Analysis

  • max time kernel
    119s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 15:18

General

  • Target

    admin/FCKeditor/editor/dialog/fck_docprops.html

  • Size

    21KB

  • MD5

    ddc125e1b2c3ec3810c6b19b8044b337

  • SHA1

    ab3d808039edde18dcfa23aaf785d5909732651b

  • SHA256

    9126f02f587017c59a3c9e852f3f298308e52d06d3ae056c8941fe343ecc4758

  • SHA512

    01d08d6dd69139e8608f96f164e797664dd7f0761cb748630fa529d46a5ea859033d557254c958be1ef560e399877aa7a0f9f1feb3c4c177207092bde3be660c

  • SSDEEP

    384:r7pRsezriDSOrg6DD96BDmkHz1WwuYL2etejS8iPqLy+ExV/iw12tayWJAUU/tvd:r7pRsez30cWw/2etejS8iPqLyBV/iw1m

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\FCKeditor\editor\dialog\fck_docprops.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    98c96318e4361b8dfc3670bc4b5031b0

    SHA1

    ccf7041b5c7b91080b95df808d77e46833e9aef1

    SHA256

    6bced29633265ab3aa066d8f7d92e657dcc6a5039ba04dff640e3c42b26607af

    SHA512

    c40f224cd483e6260a935d7ff977fd2ed3586ef1b5f1c203bd3f96eb0368aa5602405ce2a4e408b345a026d5bc78d8933ad126fa483bddc32484f022ac5b98eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4928b0e62575138b2ffd21734151314e

    SHA1

    61a2dd73e5220885257749e0175e5bd99db7cf29

    SHA256

    1679e131228b7e73f1f2496e0e3a385baffd84cea1085b9cd6a2a92b9e6c516c

    SHA512

    b2bd9b589d05e24cdb365b5415870b6751a87292c7e8975b904fb89f9c23910271cf98cf4b7f4817b42a9c7791abf7d08b744be5444b10c9b465afa2857a8d9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f4cc9d102af3cddb81ae4292f7700a46

    SHA1

    0455ca56d6ec01a2e960b56cad77cfba7fcf99c0

    SHA256

    2f8ed2e4e85e70242998adf47ddaa5e59007816c2a4e08a09ff60bd765183dc0

    SHA512

    666c44379759bf1423862896d63e0c1c03c84c3e57c5436047b693f6abd606a44e01ac9a59ec91deec78a144b190467ddb376ae478382a037b9cf1057d0f9257

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    44a4c7e1034e00311770f09c0b4d9193

    SHA1

    b18732c2f5407e4b3c537accbb091ff85191f6fd

    SHA256

    60615dc6bff0d26d2df4c2e0350fc68ce266dee581ca4fe83f2f82b27948633e

    SHA512

    89f903d3aeba16763b9285f95d510a252dabcd1baea4ffe673a310cb6a7fcab98bfd580c2d7890f7f4e122169af1212bbcbd97b64841770df97535804cf71a10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c3cd5a327077af8e3ddc606ee8658fe8

    SHA1

    08fbca807756c38f0c3df566f3c8e23845a863fb

    SHA256

    1d9fe51fef6acfeaeeeb80ca6bec85bc5a5614e0a9b21e4d23520d47de673f54

    SHA512

    373ced1c824c2205c626a08f5828052910665138830ba4f483020a6fa57283b4a42d17bd1e81761e0b8615df27ef7f5d0afdf3da9017dc06a8afa782987ec49d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7de592593f753ca116f093c6f7138dcb

    SHA1

    6eb520b12c9ba4efbe4b0715e188d2d6ed8b9e93

    SHA256

    c6f21a9bd8636278355a01d7fe3c77f87d46801a5fd2d921b03c6662216a59e9

    SHA512

    c6c916a0530c4b61ec07bf99d7af70d30f1dde2792ddcd8f35514dee6cdde981e0e0053b629ec8ca8e22ec3b9e62af8af2380414f79b58bb5e0fe23dcea28648

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88fb6f01481c3d68bfdd2fda37ae848d

    SHA1

    687672a3d441427072bb7a83e0d8d647707503c0

    SHA256

    63a7b79c05619880bdf8f8571448ef0c669f3e370520db029b70dcf524e80798

    SHA512

    65001aaae5f14a2400d6aeb02251ea6f5e33a2b0127c7015dd53b4f85fb99bbcdaa12ef7c146f9e3fee466dcad9802cc7a9b7ddeaa57b3e6bf5d1c604bd7e752

  • C:\Users\Admin\AppData\Local\Temp\Cab2879.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Cab2976.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar298A.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a