Analysis

  • max time kernel
    134s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 16:54

General

  • Target

    word/theme/theme1.xml

  • Size

    8KB

  • MD5

    2bc1ce59fd7b0a0b8c0c481440aff611

  • SHA1

    3af65e014f0aacc7a5070dd36206b33c324ba156

  • SHA256

    2760e6e84d4bf365af6570192dbe9cb57bb32653388d0ea041d116b25b1ca0a2

  • SHA512

    cad8e8f90aa4ee2fa6b4e5a9c20ef0f876ccc3d6d2f8978f176308a1e3a8c86e57fc0a505ab8d22a89b60b467ae5a6e844613603e192d965564e0583dd6e5574

  • SSDEEP

    96:xLM1d+8FNk/VmWHS95EUUwctUNoJuLIMFNk/VmWHS95EyUwctUNoJuLla5H7O8jE:xLM9AcCnGuMBR

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\word\theme\theme1.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2628
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    503bf5f3ad2d68cfa6f86e0d814bc013

    SHA1

    1ab2bb31225181ce3cef566179d1cfbc4b74bd8f

    SHA256

    d33f0e67bc6ecc3bb935573860bcaa3610ed8d17e340eb06f900dd146525ca61

    SHA512

    c111c94f91184436902e005ff28c0c9d084a451f099d5f35b506f70f3e2a2729e154d8dedb2d26beec3b99969be4740f9fff7733420f827f245d89d8f079e60c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21c91617a79f9f7e6c2b4fe29e2f6cf3

    SHA1

    ee7fbe31b55db5dd3eb7eb9e386cd90a14846953

    SHA256

    437c4f504f72e7e2f62f4a2ea776aac4577fb541a06ef0a74cce1fc79c21cd74

    SHA512

    7320f2f0f9437ab156679c9cc34e38c0239a5ac1c48a74140b240e3d43f4e39964b77fe6ea5ae5905d6309d015c2159d0b78ac4e3324a9106f03304030c9b7af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b30e4ae8721db9fd856f456a8daf4448

    SHA1

    19e8759d78bd950f17d22deeda51057afa26654d

    SHA256

    172cd3f755d9c15b46324ad1e8d643c85083517e7b47a8111ba6d1d2799ac2f1

    SHA512

    2f894e8331f8df703d80edcc8d7f57f957a6d7bbe13afa5d2ef81ac48f4461ff806a3152ba06550eee3b03b59e91d146fc6008386a911add79a1f917571a4180

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0369f16df44a34dca83b3de6b08c01b3

    SHA1

    67e4ba8fe9b9a949064308ee58609580e6f220fb

    SHA256

    41bb054eabfca9d6b7b9115d8205cf5ef181c99f37a7bc21574ad29e0dddd625

    SHA512

    d77d4c2d322d5cd5b9f4552794d3ec14a0c7d1822877b9cb4fd7caa8c482b6a1fd91c29042ecc3038e5014939261e2184c272ce206f9b61373943e735f690222

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    770e1b2c2ebab3d5dc67c78aea386ff9

    SHA1

    028da4b641fdce19410f6be3b9490f428052aaa5

    SHA256

    b29c8863ae29659b221571e8de5847c13e797509f77a4721e58afa198fb3d57e

    SHA512

    8496f58c8307f6df976f96b68a99fa74a7246a5fb50e1265442b5e8376285036b465c60568dafb805c3c93ebe0f9cb93fcf717a18b14fbf637ec695dff0bf732

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8623b074ca155aeeb34aa42573a37ed8

    SHA1

    8b364562b8da1813f38e5c31e09cbdc893ad52c7

    SHA256

    156eb4520cbf22e1747adb0db50b6405cf3e5d5cef9424d86c595a7f174b18f5

    SHA512

    ba5c1b64dddee3b02b1c1f60252675bbd1057bf3e1f20560b686b3ace8591ae74feecc8865221fa17248e1c459fb147684aacf3aec8de35c55b5fadc385e232b

  • C:\Users\Admin\AppData\Local\Temp\Cab93C9.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar943C.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf