Resubmissions

16-12-2024 09:53

241216-lw48bsvpfy 10

16-12-2024 09:15

241216-k739qsvmgp 10

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 09:15

General

  • Target

    .rsrc/MANIFEST/1.xml

  • Size

    726B

  • MD5

    8ac7761540a25f0e446671e95051ad9d

  • SHA1

    dc2cbe444228a356272452dcda6a5f4f58bec4f7

  • SHA256

    46e35d3bb4e0d1dd59f3321fa8b908e7202b9bdf70151f941d58f9bee9c0ba67

  • SHA512

    7375e939af102200af9facde9a02296f074f06ca0e155b763f51f0bf0c41b66140d6eceaf720194650cb3bd4e5376d94a36bc9fc42fccdb1942894b9d13a1a93

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\.rsrc\MANIFEST\1.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3143fd7b06ec19f9c0522923b70a2d42

    SHA1

    dd025eeb33cc8e0598b08484acef62e1c02db05d

    SHA256

    f80181d7e7d22d931d6ebd3212b4af86ad5958f2a8fc606d625c40d7ab522feb

    SHA512

    64447eb94803ade2c7baf105aa1d2f1145ccc269529d41bfa9e4b5134512bea1e44dd0c5d3d506a81897e942b317077773e9c0fe4e63cd70ca4159bc17d179fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c63ca9f73dc39aa82cabba57bf3541e

    SHA1

    1c1cfeb6702fe43aec1caa7c05996d4dd38eb7f2

    SHA256

    97e95231d71eb0914e234c44cdcc14abb0515a8ef27680ef370461dd51783fb0

    SHA512

    daf6e31de7083601fd152f1f33771f16e34abb24c2e9b172dc02f8c9c854d26e753de6fce25f929b4d9b097c07a385c15d71f096f353e8a0b32f611613fe6fb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c3f18183c0a1460efe733bb6d1b83baa

    SHA1

    faa1b8ff2abb84086e3b87e0df7bed80b249dc72

    SHA256

    62ac00b0b26e198196bdc6aaed3703088df65298de681972cd347ed12bf172d1

    SHA512

    5eeeff527cef390eb60a640b340104ba1b151baae56b9c30b8fb7a2fc8987a8c7823aff5bd423de48f23d615c68ed47d6a8673dc03fc82b347fabb4b1a450c4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    42f6cf008999ea295894ce188d9df6a4

    SHA1

    33bbbc6dc98a8270bd38f42c8eea65004974a5c3

    SHA256

    b1093f18abe1a7653d0536159be8940f0fa1dc2f6a0bc88c1916f675df7fafb7

    SHA512

    8af472785defe44cd06f9d91673dcd3ed4e134032eeeee7bf6bda0398de52914ce19f7b08569ef985e5cb649729a7635fd1f211540b55df56a86a2042ac8b1c1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    836c6e0c3713d5b73a2d9057cb0caecc

    SHA1

    0727d94fecb566f9a0fda2a7aec801b1a611e1b1

    SHA256

    099cb9708a2e986fbd5c0f1e237317b2ac079c7428c798db17b55bc850487f2e

    SHA512

    5d52e763d19daf060c354feec1ab94a32fbe0b65a45265df2ed16b37657e8f8092f480f016c819291101150f286884f00573a471dc6d90a20f3ed2123a8ad7ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc679eb4c96481ff81f7f2b1022c6834

    SHA1

    849bf63a78dcad7001eceb60fa2a2a199b50b118

    SHA256

    219693c2cc08c28dd5167c429f080634b9c4a757e3254e519ffee4dfca624e45

    SHA512

    5c9ce6cd0ecd5db6952f64af9f726d40e0edb7903fd410a5ce8619cdfe8ca4cda0694cfa580602778738f2674e1017ad5db54c0f7615945e3a1fc77f03cfd41e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a3152d3830e1294824befc0affb50d5

    SHA1

    9316728c0af428548b1190515014dacac806012c

    SHA256

    f642c4bbc659f225a95c8b124b6bb2699d32369146e5d2b79369aec299a7b4da

    SHA512

    7148bf525b4b2ff8c5a913b86a7c7d8fc6575456c36b5b4cc8586e5d2281ad37bd95b288f15dac22c23555fa5a79a066f8cf7282193d53188a68271878ccb59e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96a1fd69c60ae14c743c605965701cf5

    SHA1

    cb73a376cf7107c582675d5898e0cc9f5712ce90

    SHA256

    539bf2e5082b251cf2ec5310c78ccf6d30259879b10ce73a41a278336f2103b6

    SHA512

    4af34aef6f5975a0bc228a5af8676b69730d7505dd41d1ad728b437772df402f0d0743c838bb84b4dc7031d29108a431801a027b5542ca214570051ee75cd786

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1ec6c48daf11dd0ce144b37f2f6c5ae

    SHA1

    7412472cce1c12f717ff7b4e0c04827ad9f72288

    SHA256

    1aebdb490817feecc9bca337081ce95288eb9f2041ac4d514cd4eb0f11288d1a

    SHA512

    12f241ddc1fddfd3889afbb2b6e71c5373e1db5ecaf374ce9e19e2f8057c707b342d32a2550ddc47c87fd14eaa447a96b711772cd44a9f40258c2b586656041f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d6c18d47d99214c10f5aa4aea47a57c

    SHA1

    7f018b7467b619414f27aae3b96499504e9bbfb8

    SHA256

    cb47710d42b8226dc5c96f365e130bacba0dbf35aeb0d8383cdfcf47d5e7f702

    SHA512

    1b56719c64fd51b039a4ef73e25ea947f711f0e2994d73920536648dcd92f66d894969c7d11ed4addbdb867a718ff4fd1471025920664a0426b5c0c5b2e9cc46

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f01b7737af718b85b8551a878a31067

    SHA1

    88194caea8f107b1b69cbcb60f077c7277bf09e9

    SHA256

    4c8a63ab545d0b66377eb708eb55588c698163d90884347c4ea0ded34cdc5d41

    SHA512

    4fcaa2159d958aeabca0cfb4bfcb5868decb1b39c76da090fd685650193181e4d79f7d6282c6e633ebd39b6e5875e8f861c6bfebafc9c936fe1537b93d64d9dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fec16c07f4f9e06ae564ba4683208f34

    SHA1

    e51ec57068be14a5f805ab28063749e8bda347fd

    SHA256

    b7818c213d2ed9a6cc69e57a3b56114d3e08d21671b9ca6da58e7d6eac11a0fd

    SHA512

    7dbe4211c503e452650f4b1abdccdc38bc54bc644c005d832891893ecd673a40b262b134dce86f28f2b3676119a5da29cfd539ad91a2c861f0d22f506f2e5799

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52ecaff69f2def7ba3d07a900b8ff49a

    SHA1

    a1f2a5e57df85c4811f5728869d264d8e3358422

    SHA256

    d3248b74c047ca9da29ba3ca04c2e687924471b83f5136612bc2908f030ae25b

    SHA512

    ec5b453c7a040d93679be09fab89e8e0bd9b42d43f496c7d886d903eb8ca783742351870bb3d7a5d2601f988f57e7f0a89ea046f628e8082671576056873edae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    261af6a255534e4b201263cee4cbb4ca

    SHA1

    97725c675922a492c4c1464574fcfe47d5a4b001

    SHA256

    85213c1d1e8bbee936a9ceab1253aff1695c9d216a1ad883251c1471e10ca9f8

    SHA512

    c3a7d7e91dac873b91a3ba041d6499dbdbb15d54db9b3f7fa967e16cc40d133084dbec37fecf52b12d90845dcba314b0c6d004833573ded0308c25b01d1af0ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28760526c5cb9e069b1dae45783deeeb

    SHA1

    9c7e0e9f416cee9d571f1ee2785c74ad64157654

    SHA256

    9b97c535286239ccc7a51bb1a54bde38ae3bdb016d020783b37739c81c03b9bb

    SHA512

    6fb94c3c0c6fafe7604889863a5b97a986b6870f77554c20e72e6ffc2cc6e391c4a5751cde144d5ced9c4f535e9b7ae65625a500e91583e3430f102d35353332

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    720c63c36964c6bc969cc4339e5daa5e

    SHA1

    f70d3503c421b8ca62ee2ddd4d35dafc48ba267a

    SHA256

    13faba6fe50952add6fd21129b962d769b214222d83100a4317d4f6cdb34d088

    SHA512

    b2db917e9acaaee07d4a29ebd0a1eb02637a4fe292847a02bf0fe5859c62e0fc4604d8f0fd6e3ba4811e3bbd5128ca17b54c1db164f524b55877683b569c42b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b28df16629bfb6c44984dbe0e1e5e01

    SHA1

    4386d417e9641466284c8d725ab6af596780fb08

    SHA256

    a12a4ed563cc9bd93bcb315967b0c7dc9942fc2c9d77aed31d3b0645dd019334

    SHA512

    43294ac89e7abe701ca60fab2bc26f3dee9ea7015300fc324061d35b19aa0bdef46d28ee1b30cfcb633d0875f38aaa080672f7afb286c8a09ba2d01927bc9758

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ad316ed774c1b27057b32468d850313

    SHA1

    9b43e293d16f4a43468cc642e29f3475f775eb1f

    SHA256

    42d0d57a529405fdf01e12a6e495062d93f9f4a8a77a226607434595adaf6e94

    SHA512

    41762d2458b25ac7251f3cc9d981871c9bd5156a5200e544bf9cdff962e691fc9d146b98b4c82fca23b67ebcb371a80600eb3a371aeaae163f0b79e7eaeae9d6

  • C:\Users\Admin\AppData\Local\Temp\Cab8B71.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar8C3F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b