Analysis

  • max time kernel
    134s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2023 20:00

General

  • Target

    word/vbaData.xml

  • Size

    2KB

  • MD5

    d11c77649d1825dbb1581af91a1c67af

  • SHA1

    f25ce143180a53ea75a50a9163e61eb51e06431b

  • SHA256

    119ac08d8aaf410f9b1477e460d40e6b537233080a08f90e07d3ef89aa797235

  • SHA512

    77211b7bcaad4f617b647ffdd9f9eb5016338ffb4cd712446bee2e11b33c3e1c746eec29047397eb5e94c40b1df10edf42a24d0db8fd51e5b09d506336c06142

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\word\vbaData.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2736
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    31aa2536380c607ca372e5caf7df84e3

    SHA1

    4f894bc350fc924d7e2385bb43008ba49654f4f2

    SHA256

    02971c977518619bf1a118cdc1d6770e0a60d031034181db99102c89438e4f1d

    SHA512

    7c4baca1fd5ab8ae4bd66e4c2831e84d9d980c57061bbbae8c49289611434c71763dba930d0d9426175907eb518c4a6be29748e963964ff95ff19abeec8b6962

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa9c837eb2cd6a9931a944ef853e4a7d

    SHA1

    1234c4e9a30eaf178ab0d0f822a449636b2b5feb

    SHA256

    b32117efc7435cb5f700168292f8b120996637931ea79421b925796948275852

    SHA512

    ff4e30c75c8138c8d2dfc5918dc6a800425a0159cbddd46ba87bb10e19ff9519c46fdf4ee7923baf59303bfa1247a990debe339ea8047f79b67ec5606d6b3baf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa6ef7244b794f93f74c1eef129e25b8

    SHA1

    4d283daefbf4232d5063c4dede28b74e11b9c63f

    SHA256

    1a8ae115cccf01dc2ec3d41e21f2ee190b6d5f74a0d6806b13f28ce81a83b57b

    SHA512

    af7f379776d31ae075b38fae260de9589b9413b33ed3077397e9f5091daa59325c01b8b75fad61100798acbac6a1482c05aa3378ce48c840c637b12c66027291

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2237224fa51e5ade30c5d613afdfafa0

    SHA1

    2bda36e1fa045e8719362d093fc0b0e1aaac0ee5

    SHA256

    c3f9669b8fe17be0b471799107d455a2dc6acce007d35d0f4ece9b2eedcc494e

    SHA512

    a1b3ab806a10bb16145fce3e89c0d79c356505193b1ae13cf969cc4f7c42b1b01ca9b1047d373985e8f41aacc4553dbce47cbe0bf985127c56c42ce9700c18b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c5c45ecf11c0bbcc474ec469c1c01270

    SHA1

    7c449dced383f1b25b234436ecbe1f7a1646075a

    SHA256

    222d56aaac315ac494874078a3d40fef8481cf00654ddb38ccd95922b4f4d50e

    SHA512

    84c824e3a2c02285addbc640d12583fd79d2ea63be34b33c48e2e7c6b1bd0631881784478bc34392c5dbd973dfd1fd59232f380a206c02bfe0268c8e83e57e0e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bfcd71fa444380c6d9c6cc90a71af3e6

    SHA1

    07fe7564cf55955cd1e9cd76c83a6afa7427f93c

    SHA256

    661f8c7c4f6c613afe6b71eb5c23e1afd2083480c231572ab1968afcc87ce81f

    SHA512

    bad0a2eb36f3c31f93b23f6d227158cc0dbe95345dd4d3bc159d57e2fbc43e81c1d5b6816a6187f75d92963bebc9ac0abf10541067067e9b26bf10845e37ba5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    374b45fd690603d35c5efb80493f6e23

    SHA1

    84d76cf53631460be25fdd8e1753d34b32e7eac1

    SHA256

    473b28231c1cca78ccee536ec63b55ca11721b2075d0a15ebb89c4c09306d00a

    SHA512

    c45bb48669e92d064ce0f84e35803ea416de53d6324ff9a37d1a33be2b7de41426d0699bf06eb1b0e4aab099b7f0bd00f5f3111c1ce6d28877247981cdd20e5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    957b041680314ebb83a9fce0fd41e621

    SHA1

    b811cffbb3242142d28ec30b28d8d455584bf002

    SHA256

    a54fafb389eb793f37afab68256cc5931dd61fd611d4a665b9a4372c6db24315

    SHA512

    6b5a8b90fce3089876b81bba9b4cd830571e3672441004d881dd1de14b390d3f200ee656082b30e3c1a76964abcc63541e7d26c10b1316436ee3f455a1bd945a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e5e803fc8eabccfdf8f9b9ac4e8b1dc5

    SHA1

    4b1039db4a414ef14fb441bb1fcccfee02097532

    SHA256

    52ba60168fae5635f256a63b1c5e7738106954b626a88e0855403eb040d9ebb4

    SHA512

    9391eac7c80f35a1f06e85c34b6a105a187dc5c76fb5616d5287d55ec52596c16d1530f157013c6dc4f10a3ccae0fecd9d2e48a9bd832395833721e06e600290

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9635d0cdcd6149d409b2bd396cad984c

    SHA1

    fdbf33cb0a592c826fc380379e9263e54de3f165

    SHA256

    0378265c2d184c2c99ae1be25d8bb449fa1b6d10e109eab8034e835545c69d60

    SHA512

    d3f9bb708319b03b1a68ef26055f3444a8b1b8e037bba912660b5a07bfa1b412af68bb134bb4b348bd2f028ae001411b4a4229e1b98e15bc9392fa8138deb679

  • C:\Users\Admin\AppData\Local\Temp\Cab8E1D.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar8EBE.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf