Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/de/System.Xml.XDocument.xml

  • Size

    164KB

  • MD5

    36afab77fd929b928fd3917fa0076d41

  • SHA1

    ff2df9829446e137b2c7eabd0caff8b0f457707e

  • SHA256

    6510cf3333821c91129d860e6c29b0290a919eb409a58e6046a7276fae1dc814

  • SHA512

    8f4f23d0e9d70b6f2b9868d836007807237153113194ae89309e75c46949fef9ab8f9fbeef49bad8bcac825b61fc27da70c6e18f0614ccb34ed61559f19fec87

  • SSDEEP

    1536:V45oZXkM1hWC8ZYoUjkFALY0XxvVYERfRQOfblLJOPVTdY4YEU3CCFNC3tSDQbOY:XYgbe49fAC7gBgu

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\de\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2056
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94c5e02ca6c17bfe169719d6e4775365

    SHA1

    e80fe610227b23fcb19bbd1e6d9c4af204dee44b

    SHA256

    4a1f8e0cfc59783e1dbb64af048437950f8a100af80f2dc261724f09708ec016

    SHA512

    a1d07c421220f9bce00f142fbc9dd527254281e5f69138fbf998d8aaee61b15641959b407207f855667c43bcba7185de896e416c629332b508caa88b254b5934

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    75fbe946598bb57c7bbd7f77340027c9

    SHA1

    0d814182c3608380b20304e11cc418fbd24b1711

    SHA256

    2d480640eccb51fa981dbeed2526b32ca2a5e41485bf7b2e34a3e6c3af7e7c2b

    SHA512

    b5803dc4c09bd3d7d9311b5f6a016aef67e86c3a5b813ff2eadda415ffcc7092cab1db611f0805ec824583d552be41681f6322d2533c6250fcf2b373af94f827

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    999d6e1017e6086c0c6f395cc1f7fd8b

    SHA1

    baab9d2a3a0d47f3318f7edfa4faa8692b24f89b

    SHA256

    0ec1db183cc3d8638bc6e225392375096bd5a7ccfd0d068ab6d92d238685488f

    SHA512

    38a191ffb8a383e56c3328181f672a08a54b291f3e76a234ae6b3c2994d41431ad46462a80bfd9f695f0018b361243828c792c441076186d62a48a11af48ed2e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33515631d68c3bee65e905e5777dfc60

    SHA1

    ae8b420482fa689b75316a43e2af8858eb7624aa

    SHA256

    d702f30363294c91a7bdb5e57adcebb0299b3ae40d6d3aca62eef6ee133fc093

    SHA512

    4e495f75c86d0785070e3fd87020a52707ece43b4e51439ad1b8d0b597b31ba9d35e1cb415a1a729f126ea15a90adcd518af7f72cc06602099f35fcbeec1ccce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f376dee94d124c1ed01d6edebc85a357

    SHA1

    7fd4fb05180581b14283b894bc84d3a0bda3add1

    SHA256

    531842e2e962f3ec4f07775eaa3dfb0de20f8cc4ce0c739fe68cf936d6d8bb7d

    SHA512

    544ae1df215319bceb22f5b5653eb06d79f4d75e4a76f43ad79e7514230eb5a2d1e6017b3246a7fc162ee63fbe38e1f1d4013076e05f527cbad395b8fae70f89

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04e49124d61889be50d0e3b5462ee3e5

    SHA1

    4863e589037acd97e827a285396fab3d03c2b220

    SHA256

    60a5a5761ab07f1af4d0d88c64aa892c376f57eb988628ff5e46028ec186386d

    SHA512

    7a08eb9f5ea55abf883384a0991d80f57b2bf277fc81fb5e2af764f9e8e0381ce4ab7ad756e4e800cecf5004593de132ef8b35884985145f25df3d0bcd30b10c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef4b073c8b14d65e0dbcbed0bab66f70

    SHA1

    6f7c320acafd6d3acb39d4dd5f8e3b0cbe49cba4

    SHA256

    9273b1d6877333942c1f3673f60eaab0d3a04c72ead49c3fc4fbd3459aade60c

    SHA512

    a84afb851ab8ff73aafb7c06d268be2f63ab14aee24c7557443f1a00c0a13b0861773687cf4bc6a8179cc9f8279dee2577f0a94d63b5d935642851b86d1809b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7796cb20558f80c0993893533c974a77

    SHA1

    c159fea9c6474cbb39e6b7c64009212541a5628f

    SHA256

    37e35c0ffd75e812ab8b98ced0a3a15d4cdead628ac232f461a600f55a5ccd28

    SHA512

    8a664769322536b6061abcc069c3c464e0ecba4ea0428e8afc1c1795b54e3111bb0b32efcea901e5538c0b654ddd98e41193126ae4f749eaa67c976213016ec7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a1d0a896fd34b7465ea9587bbf0cc82

    SHA1

    d1942f03b3317421b2d906ace855315e9cde59a1

    SHA256

    11414ebeb5a3f99a4ec5ca7b11e0976ca09747618a64ae879ae8c9b48d063664

    SHA512

    c2c8e59a28367763e8463de36d1d0bbac18315dc12ff5f6d6ca8f7892a0f909c371f2dc8db3eddaede6bcee38effee56fb1e78247a6a5a741745f6f643020b10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fca9d476061e570b95b327c7d6877a4a

    SHA1

    7b3694fed4a88860c7527347be13ee1f486df5bb

    SHA256

    c95317bb5285d11c1ece1d4eb0ba420d815091c4e5c8d67c933799af8259e010

    SHA512

    ad4d30605afb39e1dee2243f124910542ae6ec50c3821ff51b609395b8cee0de0ea4dfde9cc710414451a07ac26a410bec24c42b8091cac11b79718bed61370d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40a9f3745a664123cb849c06e5b4a11c

    SHA1

    2c921d872248a9e61b8f21e736b4e101c10eead9

    SHA256

    3705c3c8d0b76cdce5ea1ef7d51b104efa163c1ba994e802c4f9d81ce45e81f4

    SHA512

    58edfaf42a7a28a2e9e095a107509cb1aa1a3981e6cba32eebadb4e63cb46ff65fc83da5979fc7fa0d65e1dc7d5475c2fcb7eff353eb6bd2218fd6b28b995a8a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd48cc6f82ca18f009c31f49069bc1e9

    SHA1

    5c4c9edc50050be2f6281f6c9c6b56ec04517d5f

    SHA256

    0605e36981608564d6b1695d0667a987a8f756f3ebe91d46c6ab9ba7ca30acd5

    SHA512

    2f2315d4f590584b94e17855d470d4c6e0951f9db66ec42963d582191ebef756b9b3477c17d5a9fefc6fc74381b2a077284c061c3fe94247aca5e6b09335c640

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c6b5531447fbbc6f7b01f9fea7dc6c3

    SHA1

    c95ef6476ea3646e44ee4693380851cd6eec6ae0

    SHA256

    cacd80d30ad2c0df81e61d1026ba24f521714fa96d4c32289e803ea4efa6044b

    SHA512

    c55490a7b38fb8e7192def928fdb04ad54113d1366433acc80dd95349c667c3eeeae33a3a52c572eaa830c41fffd3a7e8417d169fa6dff7d4fa90f6fee64329a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a811f980f85fe5710e1a8934194f0a1e

    SHA1

    ac98462758aa2d2a7b10a9a5f29cae37445f2f09

    SHA256

    883b6fedbcbbd273e745d9933b486813f1aea41ea18e0b4721e0eee7ae896531

    SHA512

    8dd4b6836806e48ee1b60cc585b070d2025d7bb8120bb41391e97c1364735ef4696e7377ef7e8584a91ab4a43d5e656b822b20a825dafc785e5ef90dad35c463

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    195d51985378e26426f593d2743ff695

    SHA1

    e82dd3b2d78ec45a9839e3e10ed54628b3bd8e9e

    SHA256

    2320e1b8be17200757aab38f2dbb008806778210ebdd9e4c817a0d992ea94c10

    SHA512

    f2ec522979590a4587158b7f1855221d903fb7429378c170a33a5091e2c1969a1f85f00de66292a4c424a6e3a51a5dd7ec4ebd63ed53b071a84cd55bb07a6fbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a17640d356242bad8e91ebc7a20c479

    SHA1

    c736dcb5305edd15ce2a220655dae6cd99019418

    SHA256

    e6ddb034d2636e67bb75f9c1f81501b0a65a89cd82f18a7e438ce011d3a31d45

    SHA512

    92223c3ef9352dda1d09c58c3c01333cb455d6dd66ffc91c446cbde1f04435c80964c1965c6e86fbc701d023964e8f9f3f4342ebcd442c42f69799650bafbc30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d595ff713f5e62edc25eea6973155504

    SHA1

    b1d9ad824ebe544c9f9d7514086607ffcb744e6e

    SHA256

    924abcb5cc94627cfab3efdc003f17d5ab890fa56d773cb21c9b9d135909c537

    SHA512

    da5ba57772d4a2654f11b822480329cc1081462257d1f555d833a1efe6f4960126b67598ab5cb0faf089380f30e28de5e26f462bbe4a7501f6a5759a5e28d077

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e020bc427c4534dffd346d19edf36f33

    SHA1

    d3a8eb68e4301825715363bb645988c18945cf6f

    SHA256

    6c619730419d2757542ed47cad8998fdfb1b22415c146834877a8ddc0726d40f

    SHA512

    5d07d4bbefe129f6925b8bf706152d2bb8ddaf00e985c1c707f8e30b258abc359ab2bec07591fb30827bb04251341bc855adc8d72545556b9d24afb3fd575e3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b4ca99aa536140f59d12c507cd147a6

    SHA1

    1e9802a669245b08cddaba6ad39c18c15218e8d5

    SHA256

    d213aef3ff4653c5639b9096e46e3cf49e21a00c67ab5d6a6eff65b77e088a7a

    SHA512

    9f8f12cd9f451c9c4d5748ed8447bf0f6b8487100c77bb51d583d3cbcb63ea08a89ef88048e687bfedc9144e19f70f121b0a3fce3a54ef489e699a97a9b1aa0c

  • C:\Users\Admin\AppData\Local\Temp\Cab41A5.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar4267.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b