Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/ko/System.Xml.XDocument.xml

  • Size

    163KB

  • MD5

    7f83d8d5bcff3a5338882c60c1de1ec7

  • SHA1

    e9f32de03d40dd62e48d50948e6df6ebf7b031ca

  • SHA256

    898c1f169d8c0bfe9b4219c84de18c7272b210cedd540c9bd2b7d0f16d35c510

  • SHA512

    754934a844dadf3d920ceea4ec54097fb8507134fc3602c16fc104837969b9a9f1d0fcac31e6d92972b84908ada9271cdba7417f5b8963b73d4b61b3dc031dd5

  • SSDEEP

    3072:AMh67rJRM/W8uh8cw8NJR8i/lohqwVJRVB/N8heu8uh8Irpht1QJRr/E86h8ga8I:AMh67rJRM/W8uh8cw8NJR8i/lohqwVJt

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ko\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2804
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6524d9846c5526beaff656056a881081

    SHA1

    16da4acb3cf9288c9efa35d58ec793151163ceee

    SHA256

    8385eec6fe926fb16d87656887d8147f7fd52099784ada61dec84ec562d910f4

    SHA512

    99ff23e2a5781b39e6531a4c1a751ea4e0798bb0a85071d27995b1cd88b78ea13163c2eaedf84bb95354804d2da4c52808e129e56fc1a3b26299f7ab2df5363b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4ff004013d33d74907e1cdac4357fa5

    SHA1

    8194f3c5534e5967bb867439865ea1f8fbad7509

    SHA256

    864e18653eeb90931d9fd6967ccfbc7316d19322afd384c3e22cc212ec83b82d

    SHA512

    0dab98187d73248b5ee57f787cc5609be459214fe894f6a9a265e6861555e0540981116834c3502de424763a790f77b495ffa96466f57a685dc3c67e1c71998e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80e4c77c749aecd5292fc60cbeba9190

    SHA1

    e4948a8aba950c7ba7f375878bad230a9226f142

    SHA256

    bade5bf634d1cead9006ee15b78bdbf726d9935a5e0426fde2072e2ff0f60056

    SHA512

    5e0ed82728763d766b34c63f944361a353146cee45003b705491bb86e46bc48ef60ec1a99ba9b5832236d419865a9e6c19a4ecd489fd02f350243ab97c1325fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e3385ec0d29ab1301ec43b0f3edfc87

    SHA1

    3430d4f399769705f3802ad8ffd084606d683986

    SHA256

    1576672ddc8652866cdf565ee87e1acf3b4db9aaed0a7b08aeee3fe0caa61404

    SHA512

    0aa8977c0eab72deacd34548fb4b5482a12ca9aeaf237d9b5c434347b16d14cda2f3e5825cf6f720ecc729443f0b5fd1190c99eec56980127d7394b3135b7ba2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4d81700d7af7a657cbaf681349a8719

    SHA1

    dcac1394b98e0721eda342c37bed2597ae72f75e

    SHA256

    f08787fde8d5b75865e1de48f0ecc3bf69454fe9f6f72d6b449a54d86f200079

    SHA512

    e8e96d75a695bc979a8dacce5373c4d884a9be8c3600351a6b5be6d85bb818e1a8158fa20b84b497db87f226e7dd551ee9db362f14d66495fb9e4c7c636d33c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb93a78ed3b7979da29ed946d25ef1cb

    SHA1

    bad8b609fc48721120c648be9d143641bee18a1a

    SHA256

    f0d5c3a831e71b9ae3c55bc1f2c8d1b8f8f137918ed3354976d00ee0afcb85a2

    SHA512

    4cda64d71b2ea827a40406e9914f6194e367efd829d32500fd549a6d1f4d649b6e3ebc2d1460140952bcbcdd41c94a4481d339e2c1c52ab130156658fda068b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e89201b91c41f27c67eb5aeead50bea3

    SHA1

    15c7f5544f66fe4c7477cbd4321be327f00a780c

    SHA256

    422c045da0d6f0d3b15a210b92ee71efef6fc8c626402f0a9a6696066b92b96f

    SHA512

    fd7d2a47d19a3c1b2ab8b44a9f208eef1abd3c7338e652ffec5166936ab753932d4b0202f623195b867b8d1583599df95eb4d797d94cf229c1fa07534b7a26dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8fe1f29e7214ddc1462a1ad92f89e3bf

    SHA1

    e95918071bbafdbc37de3a02fd14b70fe55906c4

    SHA256

    a392d73a1851a04523b7c6ef959acd6d342a21e66f629ddb009c1ede150cf0bb

    SHA512

    7de8c46e70483e408c4cff17e15d7b2a69e7df5ddf26af9c5ab954feb6ff48db96c7d844b59cb33174bce9236299ad680be023c12ecfe852ea635ae96a12de4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37e6858da1c0b6035823f6a988ba5ae8

    SHA1

    df1f27d0be13a085d2a18fbed46c7766c90ff965

    SHA256

    c3e7e6ee1bc53841e5fe5b95580cb48de93fe75ab6a611c13be60f132e57c570

    SHA512

    9bd94b46c7218950c776fc3292552eaa494a6b1edbaeaf639accba665ca146fdeedc3a5266f93077184cc9e5f5de52a7c04a2c837958c67d88c2c8633f9bb5a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d7efea767f90d6e4d29b7ffc6b4d0b5

    SHA1

    8bfdbdb86d2072350048299dbbf1e3b42cd38581

    SHA256

    93262d02a1a9cc5900f4881d76792e328a6159fdaa6a019651a34a6fcc8f1e39

    SHA512

    6b7b4ce0b4ddbebc5f312bf3301f8e63c8abf1a635977867d47d1ef256f3cc147effb3bc1fb88f939b2968efde70f9812216ffedb9401e92c1b8aeb6966b0f47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc6828df8797ba936bcf6f743142ca5d

    SHA1

    a128f48ecd33646e398ea2b572ce3fb6acb89b84

    SHA256

    316178b5abfb6037be3a04910300df73e67645af7a90384ca20db3e58cc468bf

    SHA512

    862d8e83f96bd5c9316fbbd559bc35516652f4cf8f41f8c1c436223c13f1436b4f65fcdb4378990b5f8d31310e66959cc10cd18911cffc369001bda4feb9cb66

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1dc5fd9030ead674f4d6525102984a85

    SHA1

    2ff796b0fa814ea360b02a3a0ea648f584d6ead3

    SHA256

    556311d5f5598e9194ac7ba0ee6cb0006033ff3bd2dd22455547818b9a88dd56

    SHA512

    6371197219d799d7004a8cb62a3dd902877d34f3669d961033d38b57ce2bf27d6357b5a1fcccccdf5f0638b1e3c7501d50dd956d3d7db58b4581e878f383e57e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9dc57736d9ebfd5627adc7ffe76ce390

    SHA1

    71fc9dc2014ec6115b9630777e550ac4b1c9cafd

    SHA256

    0165852cb0334ff78bd0823456f1e68cb5721ff70f2eff5a33753b268e00c1b7

    SHA512

    25c0e3bee4ba971e35a445af53240291de272dc2a898a00a14b5c264eddd5b6d16d1e5aecf189bec6e2c30001fd11877d1a7b79c59a18a7006f9e9abb73342d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    343ebf32d34ceff6759964b197c7d0af

    SHA1

    f64e62ebbaf39bb845793f4fb1d935a51e435ec2

    SHA256

    fcba04cafc55e14f5f7c6327c634ff037ba51b7a463eee094d1807cba2091f82

    SHA512

    c800842283ae50a273bcad27b92ea35fa4766117c6e7ebadc3b78b51dfbb82179bd4fbdda75b409b804ecc6cac35f9bc3c9da76eba5e4e3b6390b157c5d98181

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    184ebc478f59339014a8771ac1030592

    SHA1

    fd7332c91ad3a6c84c1b6c6c6adbb300b43a7ca5

    SHA256

    c24c00185feabae024aef5e7809aaddcfcfda8b346b29f06c987b966251d9d32

    SHA512

    01e3e537063a51f67cc42209f7de4b456066d7f77239e65d96de79279a15393710849ed5595d01b8230e0ce157268284211f09c12959359205a9608c48171db5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40850edb662bfc4a2d8c555f73757996

    SHA1

    be8c33a2c770c1383eaec80febcb592d7d686322

    SHA256

    0e2c4d659d833512bb467dff60dc44584145fe6a30f59c5f020bdea75ca42e4f

    SHA512

    8270cb84af6ab3a4a7fbd70bf7d5aa88ab3cc3c55462ea470f74a431a47c395bbe0ff5f03d7ffd9a169425fbfdfecacb077a65fa543e3fafd7b9d22bc8a60bbb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82d243936550ebe358d0abd5d9e037d5

    SHA1

    c6d25e27634bb921c9f4c52e6bad8dbb72dfff7d

    SHA256

    5657bf2112d4522cd2bbaa5ac79a54f2113e466e66c898316430424d50a71881

    SHA512

    4b7558fa3dfebf658e990c69f881dab4e32d089b984346d4ed6b5bd891df2cd81e2e6ed3e1edd4017d505d58496820f815299fdc14fcf79bb939703c84cb1a5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe857f11fc51373de8dd5d1c0ac0295b

    SHA1

    c99a78cc522bc4d893534fbe371155939a283430

    SHA256

    68390d25a45ec041b45b186b51a57ce3d8cb4bf0d4500bd813f8c6cf02664854

    SHA512

    dd7b7041d9784a4069c471f59bdec12515b9371120a8771c5cbcd89ba36c84a3a6babdea7e019547ce438a06fbdcb2cda108734ad51a11ee6489687ee8acfe46

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb9433ee0b4c72ec52b79afaeebf5e2e

    SHA1

    5796b468afc39b4cb39891f187f1d6625df2c093

    SHA256

    26c8b60c93fe69c7df19fecb397bb0149b89d9f8acff336d670e615cd4da1bda

    SHA512

    682b2c8c16805d72364e24f46bd30c1147189d2391ae389be7d60a892490df7675b60675f1911479470be3a3a873943802a688203f2f47b4fa2d2b124469f73d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ea48617a08348d36a553599cd63c70f2

    SHA1

    071e04590a0cb33c482dcd56b162af2bf3009fe0

    SHA256

    fd3bd7f7f01b18c5873f883854d7b03f899d8c0f1e2bc1790bc98443fc099e49

    SHA512

    5648c6d24705866f6ef436f858c7dec30ca1cfd25d464aa56b099eda1485d32fea5ae64f3a127d20392537938bc62b745eb4a3ef00b5a2562bcfef613d111c8c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80f81dd50af3461fefa1af4d899954e4

    SHA1

    ae4fc1fd19b3d36b29d40cdceb1013e16068fc3a

    SHA256

    978495f1fc2b3a0331a05d30d8a80ca1c00ce9f81fabbba2107179f4f760bf5b

    SHA512

    3f6543c3cd27e5864140fd60a86d3f0d9170577abc6f89f15692a97d675965f7b5adcfcfeee1a487485b80a7e89e88f39b04231f7bc3875ccb41bbbb3c9de7a9

  • C:\Users\Admin\AppData\Local\Temp\Cab435A.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar444B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b