Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    17-09-2023 09:00

General

  • Target

    floating-sticky-note-selected.xml

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\floating-sticky-note-selected.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3016
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9919e6dea43228ac7147a44788214e57

    SHA1

    15a68a540a637ff8b560d1197c68cc44623fe2d3

    SHA256

    ca4975bffbe31d77075e161fa1ae839221a72b2b61a318325556b49cc9962872

    SHA512

    c9e9edfbb5990383a95b5940096ab406af8e451cb392c81b99e0d557cf6d8ae69f9ccf22b60e58f58289ebe760686344756f75c308b9d17fd0cbed234d79530a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f876d28ae4bd4c0776b1beb082c67b64

    SHA1

    86111148fce66b8cbbc4700fcdacc719b77c9076

    SHA256

    77c5b5a9e8f093fe7a040358123af0c5f5908f00d05b6a0ff985ce51e2c979ff

    SHA512

    bf7c45157e1a24392a718b9d33125e28b722d5230f5c6f4acd448fca6058257a70b6f7b3a308c827ba04060956adef724412da559aa19bc653471d57e2ec3d6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ff33a824dd03259ba95ed2ec746fae4

    SHA1

    57c5a9e478543c41ae4d23a4c115aea7d8cd4a15

    SHA256

    7e83235434b2a802d113c7f9192fa1b562ff79fbc636e50989ec70f586b99930

    SHA512

    dd6978e46fcc528626b20089c3514ea2f100843bbe49ce2401db9e2f6a4f16f02bb21b67dca45ea6dbe89dd3bfec622db159b80b942bf73f3183a03519bb4cd0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff4724fcad2c809a260e98c7f34c953c

    SHA1

    6de36240ea747848e682eb327a25a85c1f4f96b0

    SHA256

    3f1ca68ab69e4c8f6f140dd4973c5790ac1e5a3f874e8c4591f4499f6dc8e407

    SHA512

    43ffc0d4e0fd1be2bd4685b27ffde1beaee1e0558a4a577286731bf50b95d3ceae4ab3fac3ef3ccd272c9d7a853b06bdcd33417e32eaf78d9b679b52687cf3b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4188065d1c0df1737f2a7e66e771832

    SHA1

    f5614cc81f8f56607c1ba20fc5056d3b036ddd6b

    SHA256

    9b5160a8110c597eba00267b53cfa24149cad080364f82265ccd2514af602a7d

    SHA512

    6a743d6594bf624a530b97cc5f71e3bfbc3ec58ae054c502868eb4c1620f8071d17862e735c2ff74e17ebc1b2f3552298733a7eb7c1429a83da75de0df5fb4a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    655dd417b0c3da0ce2718d12ba1e27e1

    SHA1

    efd9ab66d2ea7807429bfdfabb54fc749982019b

    SHA256

    3c67830a503c92cdac7fa4aa4dc312dc9ad6d55b9b195676c7b3028eda19c6c0

    SHA512

    0586622b98861cf7efbf2d474101c73108b0b25636ce9b8a74e8aaa3181bf09e08c8e464cd0ff73eb37d124d1be071e5bfc69fc442f2b4a3d1d0e150f95843db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f45ee8cabc5c27bccee9e112fd6d97f

    SHA1

    6c321aba1914abc19215cb81b4858482e936c852

    SHA256

    e62af04c718ff3073da98268ff123abd0240bd86d0b10d795693fa1d2a6c91b6

    SHA512

    5427ba061587f55a5fb743e28a96f33d1914668763470d3c0ff4a99cbdb6af5af87875add242a6490756e35fe7b94bfaac6de5bcdc38a3caf17ebc0595dee559

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c0a0f2f2aceb3cb5cc9b600c2777c750

    SHA1

    40b30eed6cc6f4c25bf98a9428e82a08f64498c2

    SHA256

    f8891c7969bbe43c92d326c9a8a564805a50f37da2c9e9c56ae469a6d0a66ae1

    SHA512

    fd30224363604db9afa31970c213eb5b660a1576eaf4d90b624eaf2cd4edd309c661e7b39af6ff30e031433f6903ab6241eb34ed0e86d2cd0e3d5fc82180b26e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    438575431b82a8d88676ad0a150d0506

    SHA1

    ecfbf96b912279a5ded1af2c0719355ff7d148f8

    SHA256

    b3da0718070f83a41f5d11f3e4e4b4bba7273e069a9c425a355b3904270d6bf8

    SHA512

    01697b9f64803e22259d13c3757f3984548b2fc4a223167bc748929117b06cdd70b07122844b49349baac4de5be66aca61c764147c0afa990abca304070f3ab0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b894248c54fd2f5301505654f02564f

    SHA1

    1b85d7cbdb167a06193199b543c306951cb99ec2

    SHA256

    9c37fd684ddd1aee8ff48f30d475a23e31ef2de80691c59d60ac9d9958695df4

    SHA512

    1e20c38f32e7277a6b7684a6bca90dccefa58dd394963ab5cedfbf61bb2c70f11f7f556da5dace9b6b2246b68e54ec1e54dd595c02737893d714decb5dfb63a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    086bcce477f991d16a9446a0a29b2526

    SHA1

    8b1bc897354d4e20d4931b525b1703d21e7f9b21

    SHA256

    65e8e03bcbffc72e5d9c32ccae5498bee6d296b34a7727f0acdb0c6d61d5d745

    SHA512

    f08811fd7dbe7adfc95509f2ccaf9e0f967ae6a7d08c249c7e68d643cd68128062c314491a962fbba149369f5e119f86089bc4589e9576c5aaea255e8e6347fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    437cf293c8116cbb813a3439d0c3153b

    SHA1

    c94789726324f11ada38ad326ba9bdb4310a6a4c

    SHA256

    615d530afdd56bd7a3d33c652b695b506e277d91d5b9b39c6aa68c7d2a7311b6

    SHA512

    586d88fd3b378e5e9146d3bb0b87b5781ccb2006df5edbbb0032452c122d7d42939af2b03c9d4f126ed05e271c3d34347b45837357be91a0eebb36e2ee55cb0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c83ed85fa26754fc88bf6b1832b85526

    SHA1

    c3020b65627598cb34a054395c722206e552fb74

    SHA256

    f2aa07235f071ae894ea6206ed8977bb2fd1aff1fed4944a734f1261aa37de9f

    SHA512

    b78ff34e6297a114b71026013ac2dff8812b368f87d295fb6ae90d12641b74f63db6c8a36266a50a165e5c673d7350bf78b194c458b30cca80b7e18cad94fe9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a3c090dc0618ff0c293fd604566b61f9

    SHA1

    899d74dcb02ff9909bfea4d397226973a8bbc5f1

    SHA256

    7f252a84e558876995daa296af9a4c2c896f2f9ee4950c32e8cbbcac1903c3e7

    SHA512

    12cd506689bc4b5a499bf75c0254a318b7669dd139fb4107a86b35e948d1e9f12ff721dabaafec31c5816c4e06c4c65c839ef313c900bfce6cfed2953efcb9d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    accbfd7c5fec40e76f1835395856b40c

    SHA1

    d18c01c6624c33ba584ad7ea9607339959c05531

    SHA256

    f61d29957d36a8d60ec74743c4bf4976422bd2fae60c9f8cf31dfa673d2054d6

    SHA512

    d3809d40e036ca9f5cfba09affc9e46ad7900b604b93b8b2decfd7d0ccf12bbafdc7daf74ed69fd94abb62ba7337879cebb5a3cd9c1e3db19ca72add1dc72804

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ff7f2c66de48e6f1cf6188b0185c4b7

    SHA1

    ec2bac0027beb2f4e54cdc17beb3684d5da06078

    SHA256

    132259218738075bcf31d9a9a5d97e713a509951072043f2537c7cdcde0ae05c

    SHA512

    77583a8d4ceb0e090d364bc2d989cbf243754efa18366a30516a27b0c9572903652aa02ebc92d2d93699e0991052ef70f73e38b94ab4878be23146f1018a5c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    202a5fa9fb75832a837cbf44e4962535

    SHA1

    653238408de4a1789b74bbb8bcb895c0aa0b8577

    SHA256

    b1cf50f304fafd416680c5f1f0507b1e4fc5bab6dcbf3f26ed1c433234581613

    SHA512

    27715f5bca334f880d7d0d681532975b75f519bc26c3bc072c44318f74c4f9afcd70728027e7d3ef2ac031c121492060c510cd035061e68f2a7039fd5a116d03

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    775a76186edd09403900cb356569f69f

    SHA1

    b1c9474d58202b93f379ca24ecb4c94bb95940f7

    SHA256

    9fa2dbafd29bc7dc149c47dce386d13b08c396ef7f1a5aaf296c6f1687643c05

    SHA512

    4073a7d2d766b28abc7ca7121f92d210c551b8a261ec20f375bef61b1690dadfb7d619e84657c9351380d5be4e2dede5711dfa524a23e9d4eb5ad8b1549885d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    913366589b704af2d7174760438334dd

    SHA1

    410d66e3d33974d25d55f93072708fc8b54dd9c9

    SHA256

    c3a0cef497450f52fc7e71085a8dbe5ee7060ddef0c8c6b4ad2fc05cf3aaa965

    SHA512

    9858708e22fb1b34f76afa394c3c05dbb6a77e89253bc613da017f3a803c529c052603d45bcdd7c665b763981d92a433c599df0cf4e5df7aded60b675b5c8946

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a4b62e762d63405043b77dca028247f6

    SHA1

    d28127358ff0e0649763e83566d4cbd1d119ada4

    SHA256

    20781ed48e3ed46749e260fa33e5c87fac84ae2e7b39347ee2b032d3e373ceaa

    SHA512

    193cd37dc3f4cd5092d528b81cee4ecf0ed03bd95475deb35a2a462c119743f7de9da48fd8f8eed8b910e5741311bee9c30ef7723225e91738dd945b2b89e9f1

  • C:\Users\Admin\AppData\Local\Temp\Cab64FB.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar656D.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf