Analysis

  • max time kernel
    135s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netstandard1.0/System.Xml.XDocument.xml

  • Size

    155KB

  • MD5

    da0074c47278833302f42e3f9994e757

  • SHA1

    4da947190eeea36bd0b7c96a9b4629a5065f983a

  • SHA256

    9fd6843c586bebd309a60f356f677b48d9230e14e0fe3583cf3ae49e96ca0e1d

  • SHA512

    8303320f423fcc628215d5bc2e0f201b03baf62755b0fac3130fffa29f41106497ab84d39e6f2523fd9f0af9c25be275d83188c613381c11f679514cd23e53d8

  • SSDEEP

    1536:Fe0Xnq3C6VDANJAvfvXt0NB4XBVkJv3vS+eXSnBCzkC4jpYjGehoGQUOUfUBNBn3:6+xPwrs

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa8f3ef47b3491fbf7ff5cbb24a2e053

    SHA1

    0670ffb50f69b532d923f3d4c091b39b6929adc4

    SHA256

    d891c923e63584b12eb0a02d3a69ba61ae69f46d897dc8c5d55dc2bfb19c86fc

    SHA512

    48b22afcff5cf6e568ee0facd975ae00916289c0151987f67d82925239fd13a50a6d96bb3d20ba7b615ec6b2583d798d65453a1d6f68bb33ace6e0977af1c6f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d0dd3eec91768b6fa99a4481b9211c3e

    SHA1

    f04f438da6549656256e5cb850a233670271c153

    SHA256

    d2d6aa86081b3d6f8f60d8b2e86aacb285c1f4cc07781e1d071d3e743d653898

    SHA512

    039e3381dec7ff4d1ac6c3a8596ad88843c1948008acb6c1205836f6ad824f22f09d032e95951e34a18d2310f590b5f4d31d8014e9f79a7b6b8cbb9abb7bb096

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b69c73c72ebcb1cde48827bde9454806

    SHA1

    690547304cd8e3a9172ec2e2ce99b6c0162bdecf

    SHA256

    28b5d0c3e8019daf38bf0659e010f5404365342e844787a17602fcd72f8ba125

    SHA512

    d8bf7c87341e1a8e230ff52edf1d913f78e6daefe96142bc2788159b5d8d77124125c73091c78c4f15edf6535433eedf80b6c0296529ae51229adf8bdf504ce8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2404a67fe0401753fd23589efb5bc2b

    SHA1

    48146ead0dfc760a19bff18771a6b249aba28d62

    SHA256

    9e938b95ac4f6c95f193c561809546c05750989ce9edf461c4ada6e258367fd1

    SHA512

    92c176c76a0017dc064192efa40f6612e240ae63f16746ee81b62b8503f8e7ca009119ec8de99832e54ec762e280faa2c3ca8df014de2233e47b4b5a1dca4030

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78dfcb8949f0c8de0d936b8b9c33a51d

    SHA1

    88f311e1bdcf1231c854834bedfbe1d20eb882fe

    SHA256

    1d8dca3c3dc74a7b973b5abc0306f208f6b92d0ba872e32e41dfc1a3dbc26980

    SHA512

    4343c8a5fcb97dad7595dbeec50dbc1fb5b17ae53a69979cc50fd567ec5605906c8719f9a036c9dbd20adf11c6ffea92ea6b75edc0d78e8e58b2940b09424785

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86aa22aab81da03d8c5eea2c07be67bd

    SHA1

    f7653d5435a532821d3f2d8f35070f5bb2660d1e

    SHA256

    6bac88675273262b32a7205565029cc9611526d74de9b2211734fd72969dcebd

    SHA512

    953aec941f9c0a8b8e430eebf025cdd8a44dea89a888c8d8aec24dd40a60d682f1b333537a7a22c410d76ec1b22e7d166ed328d111f526d1f901ad34ea848e96

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a61c76c91767c5bfa9d43ba11c28b264

    SHA1

    d91d2e9d5b802159d2918095d8d193ba03948994

    SHA256

    c65e1f348c495d33269e33c8cb383da533e79cd11678d2aaf0657f7ca0d99d23

    SHA512

    ade01936d2c4e24d31e7ab337fc9c79f27d472fd6ed068b9c4e8c6803a0351d010c47a4c095aae47f23bfba93fa6baffce25fdef18d9c7f7dc75a28988df6639

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6c677d2a2cfd5544ba501b12c06598c0

    SHA1

    372c93397ba60d73ed48877aa4cbff09680eaa45

    SHA256

    5b85a761ba549e374737714fa9100a0de812553ce2d70e393ed173feea9cbb09

    SHA512

    deed2f19890d82cb913a8d80e1bf1a10aa6767814279e3de7d89f04c5efd50cd2f9356dacb959263e2cadeb353b149c500e3e6254d276b184edcc4306b974429

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00256467417fb23a02b2867a0b530584

    SHA1

    6c3d6589f4a9cb22bc5ee69a1d8de8ac7cf81a7c

    SHA256

    7882d0339e30ea90903947f3d088142c2d342333ef3a3159574e9aef5b7454f9

    SHA512

    df5f59c675834eab995554912f8b9b9f66044b9c86bd940db5c0f9fe0efceb5d3f5dc972eb36cb61623db4dd3cd6618b64ce8823ead366f0584b76be6bbbd7a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    721851f1c2b18603c448a08d7a58b06a

    SHA1

    331864d943b5a01112083b7cb6f7ec1c246402ec

    SHA256

    7a9e942c91c549f2cdfd2105390b820943b694e69ddbff3303046b884c1b9439

    SHA512

    d63fa34350ffb41b20f671fb25795fb5377dc59ffb9c2027c4dfa6a3ac9c3ebbef352d9e97bd61600409fef6c1b4897bc1f96fe59576a38b7c87f19f9518daae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9bbc051690da6c5f99882ac1cf49895

    SHA1

    0ead8c8a84695105ed1129eb377e2e34398053de

    SHA256

    a6f3766593e532f468fe78d085ad8d00be1a595e53048653082b40fa5ba82676

    SHA512

    75a936d4e3b0c79ee29c16ff719392a27ace4dc6be82846a3d673e63fdda2e8112a516950a55a55216aa5f19da035d7cfb01a6b7d83b8885c224b87aa3919369

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    caba858095f2ae88592a1fc0589ba014

    SHA1

    70cf4587feea97570d3868c7b12ee92ab9d9a654

    SHA256

    65a124e0e905504da7187bcf08f5aec8c4131c95b0f55a5b2ba7c8651090a7d0

    SHA512

    f8abfd38d68414a3cdc62e77fdf8887e2aed0cd00d2c59e1adc14ed77e68df47de4a66b8ca3a845fb9588de617d2962f42775e6588fe6e058907da77dc44c1e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14e20d0c0103deb756e9d81a939d5cab

    SHA1

    fe7c52eb0d42315f035467e2379118e9286ef6ea

    SHA256

    a589b36063dd9276eacd6b3f11637501aa07474552a26c45b6ecd3bfb59de435

    SHA512

    311af014a744b146310e650230c74d371c34b22f857e3648ffec05a7817fb6de35ae90545fa9c94dfb30489255b81f1eae3dccf7d7070cabe891009f797460f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe14429e1d0fe6eaa6f4277b0843ba43

    SHA1

    aee3a0461371c6e829393fe1fbf3ed6b57cbf006

    SHA256

    0c45f5e3c7c8d78c41eebafb13063eaa54e49dcfbb60ae683044bf293ef85c60

    SHA512

    8a04c61dee48beecaa8e262aeac2b9e6ab8c6cc7f859f0e78213eddd12279d39f8bf4193e9b4f27a699ec1e9aebd77263426ea98fc673a24767e38aeee251fd4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    587dabe8e0015d876aeb4fb89816359d

    SHA1

    5628827addceae7ac0da85c23d69de1ac6ab7d21

    SHA256

    798d635f7248f66170f242c2bf316bbce26c01d85f2c7fc54cb8f9fd4742fe87

    SHA512

    0b82488ead76374008080f94a4bd1589537bffa29351f3c324143a994429aff65aa8b74c0fbaba215e2ec31fe172a098b9810ee4943540b326b0d693f82bd389

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    524742d00306942fe90344a60bc97893

    SHA1

    6f9a6ce2e8b11971b0cc6896616c5e7ad87c9992

    SHA256

    500dbcf1fb0100e6907bc9c53774e7ce1e02ea184c58ce2c6979e1c79eeff70d

    SHA512

    631870bb995d83c5c7eefc6a83b83018a88b751ca73e749a486037023624c2f66f0bcc061b4c1553f9928b36c537a0049523584fe02de8b32009e0bcb24a889f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01bc4dd853b8eaeab35af5f91f5f4863

    SHA1

    29223846da1a5abe734117c3c5ff60be6fa7dd01

    SHA256

    c02864e36417c474e619b41475841ca5cbf3b4092159da9099633074ce0584a2

    SHA512

    6a84ac66f90ad353423b99247005cdaaed443020ae77b16ba409f36adc2c35e0ee7f9c615b8a05fad9b37a83972f241ecebec418bc9deb2d26a47000b5ac5cc8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d891b99e14729133fd3414ba508ae2ea

    SHA1

    1e9970ac03a166ad8d9fdb8f50a222742f1e40dc

    SHA256

    6d48f743fa5483e9dd89f726fd3b0166ff8896210d92498a91ae84e06572ffcf

    SHA512

    4f335c1736bdb5adc1ae563f84538eda2292e8d150e27612b678793268b8a77d056f750466f6d2df50c093456b3385bdfa7deb252a2283e849968d0a4b6b30a4

  • C:\Users\Admin\AppData\Local\Temp\Cab51EA.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar52CC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b