Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netstandard1.0/it/System.Xml.XDocument.xml

  • Size

    163KB

  • MD5

    723f01ab33d7355d4c2503fdb0f710c8

  • SHA1

    41b993028d24030eeb2758ca4b51660fff8c993e

  • SHA256

    b67c206bbaddca1cfb14088d6776f7ec1b97afdea6b75498aa09e382cb2ee696

  • SHA512

    83adb34151a992c70eba4bff6f753ee20026d0823caec3f8e02afdea5f0a7516dc1f96166b10b13b3d7d9baf6d57ec125427a1fe24d73d351e517c3717274184

  • SSDEEP

    768:YkEX6ircxyYhcYSe7VowqMslzdQG2+I/DubGnjO/zyrqzhfNzX17HFuuHj342/sX:nEsslzdQiIKzh5X17HFuuHj3LEDf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netstandard1.0\it\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3bfa15d974fb7d64d49a7c1f897244c1

    SHA1

    23a26935012374aa2fa3f6ed5c41cd07b398e650

    SHA256

    cec89e538917ccdb27fabe93129d47713ce219967cec1dbdf2dcda29f7135a97

    SHA512

    7ac078f4589d6fa4bf75f38efc82fd0300346907cc3758464158dd9f0452efce79f6992fb0ca427b4e31952ffe78fa778537d8c0c39abe5166f493e9a2900d6d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e459b405e622ed9a9949e6d80f9ec61

    SHA1

    6a93226fc3ec902d6fd02a07dcd2a0a9992da4cd

    SHA256

    3e4cb7423dfae82525d33d0dfda3ce8038eeb272716b56d89c05628704d37688

    SHA512

    4ce7356e98c8980667e379ad6c41797a69dd20e888f1bdbcc1b076a3aa9d5ffcd9a22c0673f4dca4a7a23b33236aad81ae954a7097231963ca907c7240c8da16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dad462e10c3d72f5bf83c2d447b6b4e5

    SHA1

    09b863eb7865ca0202fb6f318be7b4191f7257bb

    SHA256

    8edcfa1ddfc830456114ce99d3225ea10a4dbac7954ba2e0dc375ae034a8385b

    SHA512

    bdefe29635d255da118e5fd1f83d561efbb49a4bfe5ccedae0e5f4d30df4377822d67950cadf5c648e29960abad71855a3aa31d65e1f383edce67c55a7ccae97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba864ba2d3a9f65d81bd87bfffe4216c

    SHA1

    9fc4bb92d91b4249e5cb58cdeb905bd48d94deea

    SHA256

    43c05e3540ddd20bcfe560af7d961e55e2d86cb1ede488af3b107dec40ed435b

    SHA512

    c37ca51cfa5ba2543b700e53d9054009592247379f97de0045acc582a5af69c47281fa1d80439553134abdd4c28d13f3f34a7135637572761954103946a51671

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1e05f684b64c9cbea35edf9d468eb78

    SHA1

    dae87018abf7b8ec3dd9d93878dacdf93381a117

    SHA256

    5821449124d064e2980b6a8c4a8a3ffa1882ba09b56e55dda3831dff7df8860a

    SHA512

    ce78ee5d995e72af3c966d6a1649195a831f3720912dead0260d2cfaf32788b093a1791864ba598fefa57729f847c80ab4eb7e3067b844e8a1369b45a67a72a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be3f080cb5e33e6d6cfeee1eb7e88954

    SHA1

    bc1fac97e04c2dcb44708ac653103f372efe9c1d

    SHA256

    d84d7efd3689461f7aa33ad319a31f551e3e9d52d04d3949d501aeca9a136415

    SHA512

    21b34e2f478d595f69a90be1702861cbf9f863aded9111d5d971e302677f69aff7ed372198973f8031a56a360df0c2ae286c7c3359a652038f0a44c3512ce3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5bcf285a03022f262d7b6ef2fa1c6e2

    SHA1

    7f9406f729d20351bf89c4ae7e61cc1742a4366a

    SHA256

    99a2c15b6ed094fe51faabb3e6e9c8fd85c8c435a56abfd8afe27f2548a693ce

    SHA512

    5b17455f278f853b0fcf5f737ba7a27adcd059556022d1f86505c5b52a920a153756ccbcb3ff16572173edd0a8e925719a3dfc42bf32c6cb4f8cd006585f0d6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6e37b6c66f3038cda30f24dd504088d

    SHA1

    e564e1f392996c67cd60613b62e8f917e9924167

    SHA256

    d1fc55d38bcb51f37ad8c29b60b8f79e5a3751d4eac4aee53e16fd138ff38a30

    SHA512

    881393074d331a116bb54863f09e2d98e8a96b7403d8fd541da139fe95ab34286ac63881ed293e468838d5953af029e21313bd9336f27b3a2089aee09f6c2f94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1951c16a8758e2928bdf3109c064beca

    SHA1

    dbdf55cf2843d5cf5d11acc5c1936e4458e4c56e

    SHA256

    c22683dc4fb778b1947138ec866ca7beab5d3c2fb4f9bd615f00fd6077f92700

    SHA512

    da7bcff699c94e4e962859e1bcbbe7816977e5cc00169d362f17b40682ea653ef4cd95bb642e9a6c34d62775ce57223938f52981a2f8090d9500dedab5f792a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15174e0b467b0a4b0b01a48176b5221c

    SHA1

    32c1f8bbb4d334addd2595aea82f8d6097671410

    SHA256

    bfdcae54c260e436e9fade60f0a1fe8f5e92a16bc2ed7c1f38a86584a97bb5e3

    SHA512

    bcbfc6fd7955e90e31dd507207cf8df107d813630fedf91ebc966cc050a35bd4811b57d64fb80fc8867ccd570aabd78f20851c6b8fc42fdc415f1ecb93847f61

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    955d3c8218aae2888b42a83adcc3915a

    SHA1

    1d1f7f3c582f5686043d876f7852618815336f5b

    SHA256

    dc137c1690d755f46d23b8abce4cabc93072f594f5a316d4daaed7df5fa6efb2

    SHA512

    c26d077e3adc2e79d529a7ad37101f2d9f2baf6a0d8e01f2f7a7a063162ee7de750bd3a893dcea6bbd662ed256a294525c63ca8041a56f1cd8414c0331a7d6f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adc7ee0120e3e1680bf2570afbd8f66a

    SHA1

    b03382e9f478b13b2fc19fda87a4a32a38e8ff5b

    SHA256

    0a7ef1e70c741b31d988ada1f12723db28cea16c0d49bcb7c2df654c41941348

    SHA512

    ffb627fe0ffc2d6b8380b66daa6c8bd1afb560cf7b839f7d1852af3770bce220771a69051745e4c428415fe4c7c17ed130d1bf27106a8612b4a264a17baa4b6f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    42b9c10f6113184b75b7994310c86968

    SHA1

    c37a72ced5ae528208f3cb494fdb5933f26930c3

    SHA256

    1990baa47e8de5838a6518d42f884348548b2108b273bd5033276adb21d97ef1

    SHA512

    2b0914e46c48ee9d2019f69a954b9a24cfb0fffe50e6f69652e10ea856a7b85878cfb9a2a044ca8092205a5e58f49fbd7ee772035a1afa18a774dd91e17341b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b82ad44651e4a3a580fb0f6575708dd8

    SHA1

    59c97e155054247fc6957457ca1afaef64675cbe

    SHA256

    e5edc7a5cc7df392e65e2b93f5becf761044dc06f61a20f858889cb6116a4da5

    SHA512

    684f9c27739e7294ef8ccd1f9872975c2d57291fee99580278bfd5dcd092739ce8cbb42da7be204e4debe721e275bdb62022eb268485b0610c363cecef2c7fed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6231da81bba4a2a2133c635d73c9272a

    SHA1

    8ec4febaf06c4b537ce2972ba0889e8c856b54c8

    SHA256

    ad0429584fce75c7fa12d9b4c050e4a5d2643a70737b5fe37ab48b22d3cfb298

    SHA512

    e1b100a92b7f0dd14658f1e0ee6df85de2ebb3d000dc02d2573a66f76350e24ec466fa9a51206ff720a13b77f4f8518b8ef2c798461c6b9e04b38e519e945891

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08b6100cc7b95debd01a1c74bb7c2d41

    SHA1

    e2dec46d21b316090343d144a8a4addf54144244

    SHA256

    b66b24b60c313d7eb0118266a2ebfa6f55b561e4fa384639c8792cfad45c8aee

    SHA512

    a80eabc91ea2658dba490c25cf10dbff49781e0b5cea9272a3b35b87c7601ea6a77fbf31ca095a5ce86e487c569548a0ba0238ca4138c8a20a6261893c49b1b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    972369f7463f4f3957e91b1009de3aa1

    SHA1

    d8ca273bcbdcaf36daf9d842504371a23dbe804a

    SHA256

    6a4eac147f5148b0273f2b0ca1ef800badb8c8bb01f4f065e2a0411f0eaa053c

    SHA512

    e910c30496f11ce8a88f896467554ab29d42dc95302112bcde1fc26bdca067b6ba3bdcd1feb50b51116303a2325463d7edf4f33b8d23f58cdbeee1f86ae69646

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7ad4894dc23e85fb93ca7417993499d

    SHA1

    9e2a7dde9543f0db7bad3ba8ca592d5fa02bf4ae

    SHA256

    0e94c1f90cdab614ecb20f8421a10dcec931f2ae99df750209020899c727ef68

    SHA512

    1852b788320d0b1b74ba8a1feedecb0fc9f8a62a66205b7c4b1c45b481e9f05dca4924ac687939dc041c6122a7de55d70bc1c3e1c87150a4037e650fe0a922d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e5e261fc86dc9900461f49efbf47dbbd

    SHA1

    60c0ea54667e1a07a8bd973f5ecd2b66d11104dd

    SHA256

    6e173e149edc595b9069780675eb54bf1723ecd7494f2be09f7f1e767c7ce6b6

    SHA512

    a107a7130617a8c2f42300b096b1e02b77a94d5522925f660a65357d13a28e8979035e78a0df97a289035ad7bd03efe3ce762d4e0c2ebc71dd21cc457ad1509f

  • C:\Users\Admin\AppData\Local\Temp\Cab450D.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar45BD.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b