Overview

overview

3

Static

static

1

Microsoft....we.zip

windows7-x64

1

Microsoft....we.zip

windows10-2004-x64

1

AppxBlockMap.xml

windows7-x64

1

AppxBlockMap.xml

windows10-2004-x64

1

AppxMetada...st.xml

windows7-x64

1

AppxMetada...st.xml

windows10-2004-x64

1

AppxSignature.p7x

windows7-x64

3

AppxSignature.p7x

windows10-2004-x64

3

Microsoft....4.appx

windows7-x64

Microsoft....4.appx

windows10-2004-x64

Microsoft....4.appx

windows7-x64

Microsoft....4.appx

windows10-2004-x64

1

Microsoft....6.appx

windows7-x64

Microsoft....6.appx

windows10-2004-x64

1

[Content_Types].xml

windows7-x64

1

[Content_Types].xml

windows10-2004-x64

1

Resubmissions

25-10-2023 13:58

231025-q979cshd42 1

25-10-2023 13:54

231025-q72c2ahc87 3

25-10-2023 13:53

231025-q6ywhshc46 1

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    25-10-2023 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [Content_Types].xml

  • Size

    469B

  • MD5

    984220fba7378afbdc64f7222902a625

  • SHA1

    3b7b316bed4abcd2a010a8a54c12606d272c4a3d

  • SHA256

    8ae94b77a2a3a7c0123a95da7311fff3c947b0df40e003ff5ea69492e7b8eeaa

  • SHA512

    41ef03d35d65ad98f1ec1d2eaf80a0e821993d193157800025252352840247dbe06816b9171c41183ffcbf7e8eca4725d5fca4f0badcfd346c6cc241277d625d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\[Content_Types].xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    373c0d9781ed9303075976a0cb8efeed

    SHA1

    bf87437e63fd8b2637dcdb8c866a14fc9b9ac95d

    SHA256

    83c9d86c57faadbc722dcd35e67e9df3c9f7f248ebafd41965cf261400575c0f

    SHA512

    8506bd78177c7f59fb076d92bd5dd68cef0145bf6f793e60969cc47e62683c4ff2fd1a5b51d74d46f7e1bf0fc694bfe8facfc8e9b4abde45520b1a73cf8e14e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07f20f7baa5dd77c0001120ac8d88d0f

    SHA1

    b73edc8bee328c788010250f48b633b489815a97

    SHA256

    8782f6aca5d7bd4d242318981eeafb4c815403dbce199afb1755ae7b34bdc368

    SHA512

    6a143835ded025dadc1ddc47c1171f1a187f1d9b38f9602fcf3f4930c2c6389739473c0df10af793de571940d15290fa6db5e7213b6d0dbb05bdb3b678e08e50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a65e2e6a9b49a9ee1c97615f074aea6

    SHA1

    705b5b52207ce5907220313ef939e412cb81a2c4

    SHA256

    4b072e84f868b17ba543c6234f4269ba5d963b120cae2de8ee1ddb7a4811c446

    SHA512

    7f93d12b4411797d9bce9c553cca759aec41faf27ebd4e73b8b6e893502009549288db93c30443a9afd62822b48406b387a90b82c8523fb6ffa3cac8afdcd090

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57e6503c9b1c008527ad33ad852baec1

    SHA1

    469866d0d339c321632692cfc92bd1bfb85c9b03

    SHA256

    bfca2676ce6d860ac8668f276f829b65142800d3d125a5a1b7270b2ea56f5424

    SHA512

    3afdbdbb3f08f25d623614b00b6f54dfd39863bc1e8b60b1d8000ab3a5d2fc41b7be3762173cf1887ba85fc9a34cdac0a78ca8f0794bb060c0e17726774fd532

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    432c62478b3067e081694d2e47b25d10

    SHA1

    7f873bf36d91db2924ef2b87497c52d2fd6346c6

    SHA256

    bfe41e19ce977b6ebc4273ddec7643e7a8cd6f0a404055b99b16e97f81524128

    SHA512

    c1757cd82b0cf7a39a5736fab2eb651d414d952ec239871a63f73dc75c69474706c9322aa9f65b36432f6d9e5f0317e0ef9c61c39578cfd2c380006fdd821bf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2171a36d04296532f84ac4f9895d9fc8

    SHA1

    3f84703e35d094e1df3481560b06f68d862829ab

    SHA256

    ee1d8992dc653cafc95665ead7d710718afaade5a8ff482911321dd18a6e0d73

    SHA512

    7d902541003e4313a012cd46e8e9de20dd78595ca5d3f45218eba3163d637d9f5bbfcb89daeb4551dde6272f10999e0e91bfc885a5599d7feb060e5622589a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88fc6f67872cd7a02af386e88370736b

    SHA1

    72bb8cbebb83dda31a0b6990f66d34674f7cef27

    SHA256

    55c2087e4dcb378ae3d718a561292f3746d296eb201f1bdac06d9e146fff1af4

    SHA512

    2ab01ba4e1ab532384c5644bb1b600f3be1d601553aacd0d3c133f9d94cfd3efa6e9486a534b792f3c9e89460fe96b237c8d5a86a2fae3356c8e837cc0bd8309

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7959295185259b23d84fd290cab8b5ce

    SHA1

    6d3f6eb28f49846e651306cdda3d4cd9abb08f71

    SHA256

    aba5425f557fae18faa1d7933547b84b7dd2a443b28ed7a34cf265feba81d00d

    SHA512

    8b90c4c4e311fb9817bc5f48669b93e52b3384ffdfd5ed0e092bc6f627b7da4382a875d5e0442a146821374652d040f85bda90b570cb4da2e29d0683a2a1356f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e196b79f983b202d69559ef7b55cc6e1

    SHA1

    926f7310afdca011dda73cbc9a6bec1d57ac43df

    SHA256

    bae0ad31ff72f8106632aeb1d20265d8071ef6f52ecbe25d2be874c5f90a1d4b

    SHA512

    412727ba0fd26ff7b089f53bb419a392ebe6fa183597ac6df45af03e786e6fa96b21af713f2e73d17a8385ee7e94387d62911d38cd5bbc209256da6b1f45f8a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab589D.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar936F.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit