Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/ja/System.Xml.XDocument.xml

  • Size

    170KB

  • MD5

    8c820aaa48408a171d9cb904650ff76b

  • SHA1

    a7b8668eda8dbf6304cc10f2e3a1c83972a9c749

  • SHA256

    10d7a49742818403b9f441692eb5b5511e85ce4b88415f4597ca02a9a35ecf28

  • SHA512

    86b6113592b19fcb5ed448a6d66766f25329496ecc6b3b7bb55e9c6f72b30906acb65fae39fa07c3e83b941fb3fab43500c834917ce2c71310b6846f76bfd1de

  • SSDEEP

    768:YhXBU8n0mR1ViSW7Wbr6hT6DFSElKxKQif09:0XBU3m1dW7W3696DFSElKxKo

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ja\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cdf083d2bc3b57206f3e656d94ef88f3

    SHA1

    e4693124fe3163b6afab61902cae0cfcd463cb2d

    SHA256

    08decf15cec3643639abce220ba992cc242c44118b987d4e0cd1b749eb3d478c

    SHA512

    a2db6dc350aba147e18dcbe6e2bc90c7fd28992352b3682375571f9bccdfee2fea9f8bf0bdfd1e249e0c006321601751cb0833e0a13acfe44c4351c64d729bb0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d77633e84ebd6b9926bffb56deb7bb64

    SHA1

    bf6127abe52855a119acd3ae616be871f5d8347d

    SHA256

    aa04f872033c11866f213da50c2606d1bb57cefa567343a89b857ea13e241632

    SHA512

    0bf3e9b62c40d2f3b9ab1bcdbd0c38a61f73067dbd66a4ffcf3cfa30e020cac273ed730641ecc8485fd0a1f86704763db70664be9375bd2c12513884c3daab16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88f7633f5aaebdda648d4493c66f08a2

    SHA1

    81379a0669f338b509b9a72ce458103539db3f18

    SHA256

    1580035e7b1b9f29e8d65516f853d0fce87f23432c7c0ac0bef15a58b498c845

    SHA512

    60b054931bec5cf73a0947b2e9774c01409b4ced9d37c79153b82de5d4b011457672d92c80627ab5cbb5313bb109d73e1b21eaa253844fbe4319e7a6a914bbb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc677527a77fe11bfaf51ba4ebe35dc9

    SHA1

    7ae7a4916d3737861d6b41b3adf12a243238afff

    SHA256

    18afe62157a5231f8c5d5fa2f634f778f07903756739472a6b8160795b774d02

    SHA512

    b26b590cade4302d528c9b7d7bbff8b888c7ac7012e152b7da38783509092574af5172f1f0aa56f311e468d77cbe291c88a53b1c7fa77512de9eab4d2ae0c93b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b7a30765882066aee0bd0951230a7c39

    SHA1

    5e0d1cf176e17363c2a286b07c4c95dffc59f0cb

    SHA256

    04e5af05aabf25e4b68addd811abffdc0cf7d84c747705af61e3968ec5fb2c32

    SHA512

    673c2862eb07e11c648d4cc518bf9f0a031e07ea74505e21448cb04cd86892c844367107f25179eabc62801d0a6deec7efc62d691759d39978ff7caacde848cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d806074a53da59cd12fcd344ec29145

    SHA1

    d68a6ce0866870a8665c7a5f52d1bb0ccf806226

    SHA256

    e3f95afc07b8a993ecf1d644715d921dae61ab77510302f2cff41baf512b297d

    SHA512

    eb5072f9655a112b0d70565532641df665640a1bc3ea35dd6b34413619b8fa22e857f8880c110db3f06aed0beb3f47fb86a13d5319e2d6fd6069c51e27328654

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7bff59659085a65249fdbf5504bf7154

    SHA1

    cf7d4eb6c27c51b7a142412c1789fdc5959cf7c3

    SHA256

    cbaae6f64b028667c3f972cf6f64da3a0e1c2d86f3503fb951108e3d7549eea0

    SHA512

    319ab86970f6f08b2c7fb17874a1c36d7bd3e59c8e1ce401d9700a5c691367bfe38a5f75ff1a9e7344bcf7f177f95c8e34c06406dc15a7246662ec4abbfa76af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b041f247fd2d2dd810e91f2fb27a8428

    SHA1

    c6ffd6d9fd136e4d2e7db3c6c3adb9901df87347

    SHA256

    3b91331bb2e210fb697e4d8766970bc39769b1cb83b1ee825c1c265b9f8d7f07

    SHA512

    721a0bb1e81546dd66918f5a9e1d8f04fd6f911af99e92d042ba06ca4ba758d8c30e679c9cf2f706b6ba54cd630f91507ae280fded7348016fd58e4c92184563

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    66d2221c3d300e9f58f4d5fbb32c4a44

    SHA1

    765c7a22ba1957b3647d8bbff4e21030e36e4d0b

    SHA256

    691eb8a34ab354f683a3c1808ad7fc7534cae6c6d82c5a34a0a147243c836415

    SHA512

    afaaa672310e688103cb3e3c3b2f1b8ed1d4e97508a7ebabefd33940d6624446ee2381411553db0a9061ea0f424a474169cae0d30d7cea60ae3cb745a184d0fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    626bee994be217e5dd10e253234c2ece

    SHA1

    3a6b2205b78cd4ed62f586bcb2427e17abec0a52

    SHA256

    ecebe7180a37eada91addeb3f3eaaa671282d7f59121a5f2b13723f7b76f3348

    SHA512

    ab3f58bc6d296f236f593f8f3856eb3277a435c3c57133135017a0d50c5efeb9601fd7b06cdef126da6acddbb8f21fa4726644460a6de6029cbb30c72182e1a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e4ccd2f4a4471a61bcbd134f6562765

    SHA1

    ec583cfb15bc857c126cd49f5c2f34f2b9262d00

    SHA256

    c95a92af4ae5aa16b7439c8e6f633ae21b3a5be398e7d8df0c6053c34e5ae4c3

    SHA512

    0d44093da3da0e3f7ff080533296c67906b5add54ed7d5f1a75671b90e029eb3f9ac713c127e08193812523f83e1d0ecd8e8f2939d92a54022660c80028ee0ab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64cd9716bac60620b37aca9b2834b3cf

    SHA1

    0645248d12f7e02ec90c4ea85471f32825219c24

    SHA256

    308d3ce2ede6f75868a3f081fd00034dd3e177320f87787c5f367cef4d5c8553

    SHA512

    770a6dc337e1c3ed113e88a3e8b5144f33ea54d57a7fdc71e150b866e4b4ef2a10fa8511b0fcff0151472e4160a46f89adcdbbd714a5dbd8910cc09829640ea8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a88791df318f9dd37462e3f83af8e911

    SHA1

    ce03a67173df5d83dfabbc5d1ce665fa0fa12e51

    SHA256

    25b45c014e68ad2e4c1f35193deb9cf17bef63deed09134e222319732167edbe

    SHA512

    053530e3dabd605ec8d73e6ea089e2e223e89ba0c28392fabbf20825142d3b15e5536ec250c4adbec51b691eb177fea89725389bb9b4e02fc0b747e12bc1f103

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f032588c4719bd90dff096313fb2bc83

    SHA1

    b26da4e316fdf01d11df02d7f409859b793ff6a6

    SHA256

    562ab11da7c585b9eedf87c4ecc90010ebeefed65ef6fe8eaec0bc96650a1a24

    SHA512

    a6d6af53561cffdbd3091849450403680ae4dbf34acc809c4ded8e0b222f87aadd1dd22d2892882a3d3431830bf080dc5c45b7d2fd57a3e56442495c6bc9f304

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    49fa9622282f367eedc7828d78e02dfb

    SHA1

    5950011667bc057139324fb9e670037e906cfff0

    SHA256

    5398ff5fb0df652c90e68b4cd63215bafe4cb6e027bc807a532bc2971991aa14

    SHA512

    e36c71efe05938946c133fa3a4ff88ed4201f8b173182e68a2d7e9c36fe644e498a0ac444037579757b16876a63e0049564bde97e397ccbb901d6fa90d7392ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89b4754bd83f58a0ce7796d8a2b5ec14

    SHA1

    5d2c121c3ca30a1df2b166c95336b7266713ae73

    SHA256

    67f7e7bddcab176249a5e63fd79e0e6ea3364e6dc439228c90713e0caa3fe0c8

    SHA512

    237a8b086738fe63f0bb4126247e183da1754d159b3ce3939f11b6680af87c0ff3cb14098aae76be5c3e83ee774fe855ed654ba43050cc65389626e9b82390ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27df5ec108e6a26a1165b60ff55a1e93

    SHA1

    4027e60ba9242061c2a5d3488f162e273c4908dd

    SHA256

    c98d71130e544c6306a05465007a4a83e4111587fc963418bd6983e4664fbed8

    SHA512

    d619970f75ba1e926a47fe59a6418781ab8172946fade2e86afd85335cb6020a46015e79c2f09179c0326332c3f3b63d6555e9db5ed775e0450c2b5002b08e81

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1fc31f1dd00c74b432d566e0b6d1c34

    SHA1

    afb23c73dbe3843206d4e1f63fcdc02347311619

    SHA256

    4cea888efb815b2e32f93af70fe8b6d69227d50de5b07f6fdc77c9f1e38dc068

    SHA512

    f265924fef803b5b57c83c8b5601828450d7faee83401440cfdda570e94dfd62796404b3d89e40042a78baaa2ada4c7b6f37c0be011820f997a505aa65a5664e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2fce0bce592938add8fedf21caca6416

    SHA1

    73fe437c89457f631d67e33abb7bcedc29e30423

    SHA256

    ab6f18e720a33886d9b6aa1be574f7b0965b61f075d5a57406d6815a31afa58f

    SHA512

    6ff374874a336d76327f942181573c8879722cfca2eeb3c6308cc9c1a1d6afdd4fd65ac71185d7e9087fb3d436c7cf40c823c8d2bcf5309a28b92fb3e1ffbbf0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8634fd0e919ec861c32889c3a5e6f025

    SHA1

    738bc63e1a3a846630921ff15db0d8fa569b455c

    SHA256

    6b190ca3ab276e5b8b12b7327006c8970cbeba7d64882bb1e7464945c6331ce0

    SHA512

    1f6945fa34dc1b0885167a0b3e8b534ddf9cee6886567247aa4c0ee5081d9e0ad87991bc2553c153a1439b59216900a5351cc0c848a29e7dce74bf15e565e8af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    213cbba512386bb7c111cb866d18c248

    SHA1

    134faa6c94476bf7501e5e5aeddbf019298ad6e9

    SHA256

    ec7f09d953a64dc9aef9cbff54916b9c608872d77ae7eadc4032b27fcff0cbc0

    SHA512

    efc9371ba4e6dd1a50caf1780d1855c755f1e9800ed0270d37925fc89e8181a46c4002e2cf0eb110fca4b7d51a5de92e95d28592b79592882f29acb4e3fc6c0b

  • C:\Users\Admin\AppData\Local\Temp\Cab5785.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar5867.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b