Analysis

  • max time kernel
    134s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/zh-hant/System.Xml.XDocument.xml

  • Size

    151KB

  • MD5

    4e2dbe04b8436bc40074a3924b98cd23

  • SHA1

    0f580adcff514416ce31876f98cded4343ab7644

  • SHA256

    8e951f2ffee8e443f8bf930617df65acda35df61e47804d79be37c096a11ed40

  • SHA512

    4272adf91b894da9f3afe47d238a4dfe3249f85ee374d1ad0da5fe9075153325edce10b084cf0b64b4a29a48e784601418bc538842a65233617676531f1b8c6b

  • SSDEEP

    1536:eqrM6OCxEOcF4NSfU0fqnSjSTd7YdGBmI1m/SOqv9I8uW5SNpfKs4FgAAlrKtJIV:eqrM6OhI1m/vG28uW5S97

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\zh-hant\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1344
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6c9f022af8dd5cbd3cfdeb1a5e2fcf87

    SHA1

    235d8c0b4bfd7667561d49b1e84f5cc634d66e6f

    SHA256

    c2fa3cb3085b1907e1b3d05c9b6e7388fce4a7e4c29de7b604c0e9775756ec32

    SHA512

    c1084847c2fcc9e49bdd9c60007b6c74e13b3c7645b63c0e5e34cede5d62e09bd38b714741e91feab106a59ccbda4acb1bb1a8d20151a0401bb587f0537537f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27f04298d35d3ddb99a203d77c36c981

    SHA1

    4469941e0eb03a6795786b1d604ed8b59eb8b1b2

    SHA256

    0197c43f0d2ee3c0571933dd04dbafab0004f5227c79c5f55f8b8955d68485ed

    SHA512

    9ce41b7910fd25f52fdaea810ce56df0f067bc62ae9bde73a8229f0f39f64d896646062ad3ab3b4034f761b530f3452f0c06f60d8ead064bdf8d0ebdea067aa3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36f97eda29cfbf1aa267aea5336ac3c2

    SHA1

    730b5d1209b678985b6395b0bff9f6d6453f469a

    SHA256

    dbfe3a26b7de77b2a41e773f0921c6a776f2052752ba3bc1337778ab5577b5b2

    SHA512

    334129e7dc273e75412e42ae0736e69f50ab9a0d8fd87e45304d453dbf6cfd717607484867de996d71bd5a6663b4e219bfea099bbcdca96c75aed845d5e07eb4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8c7720d522429ec3743f9c8e03c8a1c

    SHA1

    4138e5774d565788f9d55d94022abc050208254c

    SHA256

    159089c326a23ff84c045e9eede19ed328b6aafe8580a07c2998a9cf3dc4b0a6

    SHA512

    dd721a6305427714d22d905e36e6607bb12322eb8af9f0b10d5b483082e9f1f0d56ef478f95b722663d2f43c3f7b92b0bc0cd3b8ac87df4933df3c784c4edf97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22a9bc1ba896d1497a160f5cfd3c3314

    SHA1

    33d8c5a9e1a4d6a830376b1731a1509ff255b04a

    SHA256

    4ac2de02d427cd31bb499b6f4bf802c93e84d0121901c24b257db425a1cce468

    SHA512

    7a871ed6eadb492c8ad370ab92a1288a3caa18dc8cf7151c99e2686e1e22b09cdb71972c274a6c80c15221fb4ae65efa084dcfd4325fe409bfecef5b763b31a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c176d03b85df15d6eba537fd6a7c15f0

    SHA1

    b2bd35111c8a837a4393d78415e48b17b63c2305

    SHA256

    bb93759cd3d77218b917b65cd004b0b8bf8edab34adfd36d2e0fb62d9cb75934

    SHA512

    5c0187d2be0e1e792053104079bf77d60bf31315c4cbb226fced16a82f1904f8d074613b4cebc9e4b1d8fa595aaf2b74bcac498bb50e58a8262089c989d72290

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    06fecfa041ed94ab88c1c4a173ab32b7

    SHA1

    28a8afc1ae62eee8dcc8d6083f9fe2a346e30a0a

    SHA256

    a80e2686d7bae4b3de7775cfa52641f35b9cb0773970cedd52b995541dcc178f

    SHA512

    99c66b11848805d425287b75729d5c381f741186768adbc6ea3265823ea67e1c2527f6d74b79264c0d7535522fd9275bdbb63f58eec0d255613670cbb4fbc064

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dfdbf16172ba1c6e1c4e4fae68387336

    SHA1

    1b147746e16979d0f81e562845a8b4e51bbe9d3f

    SHA256

    3546b5f53540cf569803d10f6eaae86961005390293806ff7deb0d983b605ce4

    SHA512

    c6f9c8e34bc1dc270275f558c05c6a9f322af095bc0888b384eb0de48e8890eb918956a8ace9286258b5d17ec2ca50219e94df5c4b976d75c093ea1e97b17010

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    72272b1a2be9facb45dc78c6a1f74521

    SHA1

    f40c3857bfdf117b9f26798c3070c7186c9e0641

    SHA256

    a52a9f53e1e38fd64a8e821cc0ee6709c0b3d9c81a1044666966753afccbbd1f

    SHA512

    b1c1d78f7b0c990d6a979af086b63a02a20f11e3aa50394549c6b958e2808a0b32ddea0276f070026d68518541832946dbb79db86ccab59f19e7b69512795e7e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a1afb3d3c831951ca38a3375128fef9a

    SHA1

    d68cb792704a5a040cf164113c26e6e3b1b9a05d

    SHA256

    672258c02250866c01782eb8f2fae257891a460859432cdfea89580519f4497b

    SHA512

    7bd5a919935a461f0bae692dd106258cdd8b22ed137f629c166321bd342aabf01e3180ba4dadc3088518bb9677eb081cc63d72581cffdcaa98f05258d91f86c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f4e1897ecfb3a0c9c630243042f2d92

    SHA1

    c296af4ecf696b14f54a543ce236067f4d8fa9e9

    SHA256

    15a484a863aa3320ad96c5d7fdaa8c11a527a64b60161b481ebf8ee01f082412

    SHA512

    2218f36f2300b9698ea1d983545f0d6ea076ca0f2e7e0fbf73d3f6c9dd08d9f96d45d8272b6a713c3d13eb66164f5404a18941875ebecdcb3bf8a46952062a7f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3926a72614023a7af6acf3cb6f6ea2b

    SHA1

    c4a4d628ce7ae0b1f07640a9d3ddddcff98dde7e

    SHA256

    33c622341bc36abb42e930ce1723772f93f0ed47d612a2f7752ee66f85f242c2

    SHA512

    9b6a6115bc63758d6f479df8486a1cc0fb097d33e70012f4ddc437fe0239737935c4ae03e2fccf9d9e9af9939049a273e482441987a395a52b86dbc7c8b5652b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fff25872c54aa02cac4c7a31b115161e

    SHA1

    c4f10be737cd1c8cc7198c784b26a2a1c57fb9d1

    SHA256

    dbae785508673c836a5ec12697f8e24025e6bf8fbc41d87fd70585bd77d1c2b3

    SHA512

    614849e897afbcfe43e8404ba183a4fe8140524f4038bb419aee521a6214ee38eeb2bb89a8acf6fa90c5ad444c0a4e8c7986e2327bca6c99e9a42a05df6458b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5519d9692ca365fada7df554a8c33595

    SHA1

    fcd15ae66ebf9aedd9552704a8ecadf85ddd46e7

    SHA256

    07de96e6b02f1f004867f42fb03e3eef732459156e5e8588ccc27bf7180038f5

    SHA512

    dc3415779878858faa8f4e8fe988d97557bebdd6a7b60aa033adf52c4ca09ff321615dd1f83647e72debea9843b3285f5e9b48ab59c7c33f5e564e65b25e7160

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb303cb03e2499a81e6da88eaaca9de7

    SHA1

    032869da538d5674492ef97fe960314203269ed9

    SHA256

    4d4e2deea603ce6c978039cec47238e48e96bca26a2577d5922780f43cac59fa

    SHA512

    45c4d7bc6795b0464ed106084b5bb1079d04627648fb6d95685f3a33a6867e69041c2d45f45c8a0b1f47012f8277de410fde7634f6197cc299d6ada2d3d9f4fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2c3b54fabc5d662bb50ef9e894ace1a

    SHA1

    921111454d5cc590d7040050ad4b4fe22f7bf66c

    SHA256

    8418c9c49c5433f89d42c66f54e76a0450dd42eae85cd4d92164737fbbc352b3

    SHA512

    09843b85da63eea9a9f1c6a53976d57641b46c7b8ef1213053b8c6b79756285bed45d35e9f6d9c6d2fe73250ba8715cfed1bf73f940fe541277aff6ed2b14162

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3173d81036c34aa8f87e134cd21191c7

    SHA1

    6338c414b2aa6ceeb1a5dad184de4f05d0a6ba91

    SHA256

    9569c08acd376c3140e757c89ca2a212b79df01aa05c26a72b76f3575a3e553c

    SHA512

    86e7960c62a0e544c3aa127ff709ad94f11c51477548f6c50346cb2e89f31436da3f41ac56cd65c56cf28bc9f645950ac3de8634ee304caedde8b4cf12bcaefd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    97ba7ae62a992fc8c6ffc77dc47c4088

    SHA1

    b45c693109b38b185157c08e7c61ff3847ef6647

    SHA256

    18ed9227136e2f94ebcfc2025e41eca4355d73bca1a08e020ce77ed680516116

    SHA512

    ec1896a340bccf3be5c4fd25f27ec3422b1cedbc4c2f80de7b402b4f9e92244ec25a4f71740761318619dcf3edfc49c2951744a0ae7e14c63c70cac0d9d8d793

  • C:\Users\Admin\AppData\Local\Temp\Cab4C00.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar4CA4.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b