Analysis

  • max time kernel
    122s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 10:15

General

  • Target

    malta scanner/packages/System.Xml.XDocument.4.3.0/ref/netcore50/fr/System.Xml.XDocument.xml

  • Size

    161KB

  • MD5

    9643e3203bc9f792c7d33b7e2c520c86

  • SHA1

    9ddf67622fa02cef1252693062015628bc29e1c7

  • SHA256

    682aa5c055cbe2679cfb54669fd442cc606466ab352e9256bd1960928497d8dc

  • SHA512

    c66a7014e6fdb5fca2bcc91be906c2e7f8794bab2df0d9320b77eeb7358c3ebef5478090a6daa6400edfbe07fc7db505bc8fdcef77ba2d5abfb540b5369d7ec4

  • SSDEEP

    1536:WihGPW7gZcUXAuvwkd2YJ/cISjuiybiUarErTH3RoYeoC9:oWoZTrThe7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\malta scanner\packages\System.Xml.XDocument.4.3.0\ref\netcore50\fr\System.Xml.XDocument.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1588
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e5e1fe0354431eaf55299bf6799d9f3a

    SHA1

    37fb97ba2a18aa2a99d57c79d5423a02c684fd73

    SHA256

    35e98130f95823e418349f84b5a81bcccdebe8f4a0aa6856d091cd5691f94456

    SHA512

    c234ac5c114fdd7e3615b0fe7212188dfd80d4d83364f8773f9a72289238801e23ca13275a594e34956c15217870e42e6a4c2dc086633c684728ff293e47c6e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58ec4d0f83a2714f84cc55a489361ddf

    SHA1

    8c9efc72a58034877361c7d792efd28536a134a6

    SHA256

    d482a321a3ceafe1134f0142bc46f1cd3886bdb77a5db30b9b465d06bb6136e1

    SHA512

    2133433902a42475580bd61cee408e50807d317f2b94c3421ab2d4131b0fb61f52ca144b15cea2259e916ccbfbb36983b59cfec9479d636e00d3a6aa15c1e28c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc4da733e78a50017776c6a1c7b715fa

    SHA1

    9afccf6e855e661750bfc23744ebf9c3799a43df

    SHA256

    bfab3f4afe8e162ddfd274d9e4cf9e19fbb059f5daf84334751c97914da7b003

    SHA512

    ff89b55c4b7bdb1a9f38eea4e6dd8d11caf5fdd029d3382ee22512afb3d88daca33857b278d39b9c49afb64dc75259a6ab9c2fde6e94d0ae23cbf656ae15f544

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7550b2d231d40ee3c6f31c42b0b4dd50

    SHA1

    95a6a9e5b317d901e75b032e7c9432db87b24740

    SHA256

    90ddfbf41e3f15f5cbcb4a631a0f301b378a31fe3c7fa45ef4304f9b379034a0

    SHA512

    567a850e5d0a1081b52da45f6d37814b3cee61c946b3375e7268834e08a0f8ca952e818087771ca1dc03385390f74937af32755f6b0b7356c1cd5fb739312118

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1cad9f612ccfe4c55a7a388ab4666e0d

    SHA1

    b8f2fb5482641874dc828e8bd1256a541875c04b

    SHA256

    2f91c930f2ad6393030463e9be51cd4ef1cc5f0cdae9ca80ca48540854006c04

    SHA512

    f0030d45fab1e71fece6837cd2e864878d3d3469a7084a3a8f83e2d432c47d737075a5eda0c12966a78663d395a37bfe873d877758cdb7e4a9e3817aa48ff41c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1f63a0010b3c882316de1dcbdd3336b

    SHA1

    df504bf01d742f2c429cb6aff203ae53f401f0e9

    SHA256

    247b3c0103e1ce715479c1110fdce6e9dab6681dd32bc821488c7e59f9981f60

    SHA512

    c898b45174f53e645915abe85a0bdd9400ae41f6a5e6164b57fe0414b23461e62349af002c8e5bee4950d47682c4edc1a175fcf10ba6b901e9bdb812ba342b4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13b61054a0484d635cd315ce13f2826a

    SHA1

    210e53d454f3614fa4101d1fced75664efe78a53

    SHA256

    1c53294d56fb763600cf93b3edd36eb9894bedd1c6711b2df38778f0fe587e89

    SHA512

    f7f48407f458070f3b02211c050f81c42d1f51728f54b83731e852a6d8936f6fb81da8aa808246472ad4b890ef7576fa3b1423f99200947c92978aea111c7f58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61260c723e6fa3c4f8b41d4c822d24fc

    SHA1

    a7a68577301d03b419ec43b76178a6324d9bdf83

    SHA256

    97036078667e3695fa780550b55a28d91bffe7c99b3973299469b98ba4e38f2f

    SHA512

    816c0470a663a0dc104104780b676253844d2501521f86fa9366491c1e1c66dbb3d1da859bfbb9daec3be43ed4abb93c6bbd7ec0a95b1005ca1626476f6fe697

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c458ef2fcdc8e2f23fd7d6de124e5f9

    SHA1

    0cd72055472aa42ba8805545c00d5e79382d031b

    SHA256

    dbaa8a9491af166e25aa816a1f82626fa08ced41420c8f6b27e5c01f3b70511a

    SHA512

    a8239f56eb8cc8732bb846d6ea113e4e64f75f9feb16a63e7565bb161318c2663c9deb27dfe0e5c90c1f030f90bf2b43fdc4b40caf7623cb9080cfc690f05812

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4768ec2e22fc721edbc9c33a1e08224

    SHA1

    3831091807cf4598471c4382e32cc33194a2bc04

    SHA256

    aea1ba9c4c4df70b24853fb4e27f068f9dc43eda7bafdb34a7f527f60bd0f890

    SHA512

    0b5a074c8369ecc55072ccdf1f5c78d86c4a0cd9fcb8513b4db8efdbcce7a735415f766c80a97a8b8ff7224befcc56b34894bd27e35480e3dd7e6f9948b27ce7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94e94343ce0614f345a58dbd5700fab6

    SHA1

    19d5478115d92e4e4631f7c9c77e271ab2388b06

    SHA256

    c222770ae233e278c8fe4cf1ce23a05bc41a2f7038911199ce2ff43b1653d3b8

    SHA512

    f070c87d1b4d589704e7071feef4571b5b4522c9abef273bef12b09ed0d4e26fa95e552035a79b50621f56c8f298803da18e75c3349dad98f68d29a43e28773b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b2272125a250a3ba41898b41fd7abc8

    SHA1

    e29ba4098c4d1d991fdaf579b3332fea39f71703

    SHA256

    ede4dd2de13c6e0f34e54c5154b9d188ac7680aeefdf6a170c3203afa11d3d4a

    SHA512

    24dd9f26006d541a578007b13c07940e3ea971e7fedeb8f8a338fad00876ef27e7ab8ebfe67587bd7a45e457ba24205e518d3d03c3a7419ea73c4ab46cc77b56

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45229e3d04c2c123a959ea3374d8e3c5

    SHA1

    38e1d17b51a59ae34f4736b8d77bc071154d5c23

    SHA256

    0801d484d9f1dcd983900b2df6b9412287af37e0ab0e135857125bbd953dba3c

    SHA512

    ca0b4771a6caf4ff83bc6682cf253beaed4e2d2ce0b27537a4632eebbc47480b256c4b6acfeadfff0640694ed770e508cca834a7c1b2d901af9a951b105b578b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4028c426c305c06414a762dba9f01713

    SHA1

    b3695eda35e5c479220541bbff45368c67e740ff

    SHA256

    ba0d4939c16090d8fa7193dee6c0cdf2dd7bc2056a5ae04ff1ea37d6292fbcc5

    SHA512

    0e65d84e054690422a6c5cd53a347936d7cfb26a72e34c0fdd26b370cb93eb34eb207aa46da3095fc373d97edf53ec616f139e2445b8595aea073143fdbd1298

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe39a05332a9ee5a0910f53e41fc15fe

    SHA1

    1e5315a5aa33bea32e44d314eb21ef4e29ff58dc

    SHA256

    b15f9ded49cfe0cff7cd146423d3c4815080763de787511c9e23160a7fef62b6

    SHA512

    14bc8f76b6cf901888ce1e09991c8c35e555f7d287f424b4b710c0b02164a72e6f023b2cf92c24048fb50312de2c9c0989379e7788e62cb2eab0e3463fb6f589

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da5f85a77885f162947fdaaca7c20e0b

    SHA1

    f92195d782a74f67b3872505d1d2b68a594eb6e0

    SHA256

    28473bebb67e41e44bdd63e84e1fbffbf111fa211c3d8fb2c2af46e6cbbfdeaa

    SHA512

    0a3cba582138358776080917fe1e092d9d3193fb904fb46d5e22b187ec0a079d1bda0bf3b04e64e3aa056573aae21e70b319c33b5a3bed73f3ff1fa1b1bb2e26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d79d1f1bab7e686fb6f58354025b2585

    SHA1

    b34a7e7c969a81e9a7ab76e48ad2695a0f7ada9b

    SHA256

    03192bdf950287c7fcba8fd7a6e9d1dd7bafa64eb9d08159cf51bfec78ff634e

    SHA512

    1dfc893bff47c8e3b7f1886361891a8b0186eba927125254706c6f4567fc9e9f5ed4e1c13eace9fd5c1912526e5ad948e0cf74a8cfc745c6390fdfdfaae8f7b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d78276fa019197ac48c44cc5421f045

    SHA1

    68f5dec67384fc59746ca983eb4e33c32d1fc06a

    SHA256

    9fdede2b9f7078127101c5319f599a64ae261c01b26aef8b52e66b555f10a052

    SHA512

    c56c15b92ec555d0f41abe6e48b25844783781bb1d88a2f42e8063a560d5661b2391ddc2d44c29e622a73f811768d6d4a0e013a67492a05a87c529a43e280644

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb0ee65630105f950f4f90dbe4e117c3

    SHA1

    08cd5bdbb3c52d579d9d3522f3baa5a00c37eca3

    SHA256

    cfa6c0687e82fae3f1f53c8cb99b18fbdb21238cf9e2759a1fb5eec03329d0c8

    SHA512

    5c7686e07ae57d8a37404dd8c55183b4f4ed9ca715c9238ce2e3b5489e205782cddb89b75e6ad5c4e64fe80b73376e89bb68bfe3d9877648a2d93841c5e098aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b0b9bd8b51743414ffc9420440f7222a

    SHA1

    3e855e63d68d51462aef4dabbae5d4f35a4e63e6

    SHA256

    66230ac43e52a37e69396e43146571743e54fc2c090b191a4e824c09fc79affa

    SHA512

    df74e32e7a30fc9f3d0b7c14ce3a2b9f6f39b4eaecda9a2755bdba9abf5799b91fa04b93956938af701852d9ddc9db8638c53c1e867f7ded2e971aaa4e89edbd

  • C:\Users\Admin\AppData\Local\Temp\CabBB85.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarBC24.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b