Analysis

  • max time kernel
    133s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 06:52

General

  • Target

    updater/gup.xml

  • Size

    4KB

  • MD5

    abde55a0b1cb4a904e622c02f559dcd1

  • SHA1

    1662f8445a000bbf7c61c40e39266658f169bf13

  • SHA256

    92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5

  • SHA512

    8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0

  • SSDEEP

    96:rrxgFDl+72Y+WbPRkrm1+U4YeJS2kG6QrABYUCJ8PYPwJrkFI:rVgFhunzbpka1+UNQo2sBCPwJrkFI

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\updater\gup.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2592
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2504

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          143b9e6d568f19bbaec4ced690c2c86f

          SHA1

          0ee0329d8b82e4a3f19f17bdc99be43fbe263aff

          SHA256

          b21606bd18d9a21bf9641b658ce95c366bb19bdc55e05847272c11d3d5e80aa5

          SHA512

          a1a7e07544d9d100dc969033904a5d743858564f223cc7709feff840ba7dd135f3acae9a53f3bb61f88180a87e3ffe149bdd8b65f282e6a483bfb95931f7d81c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          bbbf9a3e00f90fb7fadda0397302524f

          SHA1

          5836d2ca5f63840febe94176ea83b3c1a303f58c

          SHA256

          4269d8a3dbede975a32f1fa6702e80c08032aafe54eb16450ee8dd80226db8a8

          SHA512

          d0953e7cdd33e2c2151d47d8a2247a18cff23dc8c0c3c52fd2ea14b02bbea61cec5b31392e9d6e4912a93d13144c97e84c7baf6aa77b6bf505f3d02bad2a3a14

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7c21f1837082756fa373313f4c5cc1f0

          SHA1

          2063ac70d251a2519da8554f27469ac736899040

          SHA256

          2f70f1563870099710022ba7ff964bcfb3029c1ac5150adeb55d2ca53373f472

          SHA512

          52d1e4bd5ab033c56c41c427d327f1f24161b137f803b7745bfef2a38edd936ffcf11880a54396b984ded2495fce6cefc9753ea73e4262e08710198cfa88e0e7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d21cfabf109a169e23953530d713e5dd

          SHA1

          afa5f1ca377dfe96d1c22980e70049c0939f987f

          SHA256

          69c8105defdafabc21c53b85232257e368bb452b68b1a12ff43c6eb25b736e1c

          SHA512

          e2be29f9b4f09ffe43306e75e537bce948ca728b1a59adee5e09dc30e9429cf1aeb5dc66814e6d4670dedd6f73b820c3592ec07554b946bbb22e9ec23571bbb4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          49dcacaeeae9cf61db8a6f2c49c3e98e

          SHA1

          d93cc1c19352ecfc12c04c654dcbaec413ab1356

          SHA256

          ea5ce6f833e7b4df9b6f6f10f29fd32e33dc547c9c40963e38532356615d3165

          SHA512

          930a425c526cf08399e9f37e5976acc48dc4525cf6ddba0c11f831af4d482088929bd3d80c5543c9e29161a9df4387924d148503ab7d80a0ae94803f7bb21d86

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5c71478a88ebabfb67af93d7dd7dcab7

          SHA1

          40b9b7c6074a16323930f6f2b67c0112cb230737

          SHA256

          2c28cef45f443020c01e9594369d5cf3253e945086fae9324bea511f0133903f

          SHA512

          dfbb68a3ac5ea8beb287bafdf9620c977c6b3c030ebf186fbe0855d1a17c03c3b64dce044234bba16865f6224143ffe76a423b00c6d469425f7bd4f40199dea0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ffc7493b3a86adddb2ad564fad724a49

          SHA1

          79c5d6a53a7db50fa234595fb0d32ac8f3ddeec7

          SHA256

          98ab77a56f326c8747971ce3dc8bae305fa9821b0ee2b15cf544e635f267e549

          SHA512

          2905b83b8a895ee7f01d7658625036abe2708d19f5776b6b73001765fe6c428739e0fee54c2cf7e1210cac9fc0180dc4258430abef6b45d8607d1874d3c400cd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          acdbcb70973b16a2e6f5192e3fcd8857

          SHA1

          998eae123e4f9c734b3efee99fe754100ec951c7

          SHA256

          1326b060fd1044f768275647840da6c5a16e026d443fd7cfaf12d9f7ec47b4d4

          SHA512

          a48be16c3c20d34ccff1f7aa516410fceb45b0700e3d5a21e529df75982734adfbf7c258fc328fffa82a6fe3e2fef4e023e008cfca42bbab9d3698c19a9a503d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          bd21e1a987213c24fc44d6dcabdae2ca

          SHA1

          8be843adb46e04e04a3e48d761a8b96b22a33823

          SHA256

          b7bbed44f4dd22c7582f20854c9c803dbddccc7732b6a8872e82c85022cf0d64

          SHA512

          b03b63c795efb280a3ec6693a41bb21da60bb098df6ee39c9cae7337bfc02c944c30ca05b3a4be1d80947032aebcd7837f25bfefde83017c98b87e3139d44632

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6e0c0b0ece181a0df7b530ef50961a30

          SHA1

          9b9725b3d6a0a792cd9b248c77e58acd0df4e495

          SHA256

          8a0011c75a82ce7a7a4a2d66a39e5688b0bb88edfdb03a54734a024c8db9bf49

          SHA512

          e174acd32a98770c04dbe1a110835b7feb8e8f926f2f89a63d18cb34af723519a6435b2acee114120b3f5a90dd18f9e4d7125f549a6aad16ac7abd7fcffc72b1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a7f3734e2322be342b928cb3cd7cc53b

          SHA1

          5a33ee5ae6441e55b86d5fbf7e7c07a756e1d95f

          SHA256

          5c5c8bc0cb3bec06b5b614a76c85eb05de766561a5d575f7535e6a465674ce16

          SHA512

          433fd2c5d76ed32835057d868ecdf732756f92332e1a02219f05a2aeae6ccb0e510b30f176f012c223273d001b6dac701df5662ef08ea17ed0190adc635cc92f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c14d21ba023a709fe60c88085c8d2eb7

          SHA1

          5d780413c01c29cf27872e5cdee1896c47cc36ee

          SHA256

          51bc13c96df5517389a2b380e7c694af41850169ee1e995187320639aa0f5ed2

          SHA512

          47f710b9d32c702991b46c4bfab2eda49f5f53c7d006bdc8434310661b5ef1e5e1dac93bc49973f5ea624ce386242da758f284d38f6f45239baec0e456916e3b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a9617542cf668a3c9b329c00395328a3

          SHA1

          3c304c6cf53464079e2a0133eca0ee7372b00075

          SHA256

          189dfd3785d07387620500b1b5b80f576fd237088c623b774d3210002a6af8f0

          SHA512

          17858e04cdd7edba36a8a1c6b698180dd604718d88a2a965a84c90cb982f0e2597ee15dd231df9511f8f8d72a66ddb5c2379b2bcb02aac8301be0e35f22e9aea

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          161e8118027e00850717eab26d442906

          SHA1

          e580cbea412250ccf24c58a7fd50aa2d6cd5794e

          SHA256

          efda5273a4fb1ba51f6bced948b7c011d1ce38fc16309ccbee7fbae348cc608d

          SHA512

          154777cfeb3c0cccd3e2dd2864d0cfbcbb7af7f86381c8de16324c0ddd81a951c5e76dfa931611c3e1919b57fa64ddb948b9b0d4ef0722271c31de037849222b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          230060ea44683c3e776f34d5158ebeb9

          SHA1

          9eac4eae2d36d3b74e31d2402d6294f01c44149d

          SHA256

          428311dc109e14f04348979e57c35d45ea343ee6a9322be663d0148645307680

          SHA512

          b9b1244645ecd16f7090d4a4a02674b1ea8dec65309ad1d198322b1de715fa76bdf3b445e19500e0fe3b51eeeb45bb890cd358a4872f39c50f6544a47f7b5560

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a192dea04652a26d9be9cbf20cdda021

          SHA1

          1d429cce6ec1a6bdec590906de2a8c94aebc2b03

          SHA256

          0bbe57819d382bd92cc4397f17884dd7025d6d1343a2290c00a70c44dcf137df

          SHA512

          83278585291207b8326e3ac0e09b44e147d39937ce5e58203b563a40349d10113a25fb7dbf6fd03f57f5447dc74dbaf44685ce4ebb717730b9c77e07270271d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c516038f2bf086fb6259165034342d72

          SHA1

          b3bf8c6e0d2b10d6a73fef5bb7c27af23806578c

          SHA256

          fbe3b6e29d65ae4d5c5a82d8e50592f0a9a3004c0d24cbb053812b851b61d6fc

          SHA512

          d02dc8707230af2b37becefbfa97b183848e96c099976f47110c227860d96798d0777211eeacb50b334850655f4f871a7f3f39ff0d4c6db312ebb6cf2c520d6f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ff3cdcb53b6bc26f04433ecd0323c01a

          SHA1

          2f0e89c3b917d7a34a881480b3c9bfc4f50d06f8

          SHA256

          71e270682db0cbee34deabc79a5b7b5256e8d0c1a491fbbd4225176556fbb9ba

          SHA512

          b199475020d1af4934f1281296c81cba16339184e4d3aa62b8aff98ca2adfbd07abfaad4434dd6902c88879fbe058d670641147c9e7276c29b47a809b8b94cc0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          634d3506fe2a541047019bef02ae2232

          SHA1

          1f14687a0d6402efa353fb29526eb6872a9fd8a6

          SHA256

          b2a1e1b3fe9d766cc6694ac79494bea5a8cdf22628fb70d2c580dd2ef21bfa83

          SHA512

          370f25042ab6aa6f8d334e8d6cceb073171e3ed8fa63b1aafc01ac0d3fe9a6e3a7c8270d2628f1cc26ed9d72dd78dc45d5958725e5ceb8b9ee5e5b3424a8de67

        • C:\Users\Admin\AppData\Local\Temp\Cab46A2.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Cab4761.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\Tar4776.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a