Resubmissions

12/06/2024, 18:42

240612-xcm1gszajr 10

12/06/2024, 18:41

240612-xb48dayhqr 10

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 18:42

General

  • Target

    Loader/Updater/web.xml

  • Size

    18KB

  • MD5

    b127480ee9f0b8dab6a3f73ad79dd332

  • SHA1

    7d776d730cbd253564713f36573dd8366782788c

  • SHA256

    f1a6416eeedd9d040387fd85dcf7d6e074b6644c6829d08be220ff9fc32efb31

  • SHA512

    00ddca43ad38127cf71477810c46617fc2ccdc33f197e26ba761151107eff701fec2caa51e43575fb5b4fbc11f640f525ba70b6b3e97811cecabc63773492401

  • SSDEEP

    384:lJJuAr8F1mJ1ayCk5+HK5YaW41DBWTwahst/tlLvSqwwU4FVXaS7L3nHIXYFXc//:jbpJX91Xbi

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Loader\Updater\web.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ea8bc426ec7c0646f93c8b64b0c682a

    SHA1

    a157d483c5ce5094be35031a4be0c1d5f288e470

    SHA256

    db8bd54d9fb7661bf885d4e3139b38b8bbfc9ec8c6aaae63b3f5352e64b6f9a1

    SHA512

    87a453fe5fb64152cc533c924e155a4142f4fcee8d82ee22ab509f3d7b25b36aa7a983b4c105f22163001865b4bbb8700ef28abbdf63b2183c666d538da99f4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f4541a9cc3a1a7075e39e97660f6aa11

    SHA1

    00f52c084a997b1f08c7083cfda0fc32f6bc28af

    SHA256

    746f2bfee11cd066a1c6250c249d783bfdee9ee40790bb0c758232e88a580f8b

    SHA512

    6efe89b9dfee38694db8d26ca2ee3b64f47c50967c82c612d2ab082645a6e7bb3db4c439b3dce52b639187de6e6aab9e04ad62eb3045c32d60f79f071ecfa62b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38707412f1a9de4339822d9363136845

    SHA1

    9400d66b15b308d155019cb75e965fda82849f92

    SHA256

    5a68bda5e2ac77a27746cd0ef9214152dc767c3439bfdf1a9c8c6da93094d94e

    SHA512

    c9a1289df83f7544a45467d1c2d81c7159bb8c7c2aeb92d96e27a002fcc7fe450cf1e5b57d212c6b882a7f024a5922aeee4f88bf71611e92bd8ad2e0bed6b9e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f7ee2855c199e62f7f27f2a57c82dc14

    SHA1

    b66340b865e80945ab98f06debd6d2a8590ed00b

    SHA256

    1a2dbce0956cced6c38d50ce2dfe666b453ad98c4aac587202dfb147831926b2

    SHA512

    7fb6f2a8fd6ecd258a5933a0118c81e288c0fc73089285353d50ad6d9588831a2c8c08ab476927c88dcbdc78994927616ccdf5ae560a891d6e3b0d8094346099

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63a810966e92f583d96143b0a3317bb5

    SHA1

    a69f10d5dd8a9f5a1fc2c60f520ba3e26bd93d5d

    SHA256

    d2b9ab0298ac867beac667df2fb0704feff19834fc5cbb77c458dd6d2d3013a1

    SHA512

    3d478b47811f6e89fbe68aa87c2b29a0c35f8e949f1d1d1e3e7ad3af1a42d59671432655cb072bb9c682310b887e7701d473a5e7e7d9b3a5be4831a63e7a4546

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0659777c14113d0d5f685b822c3af340

    SHA1

    5bf0f61e0d15da24aeda46e0412bc936a5a44d7d

    SHA256

    0185630292dca8738f101fe83fed1a0295cd0aeca66ab32e8ebdf23d0de5b8a2

    SHA512

    2db58f20998068fff590d5ad097b5e50046550861103860a154ea7d7d501d4b5a0c2beac5fba4af5faf77a872c5050895ec9473108f199c7b81bdaa002a20883

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc4007e3e30c5a0aa27d9d173c09e7d8

    SHA1

    eb06d1b4e8da7894eae4b0699881f685ef5ccd26

    SHA256

    3b073a89b56afd5ff1a633d6e7eb46036302d1c00800a0c1dab18765bac613e8

    SHA512

    30a7a92808665ec3875773e9cb4a1c2d47e5fe7d6ffa2c66a0e74c2061bdbc7b70ec3ebdd82c891552c5e007e56549b3d5f44a6d3bc206fbd1e665f9f5d5e869

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a53ccce6846c9d483f1cfc53c7bbd11e

    SHA1

    9477176fed77c785d1e5bc1ace91c2386e450911

    SHA256

    b539ba1a8ee63b9515a3a2b82cd1709aacec742708ab121336a5ef452d80070d

    SHA512

    593a02bc04bc4fc934cdc2657da2215a527971be6c8568722c425d9deb42eb7c235f13dab4d824e38847fa831a3a6ae3674bb251d651a606bda5600894f9bbe9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c6027231b8d8e0bbaddbd0eb2297c141

    SHA1

    cf44417916b5bbc90ba05e760eb9652fcbdfbf8d

    SHA256

    8f7f91b76d37f62f8098d1d781c0edbf4e7e178e0e9256860e33c1c591128dc9

    SHA512

    408d23c0fd1dff9eed44b948ed077bada136573375123716b137c630e7284db439bc6a8a327f240347030f1a97d11e1a5345ebbec862bcf2c42b7fc83371edc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2d895988599a5896b0384b70753d1f9

    SHA1

    365823a986796bb442b86dcf4bd75eb6f77b0914

    SHA256

    5df205b29d6985f29c1a96ec439d49daff0281f623d6b49fd994ce054343f826

    SHA512

    efd85d4cc4e62c1121c75ee8096b3ed66495fc40e4e0e7366b9acf829218205a8c55fdefec0faa032e9cca827693cc593054474b071ec26a7bab53b01ab002d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ece4a823fc2fa70e9250f4dfc11dc3e

    SHA1

    4bcaa6e5c91d91d518c1e5bc2e6d6ae2e2cc0f91

    SHA256

    ea4b497365e316e41dd144d7e653ad1e7f1e97084e5344c68196fc17926306fd

    SHA512

    f4b58c36ba3aae4169ed8891d6f4946e6110faafb39e68e1e99adcf21e00fadbde80ad1d1d7957ef12b7effbfb458163a0516d4191e2aed258b5f52155cb802a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2fe6cb60db3816832e3e48a3994bfe67

    SHA1

    0cd1a2df4ba47c43f072d9ee948da9fb24032e78

    SHA256

    11be6678a93e3490f33a49449687c6765a0218fdfd6ddcf875aeb436b5051517

    SHA512

    71447e3584228e4da31c1ebca7fd630f0d843b6d8ae6e6afc3fefc1445c15a4d5472f266806bb22de0bd1f395ba4fc2e6bbbab6f7a77bcebed738294fa66ecd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c1e0b18a240321b8934224d35f140bb

    SHA1

    06f79bb7839eaf3dcfd0f7deeb90443bb4298dd7

    SHA256

    67ca26a5bc5808a94140b096d49930960663cd3bbb6a6252f0c63033f97694c7

    SHA512

    55a2cf926f561b2409b596843a49e69a5002d8079bb2a5f85293e61288741b0155127f083249c9ae841e37ff965735c6d51d7c118d850e2f346e9390dd4872e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13db72363381f288607dcc1abbc17476

    SHA1

    18fdea4b19a0dd8d0ad13c3f1b4f715c0e26cf56

    SHA256

    b35ac8a2ab548c13683e42d55bfdea0a90396ffc337b903be5ccd8518c2e80fa

    SHA512

    4cb010a9182c4a2e074e06566f92d4a911baa5fa51a24376ef4ebb143fa1e3b180366f55dd1370c3f88ee15ea092e88c662ac0e5cb4675441d9d96a664a43900

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    29d050fb0539dbb2f027614bd5a37dc2

    SHA1

    65d17345b9ac1eb3cbe210078892e7b56936b98f

    SHA256

    344d307d39103ee9eba923c7c143430b899d4d697452bd244c7d0f6833e8e244

    SHA512

    3505dbe03adb4efdb341469f4f1c8458592c1c0b8fd9914f14be38eaf6b1cd26749c338a1c5577d25c337dc2eff59623044143787ae41085f0e558b5166f5897

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0550a5bd897b946900c8622cc0f2661c

    SHA1

    40d8d1c6106de14476afc6fb270f76ff8f944b0b

    SHA256

    9f3988953b80abf35f288884bd692115799cdaec5d51a96de0f449beacf8bd14

    SHA512

    b522cda1f65e0c68ebbe1f0c40e0c2a513aabf8984becf984ab6ca0155863ca783d47c67f86390a72608dfd1c8eee56feb38c2ce6e343f5a724f4d4a6e9e5844

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3596017815b1290ea84f5685b91be5e8

    SHA1

    a2c3d5d722a3e353bdc61ddf4d32df4d85b92d3a

    SHA256

    6ea10d8b8148f01e13ce1c811d6b31866b160484fcbc32340de6be241e3223df

    SHA512

    981346622dcd5b5f22830d3a5fd22455b936594155572f691d4e9a2743c13d9ad552608b02257adb9c0b44c1fc90450560ac76e8e9141fbf1b5104c6147a750c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d69a2e713aca33b902c5672cc3adf95

    SHA1

    371abca46f0916b9b0bdda5059877bdccb6776d0

    SHA256

    e02bab87e5ddc7e0ede096755f62255093a0202e01f84e44b833024a2aa78b02

    SHA512

    27f5ace8b7e6d7d7e6a904e57ac35432ed7b118a06d2d0b179b9680e1d64ebeaf948019dcbeea9bbf025dcfd8e2ce0c1290ae7d107b6a6a5c94d922bc046bd52

  • C:\Users\Admin\AppData\Local\Temp\Cab2A10.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2AF1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b