Overview

overview

8

Static

static

8

tragedy_redux.zip

windows10-1703-x64

1

Analysis

  • max time kernel
    363s
  • max time network
    864s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-10-2023 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tragedy_redux.zip

  • Size

    23KB

  • MD5

    3abfa64598fb01ce7130bab6f24d4ea8

  • SHA1

    a1d8f1e0613286f279506a1fbd1bdb75c2f27ecc

  • SHA256

    f03e0df31b16d4dd954918c496a24107c69a6468be1f2703fe56ef1f91118e47

  • SHA512

    94340fbf262d32177c94f39ca4e1985b457508ae80ea361341640f1d396f883d65a31b220966ee86a111dd14b79076dfabf3e9967cfa9aa74597439c875489ea

  • SSDEEP

    384:NiLBYSEK0YBM2oK1KUs1IdXJCtmqpwcdSDat2aEkRmhudj/hv/6iMLPj4:NkBYDYM27A8XJC8qpwcdSet0up/ZSiMQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 45 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\tragedy_redux.zip
    1⤵
      PID:5028
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4448
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:5000
      • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
        "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Documents\tragedy_redux\word\vbaProject.xml"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4860
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Documents\tragedy_redux\word\vbaProject.xml
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2220
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:82945 /prefetch:2
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1892
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\tragedy_redux\word\vbaProject.doc" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2736

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\~DF5E80C2874B640642.TMP
        Filesize

        16KB

        MD5

        d9237b8b033fd1c3c31a29c2bdc39e2e

        SHA1

        993ae82f5e073925d34ebc3ff08e13574dd78ee2

        SHA256

        d853a063cb2a8a92618444d430446d638a40f26b7396c6569a0fa03ca5de0142

        SHA512

        3de8122bb72344d0b702c3ba059b15faddd6942d4d1384832b41ebb4d6a8e0f8c5cf3d544ce08c28729c17dfe9785e5a665b1c869e8346ba3c47aad5597e6b4c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
        Filesize

        257B

        MD5

        a20974efcd0633f30f01ad6f60a8efcb

        SHA1

        ee8a09b2198f6992d0c6a1e087cad6aed3fb7d69

        SHA256

        b44920516bb9518954d493279c40cba2752bacaa60e1b5193a22d48f13b76dde

        SHA512

        fc423127127a43c8bafa79c15223ffff2e0a9ae2d02974b6b9566ef041ec973357f01d5e87cdbce59744c662a95c305bc6266b8008752a02228fa0196ab14f88

        Download Submit

      • memory/2736-216-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-241-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-313-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-312-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-42-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-310-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-309-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-41-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-307-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-305-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-304-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-303-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-293-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-257-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-256-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-243-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-235-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-217-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-54-0x00007FF9FB3D0000-0x00007FF9FB3E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-53-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-52-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-32-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-33-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-35-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-34-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-36-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2736-37-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-38-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-39-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-40-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-44-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-311-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-51-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-46-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-47-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-48-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/2736-49-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2736-50-0x00007FF9FB3D0000-0x00007FF9FB3E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-5-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-3-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-9-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-17-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-2-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-0-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-19-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-1-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-21-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-16-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-13-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4860-22-0x00007FFA3B940000-0x00007FFA3B9EE000-memory.dmp

        Filesize

        696KB

        Download

      • memory/4860-4-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-18-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-14-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-12-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-11-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-10-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-8-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-7-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-20-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-6-0x00007FFA3E3E0000-0x00007FFA3E5BB000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4860-15-0x00007FF9FE470000-0x00007FF9FE480000-memory.dmp

        Filesize

        64KB

        Download