Analysis

  • max time kernel
    135s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 01:16

General

  • Target

    xoxo/cloud/a2/index_files/saved_resource.html

  • Size

    36KB

  • MD5

    0ec8647f3766b8017517328ac4154b16

  • SHA1

    037310184bde4430d0787b477e6bc2ec45a88c74

  • SHA256

    62f3db2a3bc2c47b3628bd9060929fe3a6f4d08b44987fbc637c3e0d15f14019

  • SHA512

    ee288c76d9241bb642e2ce8d6fdfa8602c10f9e717c4e4ba0ebc4e05490e69a48a0c36c931e926e49e7280499003f6f99e35e890f7bcabac821abcfdca6f305f

  • SSDEEP

    384:qav+ZgcBoU2+mrAOp/HScDlqwB9CN3uKD4wzzrXdhBW/7S7MIBoO:/tTb5p/cOc3lBe7S7H7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xoxo\cloud\a2\index_files\saved_resource.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9b83480980b8ab06e7b99aa1a352fc29

    SHA1

    8845b15998d8340cd77fcfb47567cc40fbc0d794

    SHA256

    a442d20dcc6c9c9aac42ac887f1be307c7df6219090c992d057028873976245b

    SHA512

    57dcbd307b0601e1070b5e48efa3e04ce4439a38673c6e5d1b697356dc3050ce858512a396294a2a480d0351ed2502afa037bc4eb3a42a2ba81451e56c114b6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    02e2ecd3c2f87e7f06867eedea1c7920

    SHA1

    2249c901fa2d07400223d488db7e882f84c17601

    SHA256

    8db61a3ea00c585bd4484179d5c4912f10fab78bd5e01a0dd07df6fb03e68610

    SHA512

    f411c4a2a6b984d3deec9bdfa8445ccc9b07a9d7e4c0623c78cd3899a016d427d79e025cbc0e0fbda849809020d4630c698c8c4a604219386e2e27dbf2015ceb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d430399a4acf0f0fa481c9c8a6168b5a

    SHA1

    e1a4fa2d92df1fd3c543ca5eea1fbebf99144d86

    SHA256

    e935f6acdfc83a232c4ee3ce921734b8fb2fa2e3e82a46b0a54e032a83115625

    SHA512

    66564147fb8817ab9cf8bfd8f424b89364e0c7e67df1bdaff4f88b2619fa1da348ef9b87e864b3f958b850d2e84b3bd79f6c4f9e005e60efcaf2e2964ee2602f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    daaf5bd270a2fd089c821726b1fa5e74

    SHA1

    67cd66bc00950f8457bdc298251cf2c74e01d54c

    SHA256

    76c2676e25cebb449d3d93481949fcdb232bfaae9325dbb3e1430e5862bd43dc

    SHA512

    632d36d50073d27a149b7a347badd4642e25896631fae5f43b9b8d5830774716d76a8dc315ca0ab460076b7cd7336132a9bd2382b519caa8912ad1d83632ff30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c58abebb34a67cd551a56876394a6c2

    SHA1

    2a1bbc5856a68e6754ff10bc4475332adfc94cdb

    SHA256

    f9b9e4ba4c59a4c033d244cbb1fdebb0d07cf9af9bc66aa780de64f4691607df

    SHA512

    2a7ef87cd28ba2d82bd50c924f6be1accdc002d494335b8928b3ed00111eaa49fc8b2a84e6462860f6bf33075e0052b750a3368af6afe15af91aeb0b728bb690

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5e10afb8cc0529f7e480067e24a378de

    SHA1

    41bbd7a3a610350c5c314e9b349a5483875026ff

    SHA256

    8faa06cc0d4bb5eab36d0bb10db340195538ab19dadd821037dc4b8cb2ef23b4

    SHA512

    b9cc3f97f6708e71505721245059096bb47c5c97f68f6184f90b92ee6aac864164d9743fdfa2b3ecc7f0ea07d636b47e1614dfb9fd1dedaaf2486436e1f6f563

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4392cef929905a059d187faf9245b0a4

    SHA1

    9e172496797174a4d0510d9e7cdb9c16d4a86aee

    SHA256

    963d17e35b23739a90d3c3f624ced4faacb06ea736982b56b68ef0eb79f489d2

    SHA512

    36828703bbecb805f6875bd58ac2b85c426dbe48d92e59a0ab091364b65674f0eee5699f4ce91c78c4853260f5b1c1afa42efbf42def9cdba5131446c32068f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fbd114190da93b4d15ceeec5ad719470

    SHA1

    92196d84465691f0fec0cd1e123f8f50aacb54ce

    SHA256

    be042d27169ce023df3ae9011bc897072de0dea59a404503203d8913bb376d1e

    SHA512

    9c3f2877e1ba92b6dd24b9599edfb6667cca8d6deb3993855a70ddf369f20911defa118a69cbd8e922fc9a64b48f613fc2bc50b9d848bb4915e6b3ecf08383b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dfb4f4abbf77355e018d66cf204c5e08

    SHA1

    a47fb8d4cbfb96aea4811809586c585453e8763a

    SHA256

    71f277dc7019bbc8b54131635740a5d130a6dafdba9c87d037435b78d0adc8b2

    SHA512

    32790b4c88739a5ae63fbbf159178c8669693cb4409af731eda4bc476bfd73220cc06d6154a527d2b508bc8cd8f8b99faf3cd12d5723bb987faab898f66a3566

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99577964057900353033d78470ae8430

    SHA1

    e7c477130dd3830106ddefe0a9cf9927f57143d3

    SHA256

    ff8180310e749b970d6594692cb7081a3739f059d4e18c3f7adcd6e7a2d1d9e5

    SHA512

    1ed1e1f1026a5b8c0112610c62217e561bb5f2de436cb88acb446ed7af369631977f2e0875a8694ee7a0c896ea177fcb87e94316c2da0f234a33819f20492a6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    43b91266ee68fa46a3e34fe7d5e9c011

    SHA1

    4750a7664c24c3d2f3b836114015d89ab65ca314

    SHA256

    5dc6686666f1de5eb5195e5ff070229ac2fa69572efc961a85e30de6198751eb

    SHA512

    3e3cbfa7aec6f8fb64f74f147938a833ee99ddc096aea63bd3c509e71399db1bfd907c9b12024bd4e4b7074fd2bbc694f19826fef5f7ec31c7127e8b89c9f8af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67373efbd8374de6f7cc52a3169b83b8

    SHA1

    01c129dc4dc8efe51e3c41fcb8cd7e67d577cd9a

    SHA256

    df6bce0de72f247e1aa5a4dc9afdad47f0fdf2f6b644d9154942cae8aac12ae5

    SHA512

    3fe4f73e0323c82bba0827814b013dabaad6b2e2457968c3b863907f91b6bf310b1c71f3b0bf0f6b01994a5a1bcb9ba5964ba6671778bd7ba666499bae27b33a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    347ac3cf35e0053f6547385fbd1ed599

    SHA1

    c00211323f2362dd58e7e4fb248e3dd8ae3da435

    SHA256

    a34c75b3266c6f18366afa3b11d5b3117c030d23ec17bf23ed99c6b6b945183a

    SHA512

    f3db33893fcfa87151918c2cd8cca18a5ce0c07c5aaf210d41316568a5f18f1227fa580ac6694188b1fb869e538c0c66ff10c559f4331426b60fb8b6d0b94d0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f1750093b486cf1b13c3570b67891bd4

    SHA1

    d00f8f54b51d3189b6f14fb0414e798c4c43d59b

    SHA256

    c08ec76011e9fbe4a6b95587b82c8d2e97396c47f87730d32aa7c832c1253e4f

    SHA512

    1a484a1e5d8604cc0136ecc46ef8589e3ddd951f7ce236f11cdeda74c9950039541d9d3b795354de29e85ab78f43b18ee9043e21449c9243a12bc8b8f33ee246

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f251107508d99c3c203fc049acc14419

    SHA1

    ad2efb052d20839e50e76bdd17159b74154f14e4

    SHA256

    20b35513ac33b6ea7f867086d267d830865a32a5010e97c1a0cc7203b71d420a

    SHA512

    56adfde085f9de9d6e8bcf27f54b64dc446396c838736c7a7600003f335074580e5d77d46f2dc69f9eb881cbc099cf72978a641b74128f065b5c542e1b93d2f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1b549d4fbca1f52a22c5344fde641b26

    SHA1

    65148d3f0473d9df58803b0359dfe324e80b838f

    SHA256

    8a6c7ea30a835ec7a8d136b51ca289324dc4552ee578b9832a17541434e77cba

    SHA512

    2f92f3fc45846fe31827154db8509d3748dd0a1785f5b97c83d701350d76bec43da9c94af24956e44aacc42883a785683e5789964b024e091c416b6de4b10faf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    76402ae49337bdcf4acaf9adb030fc43

    SHA1

    8607ab6e242e04a04f1ee7e8f39e4a2490a07fc5

    SHA256

    eddee64c7fff631983a037ac18c3e812d2497db0873bbc06071d8e069a36bf78

    SHA512

    5252c161e17e28f009c10966019bdf6d97f83727fca16bf1015f1e7a04b49b4ef1a7b19b4aa2b234769579e081f095633230faa6fa1d0ac23bb5fc0d5be0a0ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba0cd1c062629ec6e5293b8011329f11

    SHA1

    2b170a79f036b16243abf31ad3096c56fe806d23

    SHA256

    ca9fde74e997518220dd2682528b78b0fa6781afe4b4a60ee44568f8ebfbd320

    SHA512

    e5b45326490a8f0e1cda434c9cb6c005249c0b95cfcec9be22738108c7457eca25d65be86ec9f09351a2db542a3f80b4b95471cd93f89404616800de6fbd3055

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9622c750c07a98e2aece6a6db53bd055

    SHA1

    85d633b3073ad06a0feed9b5e8f774aac5ee8962

    SHA256

    70d1c302931e6cecbac1952f83cbae209eb250079c0f9efc5a8bc54454b78366

    SHA512

    4e77536c9f2f3734e10f95a9bde18e4bb93f36150a264683c29c4912be7aaa0e3ef61a26cec915d4dc3b047afc6b01941a9b5961dafd2e2f0f849f643dc0f6e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39db3ab16fc3c4075f7dfdf06cff9573

    SHA1

    96ae2f8c130f166c70347cd0605d513a2e8f2c8d

    SHA256

    dbd92a32f06d6b798983bdcf3d6530a9a4d036cb51d32f3d753b0697f394a131

    SHA512

    05d0ed06135252d7f37e4f45d48657c65cd6875335d127841a033c2ff23cd29ef9c2fc4b09b3ed541ab58164a90dd21b6d2ead83627276934c0fa54fb6b77b11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba7ce039d5bf0c24f326f7de67e7ad52

    SHA1

    d9e4e6cb5acdbef85a83693891366529e48cf083

    SHA256

    10ee04990eb3454ade95dd46b3e0d018770bf50d117d5787d9523942eff336fe

    SHA512

    fd9e49725278ae7ac068a02ccae66063f38e55c3557ef8f0ac5bfd3422faf3a1b1e07e0d757db9b7d98838d51b6960119b30fefe0aa51a3561b9133af1d26306

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    de5e9291885e46a61a1c66447db60696

    SHA1

    7419e0176586dc218af83eb8fdd01a898b5ac9fc

    SHA256

    f0e6980ab21d2e23558b3d21cdf14b6768cf03804d4bcd7c5742381fa45beb1c

    SHA512

    eedea9b2210a53009e90b33fe4188f6ef5e65094d8bd6a4435375236d178ac2b065c782b3ccd32c66d8150688db11cf653603b700a318bbbf91ae5e8cb7a1430

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    51cddc19b5e18d8871c4da9d6ade46bb

    SHA1

    c54ec11ea1b443067a7f2d45c88652b1019110e6

    SHA256

    b9ef409233fda43b059a73c697d1b91dc13e7465c835e66481c461c0f2d2205a

    SHA512

    bf125ea5e3ff5841ab16764a03f984c9e617bae73ee0d3821d40bebf5c6a3eed8e733c5184bec64810c2a6078ebf78ff7964cc56ac5146492c902017f111d9e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    20821d37a73df941dfd5bbf5c23edc29

    SHA1

    a3d34f4ee3361ec6f3dd5d5d19a3676433f7f3c0

    SHA256

    fe45cc094ac2aab9b6f6f71132e26b6578bb3aef1bdaba4a176216979696bb78

    SHA512

    682cbc006b406fcc6190dbc845fe8f6e98f4794dac8c35cc9f53adc105f0a3e4e0b9876666acf4cdcf41040ec72eb7f441e2908db6fc30293e45998453597d01

  • C:\Users\Admin\AppData\Local\Temp\CabFF8.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar11B6.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a