Overview

overview

8

Static

static

8

tragedy_redux.zip

windows7-x64

1

tragedy_redux.zip

windows10-2004-x64

1

_rels/.xml

windows7-x64

1

_rels/.xml

windows10-2004-x64

1

docProps/app.xml

windows7-x64

1

docProps/app.xml

windows10-2004-x64

1

docProps/core.xml

windows7-x64

1

docProps/core.xml

windows10-2004-x64

1

word/_rels...nt.xml

windows7-x64

1

word/_rels...nt.xml

windows10-2004-x64

1

word/_rels...in.xml

windows7-x64

1

word/_rels...in.xml

windows10-2004-x64

1

word/document.xml

windows7-x64

1

word/document.xml

windows10-2004-x64

1

word/fontTable.xml

windows7-x64

1

word/fontTable.xml

windows10-2004-x64

1

word/settings.xml

windows7-x64

1

word/settings.xml

windows10-2004-x64

1

word/styles.xml

windows7-x64

1

word/styles.xml

windows10-2004-x64

1

word/theme/theme1.xml

windows7-x64

1

word/theme/theme1.xml

windows10-2004-x64

1

word/vbaData.xml

windows7-x64

1

word/vbaData.xml

windows10-2004-x64

1

word/vbaProject.doc

windows7-x64

1

word/vbaProject.doc

windows10-2004-x64

1

word/webSettings.xml

windows7-x64

1

word/webSettings.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2023, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    word/document.xml

  • Size

    25KB

  • MD5

    515b8b95348778f069717cf78cb6ef30

  • SHA1

    3a37cf9538793068e697048fe91df94bf83ace7d

  • SHA256

    9f35dc286247e7d3a03e5b3d7b91f4ff97447869876236f09fb06cd15c6e8ab6

  • SHA512

    b96d61f34c49f8bac7a115caddad0745a52ffb35fc37fe44cf867c191ad16645852ef9bf6f4b771929f6c2a92aa42c7b23fbc9c02914e91298585f4734e4b974

  • SSDEEP

    192:sFmmY+ZsAZbpL9TI9QhfzmTjCYjpDe1+gyeUb:sFmRGstd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\word\document.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2768
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b5440056f57b63f40d2277bebf665ef

    SHA1

    228935a3b6ebc5889699c0e4ff69dee8f3530914

    SHA256

    b1d1248f680fefafc6f889555ab87484598834bb94534c33f8389ed01e1c9082

    SHA512

    c0ee0951f288253caedfbd256c97e088d4502dd49991af47ba3b536d713119d589a2664c122efc8c0e85c039c8d08096f4266de980067efb565de4c83ebbc529

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a4ccd014409914f0862a11ea3de0f8b

    SHA1

    2a94cb749166cee467f01f22245b2d25333ab3b5

    SHA256

    0374444fd00f2d71bbf39b4416cb71b3768381f51b02cccddd092fae91432c03

    SHA512

    41639996439747c909c96ab22f2024324600ae52cca6eae44a6bbdffdd91d71d92f69546a4c9bd5a2bc8ccbe74c6e012e98df61b02a83ea429dc0de0b9ca3151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5124557cdf625c1fcedb08a35a9b0b4f

    SHA1

    c9c2153fe9a647e97a983e388b84fabe044bdea3

    SHA256

    1f7849bf90ac85bc253be7e10ab4bb2a235a911678e4201ce8f5fa04edee4507

    SHA512

    1239c179af04b3ac8eee4a067e8661b1ee361e4d6ec6a295c4c3decdaecdc4353c92c2d056de62f66da29ae424f11eff71619aee2644e76ec9fb6a2bcf385d19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5cee7bc83fdc50b6fa1b771f6ad88e4a

    SHA1

    b2ffa2283ac3a3d572b8fc582100b4ac771db44e

    SHA256

    377f81116588abee1345c984aec3ec0171641d2cd6bd7b262494f1b4bf005aed

    SHA512

    7671fc5275a8cacc0b4f10181c32786ac1ebdd457d942ec17f98c0c43d8fb745de289fc1b94d2059a218a01294ce0a43eb77b200277c840aaa09d971a238878b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e805d1ba03e95e07d3845324b310652

    SHA1

    c85c927fa0c3ff6ebbe572d2ede0270b6cbb149e

    SHA256

    18d653084803350067c1a45b4cc7bb77055e3f04ae784a9ae0f9f7493e84c964

    SHA512

    f758f1ad17dbf4036142b398fe75bc474732d4e776cf263e632196cefa9d1a71f0f3ed5aecc86f7a5280fcc6715b0f884c4fb6db60956f3b16b1122d8fdc79b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccb41ed21b09e9363ce5cedb64fb7a76

    SHA1

    82da99054bdae3083c69fa62a09eb7c1f7022449

    SHA256

    c738044f3e7cbd9a4685eaada367bb115091f6932f20926a9081238a48b66435

    SHA512

    507f77a9ce28d0a1dd4524ace0e4fa0814ae8082c1f36955ccb15d22d9e5dbb03e50d17a41d78b90e213b604d1488c525fbdc2013516cf11c2da2b10508ba45c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4bd44d0a287c1e03510fddc7f8b81e4

    SHA1

    816b5999c11866f1cd2da857a8dd6fc39e869cd4

    SHA256

    08c3c48dcfb7ab99e670121fde4f9068e259f743169f9f2ff1784fee4506b7a0

    SHA512

    94c0f4fab02791aa5c2f0205ad6952030d0964a82795c1d3a1064f20c300f83c022d35df9dc899e336d4460fb24dfd36683bd1b39dae79a23e632fe687d318be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59921c398bdfe06b6da754f970f939b3

    SHA1

    8a2e121955bc48314c573d48bbdae1470ec84273

    SHA256

    b8dfeb9cd6bab186ebfecea757dd11094e86e115acd2ec06e782e175ee22d4e9

    SHA512

    a28cfa6e45c4ecd3f107aa80327be5e7ed8dee345fb6680016186d808e5cb85679f82512ea314849d11202d0800cb964a73c3de0b14b44068cc593ba41da2514

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab588F.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar58B1.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit