Analysis

  • max time kernel
    137s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    17-09-2023 09:00

General

  • Target

    free-text-comment-selected.xml

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\free-text-comment-selected.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2376
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c134b05753f9f98f0742134f042bae5

    SHA1

    cc9f5aad508aa0eb56e417879f983bc873c87019

    SHA256

    97ec207092063508227f5170805f4b2e7a45ae430a959880b3f946ee3343025e

    SHA512

    07dbb8a80ec347fb7b27aff7a5f4ccf3461670b335223fada071884b2e6aab9e0470ae156177e3ef6be30feaa175b2fbfddca7cb055fcd047af4bc9043854aeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a3f5593417243275fc62c713bbd9572

    SHA1

    3506a1cd3e0d8b7251b57fea053afbd95b4244a8

    SHA256

    5fad04e38f2c9badd481eef044a2a0744e324fbfd3a5ff1f9378d5449bbe60cb

    SHA512

    433b7386a8996e111bd087368386bf893b48972bfb3517495cdf601c8608d49f9f9e2395dfdbf50ac2e12141229c632f0e315891952757039a7da9eba8b57a58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b696f5ddea255bccbd51028b0a42674c

    SHA1

    2211155b36229dd086fd056ed7b029cefa6354be

    SHA256

    f19aef128a7749ae92fcc1a27646be9d8bf72eb1d3ade7f36ab77892d4dcec42

    SHA512

    4d59fed5fc54903e9f0ab4f7ecfd3ca7f747ad87d0f87afdcae03c8ee854cdda9b7da7413de57d54054ed71c71e7fc56baede929aeb55181f72f11db60e4a805

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    90086e8c55c794b4f8c5a2646fd323e6

    SHA1

    794b7aee12cb9036d59130fce955181d9ab837a1

    SHA256

    a47fc5557a471f161cc0df3a00a520dc970221a404f29dc00edd385db55a37d9

    SHA512

    cdc8c062fcb0f2cd69049f6dfb3f6c9a51516196c0b4749adb2a05f6660630f3038ca76f4fed707858edfac6189300e27a5e4e173b458d93829b9e51231a7507

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33b6ce32931ec369c46cb0632f4d15c4

    SHA1

    c731358296508ba276cf0d8066049ba5d57be802

    SHA256

    4ed66811d909f9b2161b5987a53fa10e22ca68e15697178ebe539b5109feb57c

    SHA512

    b52992ad20caa68a11ca34fd98ef483e4dc1c89b2909d07687ba5f61708e742b54740a5e03f0ef6b04c70693450cc093fd794552184fd5c3beb4484aef2e298e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47aaf40158acf55be10a7f0c2ebef828

    SHA1

    655af67711132a7b9baa9cb46e7d027fc2e76002

    SHA256

    4a21320d565630cc72e4343ca44e695a4c29df27ef261bedf489783ea1a7017a

    SHA512

    cbfdbffff0d45fbe17d87cffdca12e645248668644d81140245eb9d7cff8d12dda4a83ad0a70f672ff7a99aa17b30680d0440768e96399bd532c6b45e57e569b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4767a251f162690d7cfc6c6dc9280c69

    SHA1

    a994f4fd41d16ecdabea7ff774449b1373c10b30

    SHA256

    9be05bc83e73784bab86e5b0ed73db95310f8f5bb23a4c5824e97c606f0f4002

    SHA512

    fa0e704e393204c426682e0d038cc1d006a5d32a8bb7a9aebfa2d07737432e542b56d0e67b99cd9172b71db1c7774d9e048da557377e21bf2f18f7a090b77c51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6a713d103850d16c9af3e68b62ace905

    SHA1

    fd85f28b7c408cb92e4ac87c8992b77f8de92b8d

    SHA256

    d84e676aed0455cfb325e875743b927284343de6345c80e6f099a5a56664a164

    SHA512

    28f5949a22c6b7de3b7a966ef248e00e2d6b54fd25419e10538f4174b413025e3dc8f2904d16301cdd6644077c73318435b90f130bcaab1dd4b4870ec8fb40c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    12bba8d4e903ae804121227044903245

    SHA1

    75237a48373fa9b3173fe8e29e5d9a5ed7bdf2bc

    SHA256

    2bcdcdd0e0ffc1358098e8ded083f558f0cbc684277fff5905b5b2a4d99ab7d5

    SHA512

    94aab905568380ed555eeea92269640639f287a7b0f4fb1148164fb68eb6b007cb1c60cffc7bceaed5ffc24f7170972939d7f543dd99101dcc55c4d7f59686d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ae452718c1013c504f0eb043e4fdde43

    SHA1

    41834ebccc9aa4c28e3a9f90f51fc15732ff3a2e

    SHA256

    13c1e499a90c7ca17c26e4f0264e292d21ed6025b44ca1cdb717af9e99a2e9d2

    SHA512

    908b23e95b7aad5f5e1d61e51e6ab964b0fa8cb51b780f085c16a88d9b1857418039bf0a1cc11a8f131c4294f7c6849f204a8f991802440b9f3844795924aa1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7d0481114c3a13d6ef3b7c57838842b0

    SHA1

    f4a47854e57e079f5689b3a241246a7e82be1acd

    SHA256

    17a42bf8fef9310c8db009e1c81385de1153aba7bcba3669c708df5b3b955959

    SHA512

    25f1b0bbbe5db4e6d491c4e7cf162ff95bab9a9fea382f71f7ff074012e642347205a87a4539f54a09d3f0b16315d41ecc0670b0aeb83b40b727a5515d4d14c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    536d1a8b3496c82e9ade3c61a24e99e8

    SHA1

    995d17c269d72b1c0deb0402d0fe8921528698c3

    SHA256

    0016081361d0430726364f765f3cf74c4bcc1771ed4d192b52f5ee8d73276ea7

    SHA512

    31600b68ad623b44bfef2b09ac7388fba2a7fe20f34d6e03b856b137218ff56cd2b8dd06b7ae446d842d72bf1d495175c4110357b483df04d3d6393f65acd9ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    28e34dbcac0c710861566058f0e3e624

    SHA1

    e1d7a900da82be71fc5e5f6452fab9420172a877

    SHA256

    578b21e4abc9f189123533ab79f129a3c4424649460c9a210da971ca59079054

    SHA512

    1816dfddc505eb9e4abf1b9fb47d4a848a5757b373f1266ce6f63f420be925fbe26376e6ebc8069de164c2cc8e1da94b6fd9827aefdbb23cfb2ae75ec63b5c56

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    065d396d0fc9acd5b84b92eef2f62aa9

    SHA1

    9c0e30e119ada2fa88bfe701b6012cca5e379f5e

    SHA256

    94dcb020d9c82367c23edc78e556f506433a2b70c482bd382f785576f61e78fd

    SHA512

    0f60cc3addab044a3fb61d167189ccbf1fbedbdac06a7f30d8434bf39acc91d70f0eefff30b154868dfd057fcb395ceee2250dcef116edb290eaddc6ea52a2bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    de11a2e1e60748792ba52e06a1693277

    SHA1

    4973081e504ec125f135bd32cc2fe5d64a0fde61

    SHA256

    682bf69f999339204873b5cd569a4b2e33e0f56d7246756dab357a409ffcc80e

    SHA512

    512126084d29cd1b5368e64ea3cad2bfb4663273af1a64947fee80371d2835cd2cea4dc745a4c5eb1a239982a8ee276920dabb13740657e10a5cd1bb701f1383

  • C:\Users\Admin\AppData\Local\Temp\Cab54F6.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar5AF2.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf