Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30-08-2023 04:44

General

  • Target

    ic_content_sticker_location_60_percent_black.xml

  • Size

    1KB

  • MD5

    a3c9e4e574c26a244e4660e3412d803c

  • SHA1

    98c4d769e0efa91892b72887ff5075944b3547a6

  • SHA256

    1b6c02ff1e1e60d73f6b31c1c53faebe6d1f57782e3caf3c4328a65b4929648e

  • SHA512

    f0660665f035131c70589a70955b2bfa8c7c8b9c45053f914bad335be06a2f8c23246c24348e3e469a03ae4449811796e39843a07a275cca1806dfed10df1610

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\ic_content_sticker_location_60_percent_black.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2496
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    73ee9f3f93843d725b9725b7196e79a9

    SHA1

    32adaf6f79319fb0e89a46b6bf38b86efd3242fa

    SHA256

    26cd5a6f5b5608eb717e6c0b7ca4234e192ab95434a31b863fad537227d6b342

    SHA512

    1fc9b2b75e17ffef53fa091848112f29ca04103fb3e49a185c4a9ccd7e70cc4a704d59fc6c79c79a3a113c1265f393f1026f257254f7cd42b59f7df36aa0fb1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    653b9049ce4112638fc1990e63257e67

    SHA1

    ac492687c400910f5afee0879e3fa6b7aaff76f1

    SHA256

    c087b207089d8551edcdd3f962f43bb6db7ee3c0fb4a519526fd0456d0cfadd0

    SHA512

    f1bcc770f2ef89efd8deceb0818b1f477738b08b8fce5695e014dc9195f1f801d27135051fa20f21a033b849c005c6490b500628fab0216de5f3f9c905180893

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37c41392a71a78bcbea243b72d8d4022

    SHA1

    a1d803999c9f7dc83f3aeb3b8310a7b393abfabe

    SHA256

    3a53a61c21d8cdbd2ee7f02af463170b2f2a8089689451c052f370b525da56c8

    SHA512

    63c192c0190e377772bad411212dd40eb913bb379de6eab8dbb079e32ba6be9ff4c8d7fa3f8c8f252312d98bc0e0cdb6383da08920d55629721d52405f4cb1cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9f51d318fc0c41a8a0b14e4239184a2d

    SHA1

    751e5d41003b5e2a0c595d582af63bda282da27c

    SHA256

    d2290aa6cc937370652c6592e1044dbf1c74aef132b8ee15d6035bd112cdca49

    SHA512

    7d9816c062bc884d949b1cec876b24408d56b0714efe5a2a17d9af962949eb854aaa28e848cb9d6cf60a9becae8ccb20347616cdc192945b842fc23ddc5e69ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    94dcea67e553851d2c2c07d5364f947d

    SHA1

    2c544603311e4f61163340b807b98e084ae4be97

    SHA256

    ff0c5bd9bd8c12647746575eb81b99423dc043d43f65baa8da63613c5b1e65d4

    SHA512

    96f7a543db4a3e2c56898f0653052def4bd3a44ee61b941972505a46ce012fc11b3971a55f36f4ba769d45308f6d347981d3165f886c2f403816e20cc849a1bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc036e13d033d18fa8f0211d0c1dc7e3

    SHA1

    1cf9421c8e36849e73006c2a56c0c07093ff35e1

    SHA256

    3d0094e9061a1e68ad26b0ee84fba96e4182623ad7c84fd8c4a6c17923d5a089

    SHA512

    a36ec7ce736b62b89e82f0567273945f11c11aa6bb37fbdaafc3c8d278a79f57ff6ff4848e969b3104186a6696cfff879e85c36fc0608f7c30620a019e73b03e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    db0e49824a6239920d8c26c473581e30

    SHA1

    a5c1ade817d97ec48c32002348f95bca5f83ce0f

    SHA256

    939129b9dc69a16d00c87f0eadfcf7f567627d3934f814755ff23f805016061f

    SHA512

    3b8d535353fa0720f6c91ce386a54feaf69bb1b3560f7cd286992cf8eb0fdd9cfc61551c4ae7c9d3519678a4d07dcbaeb4f0a14bfb4afce1867001dc81a64ed8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9ba1440e8410622bb66fd7d43af1f166

    SHA1

    2b92296206f2ef1e39940af211eca47b3d4466d0

    SHA256

    f9ea97f41a013d0e0c2287821cba945e74b0c8d81e0e21037d2e3e346e2c3eb6

    SHA512

    4c5a4e0233be34a8495e8d291d61fd4cacdd7e6a02616ad656914703f7f9c367b1f851189560039891b911f3ed2b5f2c5937da38d2f407a9e5c3e7a032b98b57

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eca12f8a4944000bcb0c9af560382a7a

    SHA1

    827dd4ac1a352ba934b34a96d2394f1a78ad43a5

    SHA256

    325a27609a2f75441cc21011db23011697cefaac65ca6019730a4238b8dfbad7

    SHA512

    1da08a222cc68790b8570ad2a4c243d0275ad788b68c87bd6a661650e3bad5c3505a2d12a5c3c7d29558a6ea43b9e2a41ea53cb46feb349a230fa581273e94e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67e0ebc8c6596e56daa6002e309f6e49

    SHA1

    4e8f9072d064aeb55810d1b1a6bd240b1f316201

    SHA256

    3abb766a9cf8594124652930c6b6f20c55e1d2402854d6f2d58c0e05e0d2a986

    SHA512

    575607adff2503d5c0103fc1fa9f1c7c29b4f9c1bc4577d62778ec47feab77140a738817f1d4dcbf2d9a5b59e09b6e57c73530bde420719106bc81e2adced2f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d6a5ee113772db942141e26c43822fbf

    SHA1

    bddd69d821409d7c72a1de4b91ccff74317c77c8

    SHA256

    c723c9e3f3798c81dbd12d52fb2bb40b58c7790e5cd2f22280e1d85c422f79b2

    SHA512

    672092fa1c987db0693a7c84184056d31e4e233ac37654163df56f9f7be6d50b4ab46108c240426ce01a16af4793ca7c9b33bc64cd9e2acb383dbd842750102f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b38b40d57afe7ce598154d7eca894703

    SHA1

    f55c62f2304eba605d1506654a13ab8ae88ce585

    SHA256

    b44bf1cf6c917e126e76650ba90bbe124b7acd84a04e19c15db5259fb510ed7f

    SHA512

    a4d620f7d1194c7acbe0e7d85cedb8d783b78c7a45e500039c4c32759dbc1350d868bb102e4c3fa36062906b1d27c67856ae7dc4c99cd0cff9c2a18eb3ee2107

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    940c66b2e9042631175946640643c1a2

    SHA1

    04317fc7824eaa2161a4d39890000bf70025007d

    SHA256

    938cd526dd4f8ef030766a01e3e5817bdd1e7ee597041ecd12448f35f935646c

    SHA512

    e255340aff0b02587f8cbb661ce7571cc9b1a075493e7a40fdbc60d1b4bc07f615f1eba62966a13fe572c947c6167181284d69c1fbd605356a3220823af85513

  • C:\Users\Admin\AppData\Local\Temp\CabAE5A.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\TarAFAA.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf