Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 08:55

General

  • Target

    FiveM-Spoofer-main/main/smallcock.xml

  • Size

    7KB

  • MD5

    42a2db66da5bb6f1596fbafc30e7cd22

  • SHA1

    80456f086175abe5ae470c6a4a7fbbff6d2c8e8b

  • SHA256

    242a6cb44b38eda019b9c12a5a4bbd06f0c054ce22cceebe540c4a96a187ee52

  • SHA512

    c44f983dd36461269979274c6746f0cbe7d82f601bb03ae678d84543aa41955c4773f4b0eb46d226934b20c236981079d29af783f9abe32a8015f7fae5100026

  • SSDEEP

    192:e/zclKls4FQn/YPce/JPct/gPcL/mPcsFi:G43/cD/dg/k2/mLi

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\FiveM-Spoofer-main\main\smallcock.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:820
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99f62b44ac9e3d3e5f4bcdf25e56b1ba

    SHA1

    e98b4cc051fe818343d96e8bf3e8e69b51e403a1

    SHA256

    aaf746ab8e4338a7681781aefa93f220861d7190a73885d5464e134c7d5b0bff

    SHA512

    74f14d67dc13442f41b6b51cb0ceb876f603b566bec3f93879bc6fa0aad4498cdcfed218040d11fc88f04aa3dc6dc84127a1893e601eb166c0af5a465a5bcb97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8695566e5bd2502600704a32adbb0f5f

    SHA1

    273f80f0fc59bd7b4fef4af3549e595891f639f8

    SHA256

    3d738ac49f49c1b55810cc30c82728471c0a25d0236378ed36bcf8fcaa7814a0

    SHA512

    c03be92afa3b456b64eb6a638b42428dd8c79068ada9e6364c16884fb08e126da4f89c64058f8cfbfd2e179c9ed3ab901043097631d38e7bf9a8cac6bbdc7962

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    731e8595763c448163670255810f8f1c

    SHA1

    d0f708739684de81fe0c0f7c222a6180e759ec1a

    SHA256

    d3f9d479e612266cf0b64d9e070dfa968f7525bed659948df36c351c6c1173b5

    SHA512

    9e98091ae47ad1b5e9698b96c3b83003380d96caaaf4a33f4b12b2a2f4f48f06c7690f0551a95f25c8a19b0519e624b2314f7d47a4322fb3069cc55a66769ad6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f335b5ad35eb0c9292faa0b0109d46de

    SHA1

    6c18dccdd31929fd860c050ae919c70336a2e506

    SHA256

    82e824ca7a21024879fab496faf3748c94220c8338e945eaeff279254eea9a42

    SHA512

    bff008db466c5e1af45ff44108774a3fdb94c4329927342a1a52fa38b3828f7cb07b78ab376855f12ac9a7f0bc7db16ad689f1a274d205833ec0d0a9019ea29b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fe59fca86c887c22bf16bb72c873f83e

    SHA1

    b10567101b864a33b062c5c8432000491cb80ad7

    SHA256

    4a1222db6ee5c3d02c5ca30e90ce8d3690822b98936ab6b819562d7bda594c0f

    SHA512

    2e7bc25a0f6603034d505a9246c845e99621f269bf15d5732ffc6b2be80914c6b76f3cd6f3bad43bdf2a1eff6ad3439e4c23a5357a1cc006daf446ab5e5a8514

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc596066b020d08ec5f1fffc3cb92a3d

    SHA1

    a6c616cbfd97a3cae22c19dfdd2a1e5dca8fe387

    SHA256

    9b47fb576b75162fb75e115ba55dc803abec0ea1cf56194edc224d309cb0f4b7

    SHA512

    7e291df1f5844bb341aa2565769a21cbb847e88a5b891b04882c0352a57e67651e23addc863113dfdacb3c3e7cd1391e20b5bf81d8d50719f8363ceab4509549

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f40763f4238c32552b696112d9098b95

    SHA1

    db6ee0df401533951ee59bf2a7f3bdb0012fc4eb

    SHA256

    59fb4f3ab22fee94b5097bf66a7e24da97801eca22156a950918d9ab8e52c849

    SHA512

    ffe70e475bcfcf8f7510a632f5d20d3f11961546c6699047e46f03c771dc69b28d3a0ac3ee43c4687457ae1c50f063a5fe122c2f52f3ebc87d987c9ecc6ae811

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa463043f376ae8d37188d2e81362d8d

    SHA1

    0663dc4f91479aeb0e376d1af387d8e28e7db96f

    SHA256

    4ddfdaad17c074e50ca714973b0ad8aeb7816589dbb1e9e9a887081a975750af

    SHA512

    4c88917e6977c4bce284661ee3af20d431a883e83337537acf87a2c74a36676a0e5dabd8e87ee17abf570cca9f8683272fd760c8e25345397ded51e25bc71495

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    300c601d1d815ead4ef3ee7da4f783e4

    SHA1

    0e2426885d25c880470a8f31116c1746c83be48c

    SHA256

    ee0d50626c5971480f34d1a15869bf29f3c0c583a1243eb7dde4388cb19c3876

    SHA512

    1f6d2a836ad7f0a18012c543523157dba83aa6e2fb9997a9b50742bc3c81287b9f53e3aba166f1772d80670244dd3542e9a39936194a785687f1d9b85c1d74f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    50b61c6c41c1a4efffe2183301274bf0

    SHA1

    841953b802a6932282833794e81f3fb899eebed4

    SHA256

    2939100749a7901db7fd1d39a8777643ee586c47d9614293f30ce38dc067a0dd

    SHA512

    8800a4bd9e26cea6ede43d2475c4ac661e4abae72677270515ddb9255eb9cb3fca14c0ff5a895bcf165b5d71e38c7cbd9503420bf21badd2c1a4fde1ff8ac2c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    07e1f3fd26421fb356b95a0c63f3e0f3

    SHA1

    603b49efe1852c0edb0274b8713b04328d04d370

    SHA256

    d30f5eb337929966b679605654a9395dce05fe84010716530d4ef8e362a8ec47

    SHA512

    5a25d241a3105b49134fcb8f83d88d05d4ca9af51004852d03db44830cb77fd11e8cfc1f0fecad98c2101db2f80fbbe9a78d75bdc446d32dd308197aa9457704

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    00c2ae62f3f774bdfffa725d6b54ae5f

    SHA1

    1d78302439b5f9112da8789ceb0b629ba204c9c6

    SHA256

    100be49453c92f630c1018d3ae051240e055e5e9460db8fe6b38be3807f0000a

    SHA512

    06c56b76ab21f80dd2751e7ff2b65b18f4afa85020cd0857adf29d50fd4a531e2078592672b3e71d111cb9dbddff0dca6ca4923a8d32aa5dc89c170ece8ac443

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e1c219d09b488324019fec0bef9efd1c

    SHA1

    10d747b612d9c114eae94e1deb107bcb0174a1a0

    SHA256

    4625b29fcc2554e65b3e27f81cec2a33586fee4baa5f1ffa92c3cca82ae09ab4

    SHA512

    a50aa8130e596c6d266d866047c8f2b7666ef053d4e06431f4fb4cf5c4106723dc0702e7f20b178d0ac9b6fa58480e455a8cc48456aa15b87f86975a018f0bad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8ee7cd79edfc317eedbef803c8ee6ff4

    SHA1

    d4c856e38d69bbcbeff4d788601e838681b21d3a

    SHA256

    fa03dad4a56eb2879fe1ac7f57e4308e19a282508aa478568f7a7a816bc26ca4

    SHA512

    5cd68bebe0939b3b81406446259fe6f0ad33851afd8d312714cc8ebee0930e73525f1cd7b500c1a859b5c9dfc7917f05021f58bf6aff368f608ee50587518a39

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ef349b305068ffbc3c9ecd67fece9b58

    SHA1

    d65dd525bdde13bb334a9304ed33846b31dcd866

    SHA256

    a046f3a0898b5c077dcc1bbacc67c7ee2841124c6b41488335c97cfdc0253255

    SHA512

    7f9c740d37ec68e98911e8379a3c7903aca87817806fb37dff593506fe2e5454f00b6b39f2f7560e8c2ca616590f7ecfcd26fdf56525d7b654c3b4e80a42eb75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    40a030a875f45841ddc30aeea5cd6eb5

    SHA1

    e9e3a453f603e05b8fbdab660f106e24499359b2

    SHA256

    85e3ee06738901d45a64b5ada1492c24e8117ee2fa46ed00050ee6c848076d62

    SHA512

    df8382c4aa4b2e72e9d7231707f1c3873540b6123946b7e3bd39348252779840ed379da62a1ab00d531c4f697ceed1043e5b59daea93c220e39efb7067e4bbf5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    acff95dc3c5ba69cbf6dda89cc9fd705

    SHA1

    848ec21ff388ec9a4927f7276bb905057576bb53

    SHA256

    9b55933194f720ed024ef14ba02d3e6de73ce8b084734b95898d3833848672c6

    SHA512

    c4dafa4d6c3157638d90ba46e2716211902e2bed7affbe678b49fbe5ac8c43571cf2281b627ad6b30df201d8bfc89c025c48d43cc82848f0e441fb60bdc74921

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dedcb400f6d9e7db9f15a7421b6dc39a

    SHA1

    9d2c5474107d3f3fe11a7b5c91b8055c3e06e36c

    SHA256

    2f9f70fb3665cf8fae3096cf213d7f47fa9631aa994301c497b8b9ac850d9c16

    SHA512

    5dc9ef437d22aa34e0f5a8bb423d73bbbf6d42ab6b9aa9433c1b72627a9745bda3971b1c1a677f6fef1980d9fd7f7b2a50db1456604fd1d3d7220d8eba8c4ed9

  • C:\Users\Admin\AppData\Local\Temp\Cab36EA.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar373C.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a