Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 01:16

General

  • Target

    xoxo/cloud/a2/index_files/guid.html

  • Size

    150KB

  • MD5

    93ef6b2dc45cc3009e753c1a606ace1a

  • SHA1

    ec9e77ceeb0ddfd3152e0d5f347200a4d48c04fb

  • SHA256

    645afc59f9f878d2c96ed75e5af641c6f32f782d6d3a0d5508c87ece87d72724

  • SHA512

    93abd92d135d90fef53e98d5f2e585052b594bd41b4a398950761246794d121c1b830045f21414765b8c9aabb708085f134ebf5c21c03206c336de25c5a4238b

  • SSDEEP

    3072:vW2Km0BEM7QbpDRa/9WCoGeMvrDdNuJMcjMoLxemrvpWHJa:vWFBEM7cD6wIlgJyo7BIa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\guid.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc5a08ef0c4519135b995d8fb0c9c469

    SHA1

    a6d197ad05a12bfecde84b190d390db7a018960e

    SHA256

    372c133a46cb8e468df31e9f17d95f64398304240e33166a256c1f48b015fbdf

    SHA512

    cb000ef00fdc0dc74da82849b748ea6d9780e3583910de737c62f85ed10b533d10feb3445b30e8a2eccc217e10ad924175e68963b73736bb18c691a691825261

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    af230a9528705eb536e6c4c2a9a82c9a

    SHA1

    a1d227f537087aa91f87f4ae5ef8ad5e6a1f3dab

    SHA256

    a43bff27f355cf7b682bcb53f87b3a60a46bc6ffc1a874de5298ecc4471a5160

    SHA512

    cb1b8af35a4de7849d0cbc50a4dac0ac3e7a3a85da4cce245f382681726ebf078f8d47201f0cbfdfe5b816bbf93d0fb7bce534b631dd8c21b19dc22ef1b12623

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d018bcb2382693d10fd6097c36d31361

    SHA1

    b6f45884e4382dd6c1ffb7369064557b69f674f6

    SHA256

    445c027bc9cb0b0bbe402ac1cbc0ee5f325ad0f6a042487514ac5a93c748c4a2

    SHA512

    54df6cc7d477de6850864f6c902984b8d37264a72d40c3b2d2740d2f5197d348a67c1aad84cb7f36a7774e3262e3cab364f4cf0f2382f3f7f82e2b372b3e0e72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    78749412a45a7a1eb0c6e470b60aeb14

    SHA1

    0b1bbad70b26ce148bd2d57ad8f3d7037fd2bc9e

    SHA256

    8f858ba900c17bf86e6af362eaedb47b3fc8ab1b7764297878a091bbddeecfc5

    SHA512

    4df54e9c619e65110497373a0580c35ad60ed9670676cb532c5e60713b964a6a8415c75a75273d646110842dace1e90884ffd729be230857ccfaf92ef0221b74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    89677dda5a2843729397ebd20fc38c53

    SHA1

    62d50e4edb498cff715dca82c1761ac1dcd8c4a9

    SHA256

    d57d7dbdbf8d0d675d1306cbc7b77d54a45af5e252f6f1a2abb6ef91659b5f07

    SHA512

    65509d063e6d96f8f3ca84be47ff79f5b856c6faf87fd1f97768257c7eb8e94ad00aac691582d954781c137cfc994f72052068561023c2852b578ae9594b16d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bb14f9fe4537728d90f2d77bb8aa461f

    SHA1

    80b1db9264cd43e6e8ba8ab2c44bc5631ba7031e

    SHA256

    c13052a9037a465d6a29e05cf5dce701cdde317f4230eca87ab81e797cb62c04

    SHA512

    de50dd71d2d83ab1c298170f0aa07ac2216faebc8421944f326c6d3ac94f2094fde2b57d1b84a982816fb80a2419179e62f14d6bdaec377a97f8051de9562443

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ad6fd7e99814e5f8e5e77a97073eeac2

    SHA1

    09ebc093f50980754e3e1ddf31a3d11a413ee1cb

    SHA256

    8c59fea0d0a53f8b4b9d04f40a38fd38ab7c077d2d6e8d2244f8690584a505c9

    SHA512

    1d44214700042a864aa9849a20020883e35e3f2b994637032fe9416fa6c31cd3b5948df646d21e3b33b2310b4f7b74ada6cdfa5aa02ea4219aa4d41e02e1deba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2c1facfd56c0d2670297ad7397d620f3

    SHA1

    39c3d1edd28c53e1d9afb439d2ac4494dca44b97

    SHA256

    77252caa589782124ee7b3b97cca080d41f67ab9f9ba210e1b5a6c689aa15cbb

    SHA512

    0797e79fc6e76127e52863350aa8466a238f04db0060e6386b2a2dd387091cc2c38e0ed8594e0f4ac43364b23de0665dfdbb4d17e3c2c4a3b27292779fbdac39

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc8b84772b489eb88c82bc6b275d4ce1

    SHA1

    28d0ca4048cf635d02233a35e37f2cfd28dd3054

    SHA256

    fc01e0d8f8cfcaff1692cc50a86be0ca5c94988d620b24bf63d3a68fa05a19e7

    SHA512

    c7f808ba00055a9bbe077980a980349dc5dacc060a1f2a1203613e47279a048964412f656777fd65d8d86f0d00477c49d20740d5d04a78781a34031ba0c8c3ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    95f1f71f2608d479953a00f7a7a11784

    SHA1

    4617dbab33b854a9e9c6cc75637a9da890d42dcc

    SHA256

    39be8ebb90276ace45870aca7c96c3d28e23ce9a8a24d9035984138bc8730cee

    SHA512

    e5d4730b6d62acb1ef897e6f20f7c13f65b2a0a5d105ea7824f0afeee99b28ac774a43c6b06488703d7a7013ffc637b209cc4292211dba8edb24e5b4da806464

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2e81e60b2de1181b12f707bcd38522d1

    SHA1

    dda7081d918fcb26ce800ef72b3ba353ed60d30b

    SHA256

    c052f96405b2421c80471260e5fb52599666ff31cb414b5b5ac47dab2975e313

    SHA512

    b97076bed1892f79053370e02f10eda581c8929acf35e94943cf4ecf6e816358821da0523b67557c7d5640302055c708979b7c092733d2b34fa4feb4f2a6d3da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a0e84765f29058deaf9f263fceeb0ac6

    SHA1

    52724a4861b11cc7c8ed86fd3e589304d2595064

    SHA256

    de4764cc23c77251ca2903cad01e06d2052a6a4ef68b8a38f62960efa8ef1741

    SHA512

    675cb51a98a553118bc91cd54cd0dca18264442e1b941ec8e517aa619dd6024aa8af5dc9f88819cf3afe1100e5678d0f8e2c59a58d769dc63561c89d33d53780

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c22ae966d141c289c3f565e090df1fe

    SHA1

    b1c757e625cbcbe4149c861031fe89ba90f7a678

    SHA256

    d03628e802de249a054a676fa50fed5501d073bd147fd525614cefede6b35edc

    SHA512

    e3b998b242ad7033584eb7a85ece9ba7ecc14a0f29fd170449edc35d16a7dff5e401d0cb34c0dbd452ca77c08d560fada5bf411252326eede57da7486a5add57

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1070e0c5c437132e6c6487fc9717513c

    SHA1

    e4fffa5ff21943757f4e0e725d4524a69ac1c6e8

    SHA256

    20c4f94b3e8e44114c90ae19693924362641621dcab1743b0089c9e4a2650bd0

    SHA512

    c20a1e99e347f444205c750d829c905603fbc732179741c4c04ce1fb494d6d8efbecd82380ea8ae23366df0a44017d1ac8aed1cc8d203fe6ba8ee4061f9996ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4bc08c4e06e12ee9b0c7af7e9826f9e7

    SHA1

    c059e36d672592471cb7224abef9c78c7a095bbc

    SHA256

    fbb00819191d6cf160e56a647a9d801bde523c259b442e3fb44dd8f36a39873d

    SHA512

    2e6396630bdc0b4b76a946fc68583de84cfec6e7b34934b0e07f63033644a6b0bf13db3ce9fc11b4199935d1e48498ba8bcd807021904584af9f6b28f97bc37b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c21877c49268276d5cb4ccb82dc33c0d

    SHA1

    6ab3a0986563747720b80791dd0f17854e1c4646

    SHA256

    e94816d5a9a77f14c9e82198cc3a9ed5b242dbfface2c59a082102ba6474bf22

    SHA512

    67ceacd2791c2093aa1355b822d35c32bb28505cb3dbbfc55b67674f1707cdffe3eb2303a984d472d12545044e9af60d18f8ac9c7e2f7a1ae1786e7a37b57850

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6bfdc8b10ff8d2ed62c46582753361b0

    SHA1

    5e997ce311b6ae3ad9543ccae3ee4d2586e1fb4e

    SHA256

    29f0079752ff6d17aeba4c266c94c079412ab4f005e2f633f1582451ade1d73f

    SHA512

    86bd9d94b1a77d8d3d389af5f61060e656772dd10e344c20917ce398000f65846d948e92d8e9fa666ba1b403ccc25d3fe7cf16c5b67d6dee68485da9f2246b15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d0ce16c9ff1a9b08ee8c845179700b6c

    SHA1

    ac6a18a907cc139e7d521b58540b525a8f4cdb52

    SHA256

    e92497419a0bdc6d1298ce093c9383ecee68361e65e15b468b1162d17ec6b6f4

    SHA512

    5011016b808912c149461f0bed6c8cc07586126ec27a8cb0740d837381e2cd1edfe96553023158e0f117f98b33b92b9e664987c9407be1a7ef6a6bbab2025dd8

  • C:\Users\Admin\AppData\Local\Temp\Cab2C9F.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2DA0.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a