2bf2d2feedc7ed0b47bc57404

    SHA512

    a97fbcfb13263aa1a18c55996278d9414a7310be36b09cb311a332537b7467b81d51f0846cdb4df21b431d8c3091c2f980117ea06b2c0eed7bab6d3cb3bada9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0bfe595edb4cfdd9d13248e60ec1565c

    SHA1

    fcdbd3ee3b494d667073401580d6cba578665fb0

    SHA256

    e1325f3cc8a12f60d8ca83ac7e3787e70c88d8f6127e9ec856329c64e5a2864d

    SHA512

    5b95d523e65a9f357f6938a5f5c1fa27286884d1c6f8a7a7de416f9a61093ad7256da2d85ee46b171740ab0a248e449b053a1da43bce3d3fbc3be1c53175d0bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0aa0c184bf55b56f835782c34c878a91

    SHA1

    e63e1bf5760c6a415b474bd29a6e382bee82bb8e

    SHA256

    1071624550ceb0d06f4e845030ccd8f65ba4d2c399072abbe5603eb55aedea1b

    SHA512

    1270a49b55a6faf37a1320675c44c6227778a66e222d123651b01a4e3f4945dc5a53cfe6abb9e53ad4c18e80a1bc3fc006da903698e733c826f1fe9456582040

  • C:\Users\Admin\AppData\Local\Temp\CabD79B.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\CabD80C.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarD88E.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf