Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 21:03

General

  • Target

    opensearch.xml

  • Size

    536B

  • MD5

    b7e32da2f991d892126ce43046af1c27

  • SHA1

    6b46683e4a6c87f485f832dd5489566110f97617

  • SHA256

    2776acb416038d5af1e52506e080e2c6ed643095eb9d9dfe9ab91dbf726d70c9

  • SHA512

    47b382bfe6291b6fad6764a6477a9826e120c1aaa3d9e1e151accd09d616c84593caa9b1cf1061245bca62f89cb8c5a5daa237d9dc10de711fb2a48f81f9de08

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\opensearch.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2920
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2268

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1e215cf5a9ceadf65af74c13a8eef7a3

          SHA1

          9b7f4c793fcd393ec4b7a80776befe18bedfa768

          SHA256

          ec1f00672b97fc9c49a7f1c8d5d75b38576bc6e207b77eda831e394a951dea38

          SHA512

          8e895ce5260d50deb1096813795c0cd6de0d8c12eb370acd6799a77f57f1006fc5c33caa6fe73b874bc559e9597991c2a951a4b9934b5ec92f4f80c3c5bd24e7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9cd9b8a92c079971323d1a720afce16b

          SHA1

          0852b5641ce6d75cc79dfe3efc905d73c0eab88b

          SHA256

          2ef9ce18a85448d1b235754cccf4c3900d1fb2603009d65115429cfc70afab67

          SHA512

          ccf87ac90d254b4dea7d0cd66dd112b0dc0f7a254f522279cc0b000ef3a813bd5e3f4c10abd298e842f0fe40c686fd8d5954e4302b8b170ffecfb0e5cf5edd21

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          28c187fb22c4b2b4ce42269b04e6446e

          SHA1

          72f4957b5ef61cf080072e90afdc1b15ad007019

          SHA256

          e8c74e727da070e0ab88362d38d2c53aad75aac7c5ceb109c27068ae2b6ca5ac

          SHA512

          50ae8e70b55f9db2b0bec4c1c8119aeb2ea3f9455fd99937b1a0e86ec5e96d73cf2b114b9f8eb6662f87ecac4ef9d15f17370474ca75000bdb648c4f152d2a5e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          38a6e6e5147a79f2e7c8da4c5638956c

          SHA1

          9348438ccae0584e8262c22880567c6d6200d871

          SHA256

          4d1073d9ab9c785e6b5b35bdb1d6374c887bd439befc3981ff3512eb7e592e94

          SHA512

          2062f5b8487dd751c2dad6e54df0f4017a73c95e2a5ff86bb69e8d260751f05937ab9527d9bf03753e833cf62e79573f2dc6161c34932c1485e00d2487190e07

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e31a5daa1b024478915b4063adc163f6

          SHA1

          d835802f0af4b4ef7265d26a3b8c38f002b4dcaa

          SHA256

          d3e33f9b925252225c5ba6b238c16e286943c3c30b8d81b11e99fe83c6d04757

          SHA512

          2dfee9d13b2ffd30d29e5269126dc39a47e0ef8229e630906d3952816f577e4a118998ffd8649eb8553b652b7cd9fe2022c2354d6c154f685989b9b5342c7f69

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9b157467fee4d1bed00e2253cccdbff9

          SHA1

          980cbc1853f84b264ee2de46ce839958865d81b5

          SHA256

          e24d708ff5b0e804a2ee00a966cebb556f7eb1766ee89b7f51566e1bef5a8650

          SHA512

          3dd01eb313660174d4f76bf8f044fcaec84b4115241ae17aa403deca59877f25f6476129ab7ecc8778e40635cff97352abf723d8b6a4cda87e5a07ed897bb42a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0030bd6d22dd4e19bdf256d95cd49fd4

          SHA1

          09dfda9a9b34650723de526b1ef5dce004ff96c3

          SHA256

          67753d3a644b043fcea38126c854baacd68a297ca635ea2bc177b209121b9a57

          SHA512

          bd2d6cedfbb91b3fffb8bd795b9cbcdfb79b9471d1c280b3dd0848ce97a9c1bd9ebd34c3c56cdb795f2dfae5705f262d06a54fb5f075e150fa765b88ede86a55

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cf2466f1c6776309dcd935bd5c7c24b5

          SHA1

          f5d82bb693fe0ce247acefeb56f22100c14ebb89

          SHA256

          72813e7d2ab55e887b2ad7e7ed1bc752f80e00a2690e5e47f853b475af3f054e

          SHA512

          3587491fe0c7faf8ed4de3c6a9e58ea740772b7b0a88c6a4349bc92715b8f66d929734d1132a03c015ca7457c437acb001bc9d93299116a6fb2d11a4ed73bc4f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3bc84ccf53dd33ec57aaf7524f806f2f

          SHA1

          f4a478765ca7497bdd12a0ae5e3e4f9b234bd28d

          SHA256

          747d5e6941aa7da6de15e0c04d9463f7635fbc52ddc39b0813329a511440cba1

          SHA512

          66c6b7dec9ceb87c65e833e37f70e97d07faec85d79156c05c69dc1021b41050c117b9896284ebfd965c062b2ce6e5f54e1357c33d555e4d8d0e7d273a9f9f0a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          33369a104462c0242ef27e0ca5565c9c

          SHA1

          cd4a0366a75e4a2dbdffac9742cdad86445fd5a6

          SHA256

          d400286a4b1b74d6b719bc3a4bdee17ae8e64d5191474785e52a057bc86d787f

          SHA512

          b67ef2e3593041edb6b5397514371e705d7de72cc9a3cabf0452807ed1411e774ba022155b2bc854090b0cbb2a691c76ecb7ebca59f53ff64889a33b41d9eb72

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6d6cb21c41f7e8b0ee13b8df08974de5

          SHA1

          9c62225215c505bff92a4c17a10170120e6ed63e

          SHA256

          cebe9bc93954d33addaa18ec7498c63b45847326830dc7d4a82470753097edd3

          SHA512

          49106aeba7a5d6a767fed66b600b1d9f0eeb53cf79bd9c3691deea3d06b4e2eedf87cd1df579aeb170aa175d56f8a50b1338e15380fce7784db7016aaeaf2692

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e9a5964727d93d2643ccedf75f13633b

          SHA1

          2c963d74e736cb1260752866a3a8d0b2766e1148

          SHA256

          89247f77641afdc0141de7766d7d9c26dba8ada40b7ba2acc90d5162f4ce6dd4

          SHA512

          b7a865b995f78e3c5deacde719a451c26a805ba57cd1b200ae691b3c7aadac662e449e28781d6c0c8a432f5800bb43c6a70358e654d4b5881cc5c046efa0c10c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          416cd4b605237dac972dd885cb318cce

          SHA1

          cd575e55978589d8cc64c0235fb19d79a1cbe551

          SHA256

          a5d03b0ad6f0d2fa36d7ecbc6a48209c328c8b077238b10c75a97dbbc2f58f80

          SHA512

          35ca8b24006c7ae9594152db3b99a1518444996b426d79081e78bd0eecf3fb2cf2fac4d9eb5d9973b956b8ae4fcfc44c93958c505167a58b13b8a7e2b8ebe6de

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          25a3993e176746edff1999f9adcdc3be

          SHA1

          301e29e6d21e889f4f92ee6b91436fa11e6e1b59

          SHA256

          3db8b317768fc4ab18088b33b40745366221b692309ab2315e50a710f0533912

          SHA512

          f978351af13937fa57321a17af8529c5c0c4c2a0ce07d83b2893d2453e98aae8f7eecdee32d27b93fc949d7c13b58328ef2c05b64ce67846bb40bf7cd740289d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a549152cea8a41c94a5a3f7522550cb0

          SHA1

          f95d5697c192de171d2d295c69e3967b1216934a

          SHA256

          5a54a44f3182997f164b854022b39e587f7f4d701aeb0eb1c42c357f70377c4a

          SHA512

          b7b7c1ac73ca9b566fa245fac0aa36233532c2e717d3d75e9f25634e5774ead130974b666c495e3821e7e6c98e9675073fa86ced4aca9663a6c4583990c753c0

        • C:\Users\Admin\AppData\Local\Temp\CabA44E.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarA4FC.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b