Analysis

  • max time kernel
    168s
  • max time network
    196s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    17-09-2023 09:00

General

  • Target

    floating-sticky-note.xml

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\floating-sticky-note.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2796
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    afb039f9ae24f9513ffda8a55e9652d7

    SHA1

    e12ef64df1c035269478a4a4a0d26c13b6ec2cc6

    SHA256

    6c52496fb1cfb478e1638725899f063f39bba95d483a94178d0670343dbeddae

    SHA512

    1e65e3ef8e2ad72f05e9df924a2d283f3e8f3f22dda9e8907d5d6f44bd134710f4dc2d30289151044cdebbba24a7c5952e0adda8c8017c0147c2358875ffe4b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39a61fbda0e3a17290b8959758aaa1db

    SHA1

    5a4fe8931b2f0cc01d01be61d657d6e4fefac2dc

    SHA256

    911f09d2784636443e1906c67c5c0fdf359427b7371e0fa2cac890f4d7284f50

    SHA512

    f1b54dd8f111d97113ac829831a123160a80b7ecda7bd95911d438c10e4bc0b10080c01b3fb180327fd3e42c0655c90b81c2f86b070bd622b2e6787b5fc6074d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9ac1804844355e1e554c870460de1ad4

    SHA1

    462996e0b696a493c482b7cb5afc00788107e491

    SHA256

    d1806e8a46a432d3d6e49ebf90406d3049eacee52912901398e75a3fea7eb689

    SHA512

    b706529073ecc5fb4a5962befd115cac6b9b221c9599fb23f330c36f2eba98f76c1e7e3bc0ce1746c7349e7379558995f9ecb77f97274889e92ea73fadae39d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    85356afa4c0c6ce400115bd696f0cd7d

    SHA1

    592b930886f78e54173a7fabe69542c56004b3e6

    SHA256

    276807ee8c900ced78c08d4dccf14f8440fc59a17ecad25e3f9616838d13eb54

    SHA512

    79b6ee5837163ff65e1ff286cfef39ed88a6037a73705c03fdc00fd9e966299aec6306e5f470372bd4dbae4ac15569284ffaf2c80858bfd70866a60457f40e3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a144fc707779009a3dcfbbd14a37cdd0

    SHA1

    45fd21abfc5d1b3d3fa1a6856d406ab3de22fd4c

    SHA256

    9c2934fb71e92965a81babb2c7c0e6e99c06a4489d808db20c7232a652c16bd7

    SHA512

    8c061dffbc5893549b120eb4dad56303eb67ea701f4804e23046132bd8bd369efd138d011ec6298dc09066edcf6d5f9dea84364d6b6034ec504e8b63c1c4d667

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ca3ea50467673015c81565ebd9ec05b

    SHA1

    24f2c40e3f4028292c0a312d04cc37c248ce7a29

    SHA256

    55b66ea55c40f1648f10067041574e82dfd1f4b453b5ca6b30b1e4e6f177c4ac

    SHA512

    881501d95405a0cdf4de9bdbb279c45961e574a8da84a8170095f007d1c370d0161a71cb5a63a61b5f6f517a889a998b297bb2ffea0bfbfb9a7ba65632174c50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f9283b415722f652a08f3586d3841008

    SHA1

    0477c3f7ecd0883a6817865a1fd5cbcd26b09937

    SHA256

    3f7b608451381331209897d84ccddc1c94804eb212abc7bb7ac3b94be015265a

    SHA512

    aa14a17e7b265952f0ce7cbaceb5e2d3da4c5f6db19cabee5b39a53deaa1868936ef13662126fad8c1dba5c22e38f80cc8f9c948a2ffea567220174747e07bf2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fea7ba27d3917358b6785aeb1cfd0301

    SHA1

    37865ccd49265a718a3b4cee3df132d299a4841a

    SHA256

    f314aabf72b5b1f06a38ad5056c6f89dcf92f017499dc6957ceae101bb3e8280

    SHA512

    8994515fa97612db2fa3eba86b65d2c6a71c0cff07c6b84d3e8076bd76e6d608b5ffdb9d570d0255a79e016d81e397e28f292977f327e2e135e60ec2b8a70a08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c80201ca61827eefc63370ccab90ceb2

    SHA1

    f65979106cd35c225a6332cb9ddd51c8f55e3026

    SHA256

    269ac17e50917fabf1bc2e4402d66d24fc646c5a4af77e35cfc2f2ced5acf8df

    SHA512

    e65922226375ef21dbe65b1a52efb0f368a200b8d242d0c525d864cb44ec49fa9d27056d0745a47b71c777861f216c1c1c161958ea8c10eca591007d10e4e127

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    feb8c04ca13dee7efd7b69072d77cca2

    SHA1

    f583895627c5725498bafb9e325b4618f7064589

    SHA256

    be9059040ade6b892aa73bf3c47f08c3897b300cbca79b70187e0711767fb597

    SHA512

    83d08fda0fefd1f85a989c7ca81b7bd9d2efdb6a3a9770e03c40880dededfe639681aef68ad731b823d6c01b254bc9ead72e253915f560a66ddee166d66c6016

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2093f7eb2b13cd43f127bc3b413f701f

    SHA1

    70e13bc38a88bdfe4b6be4a3afa5578bd9de16e5

    SHA256

    3b7e19c475b4123f3c12745d707cf70759fad2b8b9393fa323727ea03e469ee6

    SHA512

    5b82a9e3c9010c29460940ec8edb4fb043c8a00c04e2ea885b2460dfab23716ec8a194216eadd1747c9d2ca51c46426772739cc97b036e7f38ed223b6c3867ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c11e6f116470241ebd019faabe439f5

    SHA1

    c456b1fc8df57882a413c5b2835c4b96a15cd18c

    SHA256

    30acddcee295a432e3d2ff5073801f6cb79567ea38ae34f52c3163d84271d597

    SHA512

    738ae5ca0062319d5d3b0a39806e64092df6e6b9f70491e3411732927317e723d475aed8ebc5704fe6af4f3bb7b6fa55c1db3e06b0f0fe26cd5ef16e00ac7179

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ddaafb020d21c441e86b170fd31cfdb9

    SHA1

    acab9245ad8794f196a5659d315e4957ca69adce

    SHA256

    5f43aaeb569a0da6e190f97ffd685819073d216b66d9205ae81c1a1a55e2c75a

    SHA512

    cce1e709db6aa497ded07a2c2cbd2c9491fe4d599719db32c2c9c38eebb995144dc7faa8b204715367c6368fb9dbf3b40054c83659c93703fa8c1794769eb45d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1876640f943b27e5d152f99e77f7aead

    SHA1

    79bd77b71ca281f144ce27c7f2467b9eba221469

    SHA256

    bfc86c9c54e07f162549cfe61d8efca03850fb0b4056d7636135ff05cc79cf56

    SHA512

    71206a37c13621dfe4acadc04188019a72fadf75a3b3190b369431498d2b1fef90ef12eec15b96f4a056e94d748d606280034752881e512ee16b1d13c99a3147

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f7f4a6c78368fef3ac22c5d1b50a6bc4

    SHA1

    d7ad1ed475974014a073466f968bcc0ceaf59012

    SHA256

    559f646ebf53ae32bd4033c600c7405e47296adb4d441f5ff7dec5586f328574

    SHA512

    a91705a275ded09e1565a3a5616ef67ba3677380b4f32b120cf3fa42d18cea234a056e929369b9508e3101d874ffffdb196ce836983d45f46a0a0b8c7c4bd849

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa7c73d2e025549e2e53366ac2ae6dfa

    SHA1

    c2de4ab7c701f05771534987e24651b5a3bf34fb

    SHA256

    0bf5acf4c43e417a2f9a141ce4a6dff2126223da17a77f012ed06a423dcea51a

    SHA512

    1d939b991ea967681e8fad9e433d83b154942be8633f74acf6f601150a6e4a524dcd2617323369e75f994f32161b3d04c47ccc58ef00dd404702bdbe7d27365f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8678102da1c0810e2094a43035ee44a0

    SHA1

    6a9c5da3c811434242fdc932c24fd4867120d1ac

    SHA256

    724d98c36b2e576adba38f55e0070107afbcfe49b125763c3854470f4ac73b51

    SHA512

    8a4d806ea6faf2d2fce33e00862e837a93b2ea7049771842ea141fd6973fd9674e93a66530ab6d805f5b68d584f1dd53552bda19b69d961f75fb5882d26ca8b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4bdafa8065acc849d7c9e45981d9f691

    SHA1

    7a81d088f972a669892d834dc92c446b53ec11f0

    SHA256

    361ebf0b437aafb93a80bfdf284998c66ee546cd47cfae71e2bc65f2f888e7e8

    SHA512

    06a78bcbff6afe682f26ab1c75df4d10ac7c79b1b54af613c2294fa7830c1bff8baaf8ea66e3abe3cd07826bfcbaa824db69a14ae09f52ce0207b8b81e79cab5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    74f1a5b7b6e2246387210a54619cd913

    SHA1

    e9c4d36bd858e48309f60701f68fd1cfd2daa625

    SHA256

    ef0f620e4807f1ce8c5b49af557ba86f1e8c19b411187cd23cd36e1087ddb591

    SHA512

    7701cf8ad5201dbe2ad2e6c1fd8868b4563e867f983ecb99c5e8201e247dd11e25c3e9310c88508144aeb821ae9f5c42bbba6499554951000615b1785559f2ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3121fdf27b442d7f29f43817cab4278a

    SHA1

    0d3adc078bf36e4a51fbb741ec74fad11f800e9f

    SHA256

    ce38dc6b1bc704e0bc467fa356a40b5a9b528428d1f2fa33d24781bb74c44209

    SHA512

    083c57912694a3ff40c140c0bc293d73fd1947e08d8206aa765850e9d6a3746c47b3e15caa7c9dd60673d17a1739fcf2a16e2b4d25c81fe1782bfd86c3385312

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    343d84e116c1c646fb989eb9b858b7e1

    SHA1

    051de06eb1438c46ce08b503f33c3687fd5a27f8

    SHA256

    9e331f594cd704a08f2f58f79828ff88e568a6bf1ce8de7c034039610f898441

    SHA512

    4ce58117a7787b9b6a827e464b0dc43508288c61cce7b2f8212ce3623e532856f0007aee04326cd27eb009fe32b264123b8a491a26048717d68e0c42523cd3db

  • C:\Users\Admin\AppData\Local\Temp\Cab4C7C.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar4D2C.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf