Analysis

  • max time kernel
    138s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2023 16:54

General

  • Target

    _rels/.xml

  • Size

    590B

  • MD5

    77bf61733a633ea617a4db76ef769a4d

  • SHA1

    9d7abf0ee4effcecad80c8bbfb276079a05b4342

  • SHA256

    e19238d7a71fa7a2490776252686f70e2de6238c87cd509b5e3a3cc07c2ea4df

  • SHA512

    4f1d48a8273436dbb710bb5f26bdbb701e6c6346511d6ac2e4c7f92db705fa1332e0a4ef9063dc0886e2e5b8b01ec209f8f99890957fee635177c41b09bbe769

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\_rels\.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3052
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc0ecb728235721dad4c05708579a487

    SHA1

    b89fd2433208cbc67b47a4ce0358fd8a72301a96

    SHA256

    bd5963cf278462fd03b7f60dc7f2461c750f33d33a35a5bbb09a9607dfaaef30

    SHA512

    8c46bea5221544bbb83f9bb1aae64cf620527507a6c2f1f3c561ccf457c48c31b6247beaeb605557bb4fa267677b7631cda50dd5cbd022713c83d0a5241cc491

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b1108668c88aa65f8d950f390f27e9dd

    SHA1

    23971834ef0f8d1780c6b83f8a77072686931ac1

    SHA256

    2fa95822d202fdd27f452b5ba1a61552363e995d8568252b16823872330d3b7c

    SHA512

    48bec51cb1977a205e11da2864f9cfcf592ed9654588e5fe7dbc80d32826218230d2bedce7f6d286cd43248f82042bfce84ee7686341ebf738956cd0486607d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4eca7c58b57fb7ae89b694cdef2c5773

    SHA1

    17fd36cfa44f239fc453ae853996d4a03d09eaa2

    SHA256

    df3240e4de766a8a9feab581a2b6a5c2040f27de212a0fe9e6829f224007c9f0

    SHA512

    71c1b54999699aa8bc6ea742dd2da3d8a59fb1619abdd4cbde7c84afc4620568af586d36df91cef7952852a963159138767468d46e35d81e6e963d06a098f928

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5f74c9889e4c05b970df6451dc9d9e89

    SHA1

    d9de25b748b964dc1c7b29e77997c6860309d245

    SHA256

    b1e0d10d777561e839bae79fa276398eb29b6d69c52bbe9cdd72aaa4ffb432be

    SHA512

    a4460d275f4e2128c5c0ccc59e90166127bf66c95e6412d211366f31685d092b4dd1b615acdf2635fcd4c521845ebb0021ac90a5993922556fde949593ff41af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    462eafcf8f527300cd9107014d6889b2

    SHA1

    78ad1eb2563ac8aeaa34b92a10411dce2e06d108

    SHA256

    c6a572010e56812a1e310617f629944876db5bfe7bbc2f12b447d33201ca134f

    SHA512

    9b9d1e312df2f51bb45d3fef453d7a86755af2942c6492594ed2e654cbaf1689d4305ca5951ff1e525ebd00404829b0e68cf9e3360075b074bc5a2cd994899b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    289e509ef92a4175d970ee567b5d8a21

    SHA1

    8b3f505a6db9e86a4a5fa48dbc39a19928347665

    SHA256

    c288f2ea6c15a243ed37b09689a502a37ab30ffa98fc085a4d3f5d2bb8eb092d

    SHA512

    58df90d2c4d7f6880c0e2e0ba6575fb901fd60a7488845c01c3760c13f588d27c4e809a0d95233b4b3a951353ac7ad7f42651cfb93778d043f5e7a34d85a5ca9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3d3c27aacca76304b0ff84e314b76c0c

    SHA1

    8298fcdaaf26418ac539cb5ad1abd6920bb308b0

    SHA256

    548e1e36676dc059cce7607d7693fdbc51c3bc02ae8a20cf2b7173c0f3980793

    SHA512

    35e5cb073691412341b7d4938d6ae75a6ee085e9f001708f4ed64a53a7297c40dcc1ce39e1983b020e22bf467b4a2690810fad39eca2c6f57ce26a5a29e73c76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    66e898b22a32339b257e38636fe5d5dd

    SHA1

    d07d5d5a3a390f8c8d24b6a39fcdca7bd96d2036

    SHA256

    186ac56ea7d67eacdb8b2ce9c52545b777a5c0f863250d1413204bb9c4079ab8

    SHA512

    13729863f52975b74555e103fe876bb17eae45ff73779e4cfaa3a8aef34e943faa46af606c056a24b8d8dd00af605631d150b4be596487b747c539e02572f245

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e371eebc473a0d9a51501df92dabf8f

    SHA1

    b60a2a9f8b957dc3809dc1cbe0b0792223f869d2

    SHA256

    1a72b539d841a83f11e90e9b7a975e2847d8669ecd9f48d8859123d16b42954b

    SHA512

    839ca8eca48cc073ec94da9d4e7b11217d04d32c9d04a27499a1e45b616022a22c6afe794be5076bda5debcd2daa0bffb05d97e31e6a7e77476666a445078d5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c6721e3cbbeef00413594a63805180e1

    SHA1

    f7c98d738260995a5b4855c84dd94d847bb55a27

    SHA256

    f95e23f373e59b9aebdb6ad0c5250eede6ac8abebecd3db4c7a80c09aaaa5a59

    SHA512

    d8314b6ae6d4b0d4360a714480d581196ba121054cd3cbc4eccfa6581b21bbe68c414929e2b4e40b10d2924ebbbaee2903828c657133497e88e002c2bd0f1ae6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    50a3343a750932ec0293518f21e01960

    SHA1

    9af2ef8ae0e4b7ee30d6f76959ceae1122d7b25a

    SHA256

    12b87525722d653dc78eb3e3f390bc82ad06a2e4a6228e2340821619d2a10b41

    SHA512

    19c0d7808565d80445329d1f502ff8f4d907370449a44dcec5e0c74d06636f7af392e3a9ac6f04338124068006fba5ac2fcf2ad11f05dba6aaf9b62c4e43bf78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b20b8de809794fa9ecc559d995d2d2a

    SHA1

    da43504bef98e97278f4dba9deaf87f14aff75c7

    SHA256

    930a84d1bd116f45f126e050faa7a2d3f99da2c6cb935e400e1a20d3da820425

    SHA512

    40d20e1cf964c171c38b79059dce754ddfae89b3cadbe10012e977a4d74b03bd9ab0a4e07a52761d4768595769e218e577e49845f58a3e1129fa07187efe738d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d48a886bb57cdf6a695cbbce7b587921

    SHA1

    fdf510a2ca6f9a4a2c2ca12e12e2fd5a7c749158

    SHA256

    81eeb6e5a78305055f4e12440a579e94897998e269fb0cda9a5dc4d8e75f6665

    SHA512

    32635c07e4d1a946eea91341b3708ac9867db9956dfd2e969c18c1440a11c554a45f7b3741192bd38318bbfcd83d74be12f935e609fbb75a1f8833f295adfd8a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f622dafc9f63798d229cccce9fb06846

    SHA1

    0cc5dcf23c3099d4af210250c20709191c11baf6

    SHA256

    8dfef7b61415c1cb941f00ef5074db7335398bc80b8a5bc84149fafe5120d30b

    SHA512

    06766522b24157f891a1d3c0c2820b9cf1048c208b9620e0c0f001c4035e084c353c32966a1dac502af4cbe20c22f1d4593bd6a97eca9cd91b6152e49a7d696c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e911a64cb1c1012e5f6965a348843c9a

    SHA1

    c96de3a6004102e3ff503ec17b9881da3d4ae96b

    SHA256

    b568cf5d18fd4b2b16f26388ca89aec626fd65c9702307bd20864fa088f58910

    SHA512

    a3a9a84604136e671cc8016c4311fc0a88381ad4974551489b22f97d6e0101a2dce5c0dbee7ba40b11f4b8a520eaf314ff1c2a1fcbdb5906f17581146ca84a67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ae96d093c37d7e5a8d7274c0ef8395e

    SHA1

    913610e9352737ff4c74406e85f5190703513def

    SHA256

    ff3924704779d3bff081c67ce400c2375704fda3e69405d2be942efb8bf39661

    SHA512

    b9e57ebb19c75027b5e929a00215b80269ffbdf5fd0e09a4558e8658158b88476d2c3e77bac6df9aaffe5978ca40ef79a25b59c27fb57e5dbc7516a813f38a4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    96b448b1e88d9c21540184b33fe6b217

    SHA1

    28a3504b7df04846f3d2e7fd6de62b7a3ab0eb05

    SHA256

    db326bba6be398696e66d8f6e1bbeb7c0e3288c30ec3bccdf049833233df39d8

    SHA512

    ae4b5c5adf133c88d9ad3eb66bc6f4032d4a24b313fbfb0d7d1a0318832833f8a2001591cf32f509f6254338827cdced1e3cd12c848d5b282662b7710619082d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b99ea86ca96ce2915cb2e39203614d1b

    SHA1

    f54ffb07725e0fee34fe25c1f200f072a333a4ef

    SHA256

    5d6ec20f6141991070b206c000fa99cbe2a3066b8156517f74aabeead1bd86a5

    SHA512

    e3ce35525915713c0e7b206a7efacdf4e58c0c7a80383d2dc8d5fc570a7671f258848b3a29dea532f16c4a369351696a55f0ed2cc886cb717c28f79cb0742d37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0caf2ab941d09faa1497bd4f517964d3

    SHA1

    6f8a514b890745b21ddc1e8e30bf192462a01c6f

    SHA256

    0a6842fb29a3de768c7b769f8f840f495ff5b78a6a8e639a41901c166b68731c

    SHA512

    c5fb5bcc28dc71a996fe69351ff35eae054cc64884641bb460e6cdaf7295c85c3b36d993ccdfb60b5b0881570034342d6d9d9f9a60db759e72bdb8c1accc4220

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a9f25dcb0d51db6773ba4661b2596be6

    SHA1

    64b9027cb7c82d91689bb99d93181dfa6f8765b3

    SHA256

    31a41e0072c5c6563615b15e54b3f9ce3a8b34c7f3cf354303ef51e3e84ad9cb

    SHA512

    8728b89288ec4bf4cb5407f85167e14871d0acb102b917db18155a30b3599fbcd467c85d107bb5dfc6c9017c718890c37ced3dc08457f37d00e79ed238bed895

  • C:\Users\Admin\AppData\Local\Temp\CabB28F.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarB744.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf