Overview

overview

1

Static

static

1

MariyelThe...er.xml

windows10-1703-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-03-2024 21:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MariyelTherapy_Launcher.xml

  • Size

    248B

  • MD5

    000c61eabc40c2732f371bdd13a802d6

  • SHA1

    7efbd3bb39e1ac2604c141ff7fb2591fcd561aa0

  • SHA256

    e85bc7e0d4c613111e988f1f90921fd53b4ddcd5659fa9e3c47a4dcf253d3f11

  • SHA512

    2c03783e559c1068bc600d4626de62e213a00333cbdbf178fe3f5fb4417aa8c1f0d1ff7d03c800b7a0bff7a89f103c51977c9e06684ea44ebec3a789d875cf62

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MariyelTherapy_Launcher.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:308
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MariyelTherapy_Launcher.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4048 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    0c31d4e05deae551b0b7370d3c6ff007

    SHA1

    35afd1c9a8521d99e15f38d12b672aa63a8519d3

    SHA256

    b4bc96640fc934eee7a4737f5f8c147ba5372c77bc598d6e27054fc3f5db51d3

    SHA512

    8fea3602bd5a1f188a986522c610b547d80c8805f93e7077cd3acec0ef21ca7a1f5ab0e433fd23a6788b63aa4a4f11fc3cdf483dfbed121c95a9110d1683733f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    dacf8a3943bfdd71c3d54f7afa37b1f1

    SHA1

    5ff96bcf8db71384f40d39ff07ac9c08e3703904

    SHA256

    8dc5d44ae274ebf2f17cd71beb7445e9cc366d69ae6e812c13690a630bd36fee

    SHA512

    135994b35964992322a380846f4738cbf2f184579b32775cbad45e68fbaff4a1b84669b34e04e7396327ef8557636e438dda7279ad4194276077e63eaa39d960

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\00WR1VFR\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XAHXRQBZ.cookie
    Filesize

    541B

    MD5

    b53b93148220d518e8f5e796e099d240

    SHA1

    def0debe549d3ffe720a36d9e560df7496476ca6

    SHA256

    c5d0766d2ad91970a3b16f92d0923d4bd0593799b16f8d56d713ff165b6b9450

    SHA512

    20aab7d942d92cfc0521597f9c5f17909d77f8fec3f13b7a639133b31e01f8a94ac3e8cfff71c31649ce43362406f2feae26280eb15d4dfd83f7356b6ac4c966

    Download Submit

  • memory/308-12-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-11-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-3-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-7-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-8-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-9-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-10-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-13-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-0-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-6-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-14-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-16-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-15-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-18-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-17-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-19-0x00007FF822950000-0x00007FF8229FE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/308-4-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-5-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/308-2-0x00007FF822AB0000-0x00007FF822C8B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/308-1-0x00007FF7E2B40000-0x00007FF7E2B50000-memory.dmp

    Filesize

    64KB

    Download