Analysis

  • max time kernel
    1559s
  • max time network
    1564s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 16:47

General

  • Target

    nitrogenerator.xml

  • Size

    240B

  • MD5

    f71d9f85481364ac9ee85e0353bfd943

  • SHA1

    7242390badd5280cca763d10050d3e70ef85ed31

  • SHA256

    84388821e026288f254b663628e143aa6e7ae42feca16be6dcfa6858d29442a6

  • SHA512

    cee41e6f9df837b7b6ac7ab326e74e0e7a1466f5edfd42a0fbd246c45b1c9838e56296654568781560bc5c9c34a2a35109d83e3dcb25f393206df104762ee3d0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\nitrogenerator.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2296
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    66f6ca9f5fae93080dc0b245f6586d47

    SHA1

    8f713409f458654a65c578233319108ba2734c6e

    SHA256

    107754cbc818d171b4b4f4e1dc5b4335844b3e7e474e79b221cc988cd6d5741f

    SHA512

    83c7108e19b706c425545a0125beebbb20c1f1a7fc0de99c40a6743de998877d8ee279fadd9f9ac6dc814602262a977f0378f8ff14f412ef566d471c9d16a004

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a9c361804b4b058201d363492c097e7

    SHA1

    6212d3d138f3d0b3531a09119e3b7b3692c55a43

    SHA256

    743715b785b37e23b0014eddd919d2ec3217929d4310cacbee142e81589242a6

    SHA512

    d69e0fcf8c63441d884ccb52a0d28c08dce98ed349f7c28c7cfe6e1882a8049ac9e7843bff45442e68702e41c66a4a9d417b15288e697d5f1a3556a280cb9d5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d54ab1acfa33356e285b4af1781a418a

    SHA1

    34fd82c700ceebd6b669cfa2717af2e5c9706958

    SHA256

    ea10f8c6ac1dc0bc0761dc0cfad4f0c3cc365fe6add47407834b6ee5d70eece1

    SHA512

    cc0f3f82cd435546078c21dc0e315a460b2121db29164753408b8d1f4a84dff2b77ee2edd26de08a0a5c5e66405fa5a75f16246c256418b50a8aa150989908bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    878dcea2c4ac861b02b5ce70b0e948e2

    SHA1

    24e751e980ad1a68476ff4492648176cb0fd2219

    SHA256

    7e6f3552c1d323fa0bc2fde976caa4b2703a0e56334e3e4ca5f89cf38323bfdb

    SHA512

    000c91de8e15fdcaec0f9de4efb4e7893ddbc77dc3a348c580c19454608301502763f9f01cc726ff8b6de410963951313e483ab1f0dd111bb08a757e06e465b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e5d800034e3ce25723c275a9edb8d20

    SHA1

    78de683c8397d4ec7ff65cbc9b77069f05d50625

    SHA256

    ddfd63cfc35f9544090dcbb32b0cbd063ab0aa4f0161ba69f990cf10256c18cf

    SHA512

    540ca96c7df59ecd4d4381f51316b5031767b2acfb4c40a058fa6e3175121f6c3e3ee364bac51d5af4cb3e4f42559d20f9d35e1c4f7f8aaacb59b6e7b3a6a13c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c9721292bfd7ae8bbc5d8ad46d9b21a6

    SHA1

    fe40227817a2571948cb566342aedc7a7d133f0f

    SHA256

    b0760ce7d4b43ba42ed4ca87fa2472e0dcc9b4b368db4a10c075783747b976c6

    SHA512

    195a9aa11e11a1501e7c0b9b2d3c57d7e186389f15a413deddb13eb89a375697f553b926fa031d339cb3f6794955cab73e7bd12d2215f0f1eeda3c2a4298f277

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d7dee78594b13e644cba30f1945cc50

    SHA1

    76cef11c9dc9472361258704a3a3738ba0520332

    SHA256

    c073c9af1fb0ab8f91bf27f37a8d08baf82798da83b99161cb4eaf7de93c28b9

    SHA512

    697aec54e14917ae41e0e016eb5b1ea4cbc58d0fa9afbc430a8993d07ce0da361c459295d7d760c704988e29e8504659694ada2622f0556880a19005387d0135

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6914974c147345efdb09ae559462c8fc

    SHA1

    d1a11a1760a9a8f410a0621aed46ddb3dd2fa0cd

    SHA256

    4d6081ed23020c3019da87cef2bb4f9ef88e48621311ff902a406474d1e25241

    SHA512

    9788782b15f4e5a6a1e0664793acb9177e9895ee45f8802992392715b9940380913bac94db2514fc6811cb00db97f1c84c6a1b5da82b746b7a6b689a27a6e7d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27c94d1a09b950f6a5b0b8d417057176

    SHA1

    003c52812a4cb93166ec00b70916c453d420c014

    SHA256

    69fcfeab5d6b4631d19294a27adbfb752c4ae1724ea78103ed37ff32871ae7f2

    SHA512

    d56ad3385518b84e662ee874e405af30174cb00ae8d9450984cf57e9bad3834e2058b331acfd1cb609dfc337a3bfb0d8ce3a3f1c0058816454994ef4799b6425

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae36a18b94a268dcc8f0f80f0724da2f

    SHA1

    fcd75c9246e5a50af551eac801e5b5689e4e6739

    SHA256

    1a5a99d829a3c91b70a1d6748a18effe11281131eb15ecf52bc233dee620ac44

    SHA512

    60d712b5860f3e81a84f7109423090938893ff17d3a97e2d7532ee451c5a35e3ffe8b8a744273cc077534aa1e87d0b7945e75fc13dc2bac43b02aca64ff762e7

  • C:\Users\Admin\AppData\Local\Temp\Cab7571.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar78BF.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b