Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/ru/System.Xml.XDocument.xml

  • Size

    198KB

  • MD5

    ced8069c5668a2673597c23d85480845

  • SHA1

    662a961393670b43cfdb8c0456242af7b678e176

  • SHA256

    3e9da418c6704070cd9c44688bc131f96158d1d9873fc9da391bf034ad88089b

  • SHA512

    b8e5f854f26423624a52545f8256108bb914b506eb45a08cbd75359a0ae2187e11e32a52da00d9cd79845181aa0ed96f70141e573ff91356777dc59d7f24a6ae

  • SSDEEP

    1536:6AKzE+of8CHENhorRh9pb0O8ZPuogFj9hi:ezE+of8CworRh9pb58ZPujhi

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\ru\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0445a4b139a7d6487ef260b12b806ae4

    SHA1

    4441f0795e5b1052680f493aad3025d139735db2

    SHA256

    976715319d2ad4239fabbd02f1d76342499b457fbcb1612ecdf022748fd8df77

    SHA512

    e30116e7756e4cdcd7f52b0724a994d5fa87d25956eb5b9e9f9e011a47301a5a546b0afb2d22588eb8ec9c1b36a29a9dabb3fa1f0bbe62f6bb5166d00c5bdc40

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f67ccdd3790cd3fdf377c3974139bac0

    SHA1

    6cfb97b99fd7a5744f55c5e41e28221cb693b7c7

    SHA256

    6785b1e87177d98a9d47dcce9aedf125598cea8f0f167809880a53c6b44f380b

    SHA512

    aae118347c7b297671b4ac12739ec11eadd1b360eac619ec8689982c1c16ffc3385752fa5645439af4b4fd32de41ac54c55d0343fa30cbfab698700e52e9fc3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d84730febd4b21f94c9835c18c22e514

    SHA1

    4bd382c308e9ff0c88f65a5680157be9dd324fac

    SHA256

    0af2b6eb1bd34ef2eeb99bcb472e42e4b30dbad9282971acf1822fcca6aec70d

    SHA512

    cf303a420f172a81d493635d69b140ec16d2d05cd56e7ca5e681ccdfa735566ea8187712fee48604c3d6fbab31e2f361fa5902726ee794bb670af20207aa6148

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb405b5860dd1d2a61c74f1d5d7d13bc

    SHA1

    df83309e23672f68074f1103177cc2fec427b07c

    SHA256

    62bee67afe5c2618887bae278250a9d48018e90d2e93323594ab5520cc6c19e2

    SHA512

    10144c3dacc01284c1b8ea6a68a16405802ae3c2c8af898a37d77c5c15ac7ae07b2301bb76d5acca8557a9928116d9adcb55fa0f92d44b976f306cd24bfd9122

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b704023a1d87c216dc7d9ddb9f2b7148

    SHA1

    f0986d20e0b2063ddc4f6840264a6db728356c8f

    SHA256

    21da8302b2347a26f8236be244864b773f0f29fb7076d337e0ceeb27182d3be6

    SHA512

    aa1b093a202627b20582e172c0b6fb953eb72196d16bbc6d0be5fa670eaf7f2834a45afce690133e4fe6b802c51edc16f686e21089ddbb5fccbc0174c1331ea7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f9fb9715e9aba73e985e613ae5d13da

    SHA1

    d05d63cc1aa70985d57b5413729f34eedebfb87b

    SHA256

    0748e79aa528013c10a0cea6dff934a5f3e0217c442d95d18a240c1868ee3082

    SHA512

    c65739c9ba1f339b7a959d2abc8ebb54a08dbabacda302a041150d4cf4b3d9d9a76ebacd0d696019f9cd1cb10bec00ec8271436d0ae229f7928815ba87f6e5a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd20dc396835add1446740dc326233e4

    SHA1

    9eab7022cd6a244ec9e8cc1f773befc5657bfdf4

    SHA256

    42253ccbb60698c13585b2abe9e0215970895eedfa8268390f0b8b26d1ef3ac8

    SHA512

    4a0b56743287d5eee5dec4866a9aa071056285eb56393ebef0f7012cdac24fa21626274ed2bbb0546413cd115ba472c7a1775a3f7d9e42ab27cced52f2aa8a74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4dd95b23a3b311a05782fb8492e11ae2

    SHA1

    8923f847841ba63da630e80e463207ef263bbed6

    SHA256

    0d19eb5230ce5aa6a72776aa15c901fc9dd3917a9e69f29ccac92e2b7c88b97c

    SHA512

    e6bf7df56cf6dc02e2e820b1bcb6d12eced90e7bb9f648f25d4779f2adac6d29916fa8429624a8a34ff6f99a6ee583c071f6f073f5af3b7719d752f54beca5bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db2d5bff9eb0f79969eb475968724982

    SHA1

    7b80636940928e90e107c8125fd72a9c5b1d4bf6

    SHA256

    aaee75171bda825267d4fc36fcdffd33adc83979aac610eb447142747737d919

    SHA512

    ed77e20d4b392d61197fcdd81b02b30daa78f8e779c095f7c3171353c69018886cbd3a3ba6afcd6346c29f2d1187340eada730c868405a98fa8b3cc970118ce3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1748e6dfff16e1ad803f76ff19ea63db

    SHA1

    24b0c18a786029368f2ca538afc992cdc5da44e7

    SHA256

    4ca658b3d82409f3e695199291a72c46297277656b54a99e81e0b97d158b58c5

    SHA512

    aa0fc4b1ca16a4e596249eb5adbcc0d277c4460ea0d7ae15db6dcafdda9d6d2dfe1cb950319a9c905eb9393e30fc639ac78cf55fb6646a8413de4a3a3fb361ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c4e7d2f09b0900cb0ef3cbd3990648fc

    SHA1

    5c471fb5ad3c3bd3d19cb550292f53746e840d33

    SHA256

    c5c088e7dc7589668aa27367016b95965e9027d381c36ab7b6acf6ac7ef1d182

    SHA512

    c856f18b207c2a40050dbef0d76bf00f7827e895140373a482199d466636a1e1d063e1ad629013fea480bc528ac09d13677ce600fc04d2bc1e88e6bbfbe8f7d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b99023dbef752734aeddccd2b959510

    SHA1

    0a1dd70b88bf327847523abd55678421e80a1bd4

    SHA256

    fba4ed489d3ef099d5e1eb1484559717dd0762dabed46f7c4811879ccfab7bc0

    SHA512

    31449c0c0b11df3c99c15bb79d87116d86afd6ff7ffd9c94aebffe5a11a5b94f1ccbd0269ae7e124a12c8b6e1a20e910ccd3447a16b947e73e4bb95db3525ff7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27641ee7f5a7a07f5169d1b9cc10f9a7

    SHA1

    287e3dcb4e156a61b4632a894837181c149e1ce5

    SHA256

    de2010288e70b9e2910759aa766ffe2407f53c674d9c1e927dc3f7bc36c52c34

    SHA512

    38491d3370e001f964815de15ed5f914342c9c44411b1a503c9adb68154132e6efa7a2a60ab416b98f7705ebcadfbec9cba86bf397a6f92a0487f4cdb0dd0698

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    670e29cb51b9424c83adfbce23075d1e

    SHA1

    c4ee4a4ae82e44cac7ce3b56889c801ab796d394

    SHA256

    97a08c00445b6a6052a690542151f212f6bbc106f51b01dc84285274a5612a8c

    SHA512

    16110432acc7849f03b66f669921194b83c2451d7148792a14b16e523f2f193c4d3453bfda7f95dc5610acb1ed3d954d0b20b5ef91fdd098973ea4a67c68450b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    050351f1acc5befc5698c8a5647ec990

    SHA1

    c6c52ea15a51f112bdd591eef2199023b79b1073

    SHA256

    a0aa72e6f8a13b63a478debe5df2fd26b27591adf3445dfd4f3890c94901142b

    SHA512

    0e5bc3d72a790aeaed9fe66e6639f3854c72ee33994775d7b73d3ec25a8f9ced0f3f487f7eba6fc8987d0adf527c7081b6a92c5f40b1fa2f8a706c86a001eedd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    536e2ec8323f791d4d6ce0b8be134a61

    SHA1

    a27dc9696e7e75a9562aa506163bd8c0b81ab501

    SHA256

    423b2fe970f988337a28a1aff822c752696195f8bcfe87285472d5c0b1b29612

    SHA512

    9570ec83836cce1ca3de5aefc969eb9bf20040945da97e55e97e9ed2170cf3906484a8717f59f21edc02a1f644d79bebe26522e054aaa714eebe53ba835a6784

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ace81162d36be5f314dcccedd5b8f501

    SHA1

    6cc86e401bd2ef2f6ab0aa1c6a9e69eb384169d8

    SHA256

    1f60a9b4552099a6f6745f91209cfb0867ad670b56b5f648e27d78fd6c4c28b5

    SHA512

    79d5dbda268a3e6208e990808f29806d2438b596fe5ec817165b25cf65cbdf6217852916ae9dc715acd08dc6f1bd10cad8b3e741b566d6cac6da5c56d0abfc45

  • C:\Users\Admin\AppData\Local\Temp\Cab38AE.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar39A1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b