Resubmissions

14/03/2024, 10:26

240314-mgrjcsbh52 10

14/03/2024, 10:25

240314-mfxc8ahe7z 10

Analysis

  • max time kernel
    15s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 10:25

General

  • Target

    Rino's Discord Account ToolKit/Rino's Discord Account ToolKit.exe.xml

  • Size

    798B

  • MD5

    507dc469ba6375912a430e71a6cf170d

  • SHA1

    dbed5ada57b013e955b5a1224f001688a5382a84

  • SHA256

    9ddb28bd07df5784cd6b11f632f7d862f31593af848e1feb7700020ff96984d8

  • SHA512

    f43dc12cd0f9228b8ac326d4b2eb61beb48c5df5cc4f714b8ba2e8e6dfa17e49da291b0653b37989588c82b743bd77d71ceafe21e46370a6bc1170cfdd5c3b5e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rino's Discord Account ToolKit.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2076
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3052
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b91fb1d48892afeb7e76ce50d61633c

    SHA1

    a6354184b17bc932ed0a2f458ed3b10fa8b5e9de

    SHA256

    5c1551a066d528542434ad8cbe4a76406d1880ad6ab50594ea8e77e2a8946eb7

    SHA512

    b98c65de2aac6f6261c7c94b327c823c3d75c9bd07fe37dbc20f45bf0421916359b2144d3f5d12470b33ba83c1209268c99e8073b47501a71337cd0fa3e42dee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9fbe7c739221d2de87a9b09cf092ccd8

    SHA1

    f3b9a66bcbae53d7a39129beeb0fbc045ba2f567

    SHA256

    008eedfacc8b6347cd9ad6caf4782d39ba63628c9d6c6247e5f1c04b9f9e8e80

    SHA512

    9d30c585b1fcd934068061662c4e39b46383748690a3dc797ea7e07221fa3ca2c1624cbc85bfd328008aed87f57bddd9e6cad7d56beed2273a1415d408d221f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    06c30436b2795232c5b3d3174a476c1c

    SHA1

    454f933dfd91bcb0c1f666f18b6e3b3cc69288ea

    SHA256

    a4e2d1e37422abfe8674d34473648ed3e5918443c461c71eec7f224c589b1b4e

    SHA512

    6b16233661d72aec7bba8de9ad578236e396ac74702be8688e5cc84e626e9543f1215892d44a1849b27ff440e67e981329d4338d7a6912a313828175135b9943

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6254fda5e2453899c13817582f3259aa

    SHA1

    f68eb789cfdebb1bf594ac6470e667ee77e281a6

    SHA256

    19cb539c6059e666bfadda90f7f8069553504f613b2771615d6e428d74285937

    SHA512

    e9afd93f5a57c8045083f8b3a96418e40ffb3bb10ef74aabea7ad026cab940f82a7d339279bc3934a5cf2df8b16d626a01896b3534237a98ab37abdec7cc710a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    432c707be4ec24a5dabf8ed9e04ac2fd

    SHA1

    3bb248501586e990e4c991375d03936d2bd07d34

    SHA256

    6efd137606f8a15dbb87f9a5c114a3beb0e9b71c32684b380eaa3ec4e84b7c6e

    SHA512

    2e192975e35ed94bb953ae5d7e1af910f47718c82b3ede46b3f3929304d34dfbe5578db8c7b52947b2f0d1b53672179aa0cfd0f0034091ae9f04b933d06535fa

  • C:\Users\Admin\AppData\Local\Temp\Cab7531.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar7AA6.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63