Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netstandard1.0/es/System.Xml.XDocument.xml

  • Size

    163KB

  • MD5

    fdffe96b2ac45e64ecc00d6e6067a41d

  • SHA1

    c7161698b80cd6a787ce28cdb09dff6a7cffb874

  • SHA256

    839c64b679e0e30e39c22b6943163960bbc30ae4772e859a1c484226e83fe07f

  • SHA512

    77b2baf6a45c2cb914d2759ecec075e37f1aa0601361c89c19bc47d3ee7d9a154120c7617faaaea7b78267edefe91b7326c0ee04f0671b2f78bbfac8a9cef33b

  • SSDEEP

    1536:NUkS2pVGvGGgWKG6SUk8yBjwVV32NZAPCreE1XLsBDF0dOz924OkAbBLTF1:NWGwOm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\es\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2856
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1dd99f1ed24ba79324f27f70341e1f46

    SHA1

    9c4bddb1e4733035a1b3d1e19f43bbcf17481f4f

    SHA256

    55769d96cc0658815352a69425851d87dc7ab33f611232a0c69f5ff6c6c799c6

    SHA512

    2dbed783ab8618a52b1675bedaabed626eea02d85c374b258d58588b81ba2a46d8d759bc1c31ec06f0de21720b9360445f082f800d8d096e996f104c1a4a13df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f63f627d9f6464500186fa98efa14239

    SHA1

    98e291bc1743f426005f03717fda8dfb658d1408

    SHA256

    8527e447369a3896fb649cd5620abb2fd3e1185f2101064d254acbc3c199f6cf

    SHA512

    079c859949b6f481e36adf91c75a27b222b3820f4bd0aec96ebcb3ee83f3b15352789c3f45d5647deffb481efc3a2794e5e5b934241656c0249a737f0aa52b7f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1aac20e2b734dbcd0ee1339a44e12ebd

    SHA1

    81c47d4161aff21798fc2212e66885030136a7c7

    SHA256

    773cf07380bb5b2b4976edbcb96d38f0b83c57a70715bf1615d88740196d0a67

    SHA512

    5cb29521a182e3cb194b901bdcf90e61b944a778a4c113f973810cab328a0711248d49a8b75c6fa395d131ecdd2b924877ee74826e09e8dd1104c4c972961080

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ff87dbaa263dd91b0b60f114948efe9a

    SHA1

    81627d1f0cdfa1cf241eceabb5f526a84fa04dcc

    SHA256

    6ef44daedf077d2734f3624418a9de640a2cef41e6d66af2595a595824fd4006

    SHA512

    102ae4bfce23041ac07db0232021174abd91012aaaf66f25173bc4dfe0536e09b0b6fdba6d75f941b397ad5aea39a6e1c5c3f29f0e22efe2d62f771f342e17ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    207b9c8eb23db4055a38718b506b0cf0

    SHA1

    4dad982fe78abc3c7da284770ac60252bf4b0bb4

    SHA256

    0cdf1eee7b70bf3f05328e0ccfea0b7b2eb6d61d92b6913069b705b9b9defc43

    SHA512

    060e1aa81ede596671a2366a4e26ed2578beac872443cf3654e1a8d79b0d0d9b1b67b9144d7f937db594e2ba30d4cf509483bbb16e4027b38312fbaf7540b887

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    07094740fec09b70d6fd979bd1b19b8e

    SHA1

    205d46399cc9328e05f12aa402d061f63b799d69

    SHA256

    df9eb57e3aa76c7795d40c9f15af271bf177aa1728d45b7a4bdce6f66842626e

    SHA512

    f631757acf5a46bee810945d3af584c9a5487a80fcbc414697a5e7e4795b4a7855b9c924c2d9bded99dbd5c3f5321c8ff474defcbe026612ba7923be69e3c56e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4948addfe46d000f8020dafc088ed514

    SHA1

    50c83a16a94b11ff717fbb6d4c0100fff1babd48

    SHA256

    719317e80a7c6363e2f4ac4c0f1e0a265d151becd3928ecc8aca67be1b7bd196

    SHA512

    e47835ca1c68bba734c8f00dc11e215df43e2d946a8b407283312e79652a1168568e45f9359e0e309ad1680e01dcd74b2a3aa58774bd8512550cf30ec1bf2ec4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    081b7bf23b437e8cec34e3814885be62

    SHA1

    8d4c6c7a03ea553daf15bf606557f27ae512401d

    SHA256

    d113705924a08b26f05d726fd1b45c4b37aaa59b95ed276cae87abd1eb49e6d1

    SHA512

    506d0b27e0b8dd8691c2ff54f5fca3582ad46fbb7162163d0506e7b4d97dd2d1a434b4f35d3d467ed8feb8fd56c015ebd65e54212a34b1eda1ed535ccccf110a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f96875bd3d66e64d0d34890f1cf403e9

    SHA1

    71a783e74e41649b51a7c8dc67aa8780b84c7ed3

    SHA256

    d3e19f755828a54b66e864900ffe6de00009a60b9b7abb6d498fc045a22ebd6e

    SHA512

    633590b47f4e61bb6560ba9cc25699fef0276ac8f58b891e38321823937474ac6b660d6b0ecff6a8249256d2ba0399227de774aa3067d15a713ece3de2b7fef2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a7a79cd0fcfe3e15676f2b7e200b583a

    SHA1

    e1ac914ad3a3dceb85b4d29f54a97bdda555e81a

    SHA256

    f9f5b0f83ec6abe233bac5aab96c14531f0e538fe10cc35e50f900fc94ed4943

    SHA512

    b9355de66226618ec606fa1f2c4a7d23c69f23837f212372910b1deca241d4164cbcb5dc34ae6026f3b8fd80675ea30d69f069c01f5e386b8fca117d4ac5f197

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4207406fe3eeffc3cd260056b83fcd7

    SHA1

    512efe28188d052c483f7552bb83e6149d8812a3

    SHA256

    d14eb9bb3a8984ab8f3bb79e34301125c79414627c55fbb0adeba608a3194325

    SHA512

    c454a0236a10d48097673a0aae5ee4139754d2e9d99fc32236ba671ac607700a9035f3bb74d7915964236c3752e1fb2bf0a12f656ecf0bcd98630a4032fc689c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40f93fc61171049d2b4c08ef7e20a204

    SHA1

    2306cf2d1ceedf4b02fad85b7d5dca474f4bebe2

    SHA256

    444bf55beed9a4456589f17cf2615a8e13541477716a661f1fbcc3f87db1638c

    SHA512

    78e3b47b9599a731573e67487295f589173f35da85cc8b43cbfb6fa1879b6206c259b243e888b40c4c69ea12521fe645414d594434ac4d9ebe5038f72e0e0fea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a7134f91dce41de2360429c1f8e032f0

    SHA1

    021ab4d810125fe3967c180e26bdd6c385f17630

    SHA256

    cbcf2931d65f55900a50c0993cc57670b1f6fb4ffe07f06eee6a747b7f82c02f

    SHA512

    8c0f503fe86741c9ac11119c2d67d54abe19dd7e4d0d3ea636c7ce26e52511919f3e9ae3ef33fcafaaa5b78d0209c4b174a03467c7846c5ab95d161406d8ffec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2cf18a980150a570f608ac6e52c3bc74

    SHA1

    35050072394b6ab3041ca237e893d1b64a3bf0f0

    SHA256

    f3934de7e29c8864a88f0d5d22cd7c9d73e0b5c3350c27f3317226a920f9465b

    SHA512

    b2be25909b2b4a843be6569d7bf9ffe784db9bb187745bb38783c8f9e09c77f4f12a1dff9b549fb60e73d54229d21f01e1f4f46f8ef626a3b8395456db77d7fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ecc7252b7be02a897e971e4e92de24b0

    SHA1

    60eb59d9c4a57855832d3e642f13617081916b29

    SHA256

    feac1dc3901c8f82da924d2d5cfbc0717a86f3a7841e1e3a3b01ad42ed1bfa6e

    SHA512

    177633878de24b2fa8c954177b32d2eb23761daae7aa64a17962ca8f4239657120e24acb4c3beca8ff1763be68d9b12890be9bdf34e0cda6b176fea58d7b5d87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b42e94c8274eb1de2ca2da63a2351258

    SHA1

    9bc5bdf342667e47eeaf03a69e61e179f9f2c916

    SHA256

    36980ca343f61cbca8370344448ad99b2594e809154200af0157184e09796751

    SHA512

    196a5669f57dbb29f0cb20cb82a7c8e3b08f899361878cdf56f9fb941f5e490be0865632daddde1ae73ee7bdeef43c83b55760ba0ec8367f0f177d205da51d50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9c7ed6c7533911200bdeda851dc8829

    SHA1

    41e1a928f638cff383e0f64ca97240b6228ae103

    SHA256

    61ccbd5166ed0aa7a25ff010a1309364fd465227230b30af446bb762aea74aa9

    SHA512

    894304e2bde0d3826c9446398408802ed75f4fe448aac6866d91d38d981be2db5cf525c4cf2f77498406adcf869b59b55de5415bb744cc145af745c6472be353

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1326d7f616e1357526b8e4104a8f7780

    SHA1

    b3cdf9cf283fc5aa4e9563310fde467a5639be8b

    SHA256

    10e05c014e4381ab0c46bc54c53a074557052846f42217545428ba2a5f8e24da

    SHA512

    70ef8a559472098633799bc04105c3df3cf00aca5af59118f389ce09619906cc66775d2e5fb4ef5e4c7b8bdf837e7b06485bf99ca0227af7f7e22c497b5ac560

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aef5afc598429f728b94f0bc9d01c079

    SHA1

    6c96ea7d47965924519391e1b6785b477dd9c910

    SHA256

    7644af83f62480d6dd222900a6ad56273a96cddc488c4aebca0f055770019e2b

    SHA512

    c99d72ae6e6bb80771febc78b2664d6632ff22507c5e4b26eae1c6437b1b00fabd1d78c8b446f5384842334c1a08cd392ed38f996fea48c336093a58309f5e91

  • C:\Users\Admin\AppData\Local\Temp\Cab459B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar468C.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b