Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 01:16

General

  • Target

    xoxo/cloud/a2/index_files/tcode3.html

  • Size

    150KB

  • MD5

    9f34f9d883b7aada0e6c7853ecd23487

  • SHA1

    8c65e4f262017ee27594d33e8831ec2851f9b9c6

  • SHA256

    a2080970ae2d50637e0b774728c2e049f835238e0ce06664ded3697ea24253be

  • SHA512

    102d955a877723c80807cde355e9eec3e53b4bf24e4f2bbb35853699cb93a51cb5ffe0fde80d68abdf4ce0baebbb15060cb4e7d2c3fb62557e59e7751eb71c9b

  • SSDEEP

    3072:2W2Km0BEM7QbpDRa/9WCoGeMvrDdNuJMcjMobxemrvpWHJa:2WFBEM7cD6wIlgJyoLBIa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\tcode3.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    591152b4bb6bb6811d4130ca913b7298

    SHA1

    1731abbfddb7a35b88c5567f8be26d98c2e8b781

    SHA256

    d515118278c1c7e672964a5d27ac5b26940eef8d55e644719591fe49a32c9356

    SHA512

    cda015de78ee0bb929b5ee478bfdecfe0d1523358a61f45174798fe7a2daa803bb84e30ae2870caf502af92e3cd5ed157200d072fca5edadf347101134ba452b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6b87c5d0ce98923064934df378353921

    SHA1

    40d44d10a347bb863f1dabfe323c1f3513f94ac0

    SHA256

    3cbb4da5aa771e97bd9e1e544260ea7ec0053867060ec0c9b9897f90b70f7fed

    SHA512

    cb1d9b67028c27a57533486a9153118411c572f1856c265d2b6f495da4c0eb8887494cd083f3a3f718eabfcc0e3b107836fb050b14f9e65a7e8611639b7334c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    11bbc9386aec0a0b1368ab6b9afb5b96

    SHA1

    2d74fcb37bea0f9cb8d50663daf3ed5bedde68e0

    SHA256

    4df885b6a0fac4d8e648ec30d891914597d2c58023fee6fd160fdad708cf20f9

    SHA512

    a127864c5843909f056fc6d3ad94b3e3d27fdab494651bdc507c23719b0aae22c168f148ad2c3983c43ac51b528f9165ceb9b4e371492190ef670513ac570ccb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    15557277706412fee5ecec04f781390a

    SHA1

    a5e33e56c47bf70117cd755f02066fc408a61010

    SHA256

    4d38de74feb34454767c400699d03b237f2b0c4308add4bdd9e61b67ffc55655

    SHA512

    e2f196f8bef6399d8fc39d1a84621988f2a732cddc3729ee4be9aed040e5357d6e2ba67de2e04de7cc0493f6da8077e1fcb1e87c8eb1fcc627a8b3ef74522e20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d0842e3a8691914eabdadfa301c580ee

    SHA1

    13cf9d60864cddf33ff1bfc11be12904dfb73003

    SHA256

    067ef3f3f0dd95490ac7bd3380bb0c518ad6c0c7de5afc652ef42b441803ed43

    SHA512

    1f4dfb91f4dcc4b725b4c5d3017c1b3a0752ef1079391b72037ecbd139b26ccb34e42e0b55091b292bd36ca2163e29c3079cd64324ebeb2c94c9cb1f4f04d66d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a9d18b9a8cc3fe70bf95f2ae844a30b

    SHA1

    9960e929af90952b026a33e5027f567acecc97db

    SHA256

    131c1e83ce50afb2a85d020e17f31885ce4e41964574e5766a50215c53b663a9

    SHA512

    f9ba9775190ed7e376a13690a6fbfd1f753479bad06e714fbe626045242b4df1f61bc7d5079d24a1366c603674bad64d552fda158301b0b0f2856ed770d27e3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04cbd3ff4ce5641087af1f8b6a650230

    SHA1

    2e3c31d8197a8b0780f190cdef21443f4f9e5336

    SHA256

    9b8e2c28b2892c41af218c7a8e063746427c1fd5a71f30f3a8c8cf60a1d212c8

    SHA512

    5db5bcbde9da9a8fa80c1f1f9761ab2677a40469703fd7e6cadf308a0f089c5449f755a86fdceecf281d29efcd8a5a8235c02db01d0bb003262591049b6031d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    05728edae815aa1325f757c1f4499daf

    SHA1

    99c97f3a052dccf93c09ead0ac150c4178ae163f

    SHA256

    a39b370e45936d6a814c9486a13a44b425307a45618dfc1a034a0a82caf24b10

    SHA512

    8abd473d6dd3e83ec4c34fd6fcdfe4c0f9f577982abeec10a9bb7d8727737a43069b2bb32d6df6b13d8dafb548db5578e68abf7cbe8eac3e8332131c8052477a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3225cb374b99c9a993265639022c9256

    SHA1

    6358b55df079c34aa3cf01975b19d864d03143d6

    SHA256

    73f82bd45c67981f5efb294faf6690388289b008667040a0b7c1da6afdaeeece

    SHA512

    905ad62efcc35c54dbe67a2a91b6e2e84cc021915f0779154be9bfaf9d2df67a9693a1fc98e8095e550c5dbaaec94c8c3160a5af4c6e23d2fa45251a68478155

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    62c199a04952304acaeb2583c91d997e

    SHA1

    9c3db371c7d6edae57f6e08392f3ca51a081240a

    SHA256

    7ea6d1cb748bde3a5b3477de040f72ad9be690bad3900f8938d32ca102c1bf46

    SHA512

    4f6d94cea7db02f019c8529cc4f6b502ae03ed61d4246a159cc65bcca49b9d7cdc8ed57a99a9d542c3be8e1cd833218113cc7ac600cdb88783adcb40182e405d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7bf2751fbb8dbb78edb201faf76ce418

    SHA1

    9406a9e645d7ade5c0a1ebb00e3449bb8b9aa0c8

    SHA256

    7a61fcddf4bc5724502d4eb1a4082d43ea3f162ee3c6b419986dd48cc5259fa0

    SHA512

    ee50aed00beb2d1b8124d03d87bd83c6ad9a9ea03756e231a84363858fb9a5c3f3f0acfa3fc9215e5c9ea387ddc97681fef9a5d76922a2de151245de462945ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57b2c2584c0c124acd38cfd1caa1889e

    SHA1

    6f7f0fb306fb830f770ffa28a49faba17d255acb

    SHA256

    a5d129ebdf47cabe8f30c8d7bdf3b8dbadbe72d7b2be8911602940bc63ae0081

    SHA512

    5c22e638dddcfa0936f30aa39e0ca8cff0f11a8b36f4688c60c48da1039dc61a3397a1cbb5f5626a6fabdb1a1af42612cd7cf16c3f34c7e6b580d93666f2f931

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88e05668ae701151d1d09d463add3e8c

    SHA1

    27370454964cfbab31045bff4a3638bdf5ae096a

    SHA256

    46f443f0dea7019a160577573811b0fc7fa5ad3abbcd290d584b1a870288ecec

    SHA512

    ac3c84fd2d36b7f6bde496b9f944619fe973203aadf74a7513ad679483e4cad2aa1f7213b4b61225af978eb1fe32463d8a0b44413da6b1aa5e22d40fbed74362

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    91f0ad18f7e505481a9a8fb8399853f5

    SHA1

    8b425450e883f841f80cf02ec0944745e72ba639

    SHA256

    2c4d8d805069285d1cb4530884c39581f527d0a60bca956d724c3f81033b14a5

    SHA512

    eff0dc6e260550bcddfdcda3b2bcab95a6462b62f23eef081c8b58e873ef107107481cc2ef9a2d4880ae09c397aa6d8d0e229cee318c07ddbb777a6ae299a9ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f203db07e2981b914cfca9e8845ee05f

    SHA1

    99a18452b87185222d452765896d0f738d5c62dd

    SHA256

    07874e3e841d67d85365609fc0448f0b347023ef8f6c29c788398aa5faf955f1

    SHA512

    d90206da0010521bd0ebad0372e7f18fbdf6fbdf1ed6919fd1a2c36068a888108cd214e29cb9b17f9b583985097924af92d293756aa331be386f2d8bae0a4ca4

  • C:\Users\Admin\AppData\Local\Temp\Cab2742.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2881.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a