Overview

overview

7

Static

static

4

ForwardMai...le.exe

windows10-2004-x64

7

ForwardMai...le.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ReleasePlu...DF.htm

windows10-2004-x64

1

ReleasePlu...lp.odt

windows10-2004-x64

1

ReleasePlu...ew.exe

windows10-2004-x64

5

ReleasePlu...ew.pdb

windows10-2004-x64

3

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ox.cmd

windows10-2004-x64

1

ReleasePlu...ig.txt

windows10-2004-x64

1

mboxview.exe

windows10-2004-x64

3

mboxview64.exe

windows10-2004-x64

3

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

5

scripts/PD...ox.cmd

windows10-2004-x64

1

scripts/pd...ig.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    314s
  • max time network
    507s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2022 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ForwardMails/ForwardEmlFile.exe

  • Size

    66.8MB

  • MD5

    742702b05de177c5b0f998e5fcf15c4c

  • SHA1

    a886b60b61711a8ae1fedc42896b292b5043d1c0

  • SHA256

    ff48d80441779403dcbff56924ba642e11180e113a91d37f1ed8538e6b9ce0ec

  • SHA512

    119719f3623d235297476429c82888dd45ac0862266fae30df3c4dc76ca8fe56e092d4eeac1a229cba260e47e117f367a1f8a53886be11f45620c5e838dbd4b0

  • SSDEEP

    1572864:XMTKLbsVYIlPq3rYkctmFV1Ga6cbgghbqa9Kbu3bFYF8R0ROt11L9ax8ddBfM7H9:8TKLbEv7GPs++

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ForwardMails\ForwardEmlFile.exe
    "C:\Users\Admin\AppData\Local\Temp\ForwardMails\ForwardEmlFile.exe"
    1⤵
    • Loads dropped DLL
    PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\ForwardEmlFile.dll
    Filesize

    21KB

    MD5

    f025606ba95b0ebd0e9a2bf9661938a5

    SHA1

    dbe821d7f80b6b9944f8f3f7b2d4a9d330124c4d

    SHA256

    fc4ac02be10958e7c95fbe5135f48512266b8901fd862d320c06e1b0d22eb993

    SHA512

    f009abf3150e5535d766f4c1e77e9189590ec4ba7fce36c73a3d8da1bfc702b9830a19b2fcb203d2a040792133fe3be69ea09bed0b63e665fc58c1bce2603c3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\ForwardEmlFile.dll
    Filesize

    21KB

    MD5

    f025606ba95b0ebd0e9a2bf9661938a5

    SHA1

    dbe821d7f80b6b9944f8f3f7b2d4a9d330124c4d

    SHA256

    fc4ac02be10958e7c95fbe5135f48512266b8901fd862d320c06e1b0d22eb993

    SHA512

    f009abf3150e5535d766f4c1e77e9189590ec4ba7fce36c73a3d8da1bfc702b9830a19b2fcb203d2a040792133fe3be69ea09bed0b63e665fc58c1bce2603c3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\Google.Apis.Auth.dll
    Filesize

    140KB

    MD5

    5546cf0fb38c8263a4f9328555adc3c7

    SHA1

    a8513e5444f6a283a66e6eabe0c72f54f38902bc

    SHA256

    585e2e1074c5535742af024f6cbb19e59d4a30ca3cfc3d050ddee09754e61a8c

    SHA512

    37dcfd92e992b067c709a28ca549ec54aee8faceb7c540fd23d70fec5e1dd24b874327c937d4738137671d934be16f6c674c41f09bd1352ab4aca2f9ce073d90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\Google.Apis.Auth.dll
    Filesize

    140KB

    MD5

    5546cf0fb38c8263a4f9328555adc3c7

    SHA1

    a8513e5444f6a283a66e6eabe0c72f54f38902bc

    SHA256

    585e2e1074c5535742af024f6cbb19e59d4a30ca3cfc3d050ddee09754e61a8c

    SHA512

    37dcfd92e992b067c709a28ca549ec54aee8faceb7c540fd23d70fec5e1dd24b874327c937d4738137671d934be16f6c674c41f09bd1352ab4aca2f9ce073d90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\MailKit.dll
    Filesize

    810KB

    MD5

    46f8435a63eaef40d19b8ae7d36af566

    SHA1

    261a55cc02eef46ff8cb8d5bd24a4fcc9521adca

    SHA256

    083b0d124a6ddf88820c11f9c0ace4650e83ce68dce9d6e2a63495ed9366e2ba

    SHA512

    27bfe2af4627f387bdb9b3bc91323d19fbef8db5eba413d386f287900f2614f1d6a4d0b489e9e5c81a53a2eb24107fb8211bd5e990dd861dc26c7c541b82f709

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\MailKit.dll
    Filesize

    810KB

    MD5

    46f8435a63eaef40d19b8ae7d36af566

    SHA1

    261a55cc02eef46ff8cb8d5bd24a4fcc9521adca

    SHA256

    083b0d124a6ddf88820c11f9c0ace4650e83ce68dce9d6e2a63495ed9366e2ba

    SHA512

    27bfe2af4627f387bdb9b3bc91323d19fbef8db5eba413d386f287900f2614f1d6a4d0b489e9e5c81a53a2eb24107fb8211bd5e990dd861dc26c7c541b82f709

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\MimeKit.dll
    Filesize

    995KB

    MD5

    e1470f53b2cb8671c1f53e5923afb535

    SHA1

    838f597a0fe52c29fa70131388df0bfff1bfbdd0

    SHA256

    4bcf77c626bb6e428ddbf6facece1e0edb80f4c99c397814f617c2786c995b67

    SHA512

    013720b465925ef82fd609621c764f1489920b4851c68169031ff1ae3a854a4d94c60891c01aa2349860f94587a685978b758fcc5f6991fcd0fb7bd9f2fc58d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\MimeKit.dll
    Filesize

    995KB

    MD5

    e1470f53b2cb8671c1f53e5923afb535

    SHA1

    838f597a0fe52c29fa70131388df0bfff1bfbdd0

    SHA256

    4bcf77c626bb6e428ddbf6facece1e0edb80f4c99c397814f617c2786c995b67

    SHA512

    013720b465925ef82fd609621c764f1489920b4851c68169031ff1ae3a854a4d94c60891c01aa2349860f94587a685978b758fcc5f6991fcd0fb7bd9f2fc58d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Collections.dll
    Filesize

    286KB

    MD5

    7a3ebab1d948d2993c5a912ecbf0345f

    SHA1

    eb0dcd474da5d1fa86f0f1e59809d886166f7e56

    SHA256

    e96894634e8ac0941da9ee8f01e8f83c49ba5550709dd02f9c01ad76c3699e7b

    SHA512

    4d52d32dc8db1ae546cfd65dfda3ef4858b744f5233a166aecf918225eeba07622af9646ddfdb74fd9cd272cbe235153e6dae701461f856d51f6a1d87412cf63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.IO.FileSystem.dll
    Filesize

    189KB

    MD5

    9871a5923dfa699d6717acbac158e7d7

    SHA1

    0457fe36e9c681d9941d8b184a71b6ffad2db74b

    SHA256

    c4fd8c95026be971f4655edd1757c9dc1f869d176b44ac9e0977d73b4fb3e264

    SHA512

    81cff533bb98838b8d3cc570e7af43571f58daf13dc9d3f118038ce5dbb3636c44ee07cde0328faba2ded115fea89dd111e134f20cc8b095aea3ad34e51c4654

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Memory.dll
    Filesize

    163KB

    MD5

    716f75159c4539039775c47b7e6b5326

    SHA1

    066b04c8d9df133a9120170b80550b2f8117c9c5

    SHA256

    8b1e8cb6d9db8c6dfb8d087a3b4bab8196310c31b6382863956652d77702f951

    SHA512

    b58d439ecdddefc278d5f57ef5351032594e1d1d4037ec6e35a8721cc09223ac098d335f34dd888780903f3d2ee97c00643bc4357cab52f08031433737143abf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Net.Primitives.dll
    Filesize

    187KB

    MD5

    7c522ee6ee87392aeacd57854afb8777

    SHA1

    c54208aadf738c77667306b200cf2269bffe283a

    SHA256

    0cbb92636269a40820f5155563448ac76d8ff77b6600e5e408a94cc0380b8df2

    SHA512

    0c3bb9ba7bb8793024d33829c026a6cdf4a286c8f8898635aac9517f96635c5d3e3a24508da3c1e92a04f44a753fecc1e6aa5159949af4905af096a39a81273c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Net.Sockets.dll
    Filesize

    470KB

    MD5

    e704447fbd9cd3e6296a709ab633c5e7

    SHA1

    f86da63ad48f48752cab509e4a28e56c4574da49

    SHA256

    d0db6c1db3610ca29612d9e07c920d0627425d832d97e5537449f4e55899a97b

    SHA512

    ee2e8214bd6c9a721379c48526e04afaf1933b1381870f2f49895971213a2a9e5037e7a4641c21e853ba86fb07bed6f73278dca1ebb7ae2302f88b628e313685

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Private.CoreLib.dll
    Filesize

    8.3MB

    MD5

    5fc09dad14a05fff4786bd1881776bb3

    SHA1

    de6b780e0ec109e45688f35ace80ae7de5673352

    SHA256

    7b8a2f9c62a6c9ec82a4d70107c12ce662ef6cba4a9b6f6a09d2af709e8f8af0

    SHA512

    3f9b9edc274f7fee6f9ae1df54fc0c924e71a95e49efc31c633c0ca2e2cb1392eae1d9baa761dc5998e3c5144225acf57e5a844ee2f055405e1cfd4ce981c484

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Private.Uri.dll
    Filesize

    224KB

    MD5

    5fe8b65096f4ef57a87b942df8e4cc16

    SHA1

    5b1a9d3ebd27556c547db23ba057433929169f5b

    SHA256

    4e947c36fa82d220c744562d6c261e76d4af194dba162e943a6c693c1dd11aa7

    SHA512

    307063b76ba16cf9c646d1650b00ab710c970f7371f0df47fda631653565a34e727382ec390f8bdfd67f697ca657fc24f894be5c3dd6c613542aad9279fd1031

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Runtime.Extensions.dll
    Filesize

    187KB

    MD5

    b6e12b7fd2c5539b987c81e5b24edb53

    SHA1

    0edf58e67ba14485d55998e5f0f7f942870e60a3

    SHA256

    f16e8ee0b140ef5a0f394c24a9fc5a8608710ce2285bb29fbf5aeb9be10dc12d

    SHA512

    556d8e8688a9218f6e3bf808350c6f60fb64042b76620b7efc22eccc443fa29adb081081c1b1964f257569ce575c38e79b6c8080876438affafcf83a3597f727

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Runtime.InteropServices.dll
    Filesize

    48KB

    MD5

    0e7d635d6cccf99098c1014ba7b321eb

    SHA1

    ac3a19fac772e14f6d474db4e01c8a173d1c64e1

    SHA256

    c49ebea71385d19ebce73cddc9c53a4f81a7e554a25cf0bddf2ee20a280d4dd7

    SHA512

    9428b3c2da093741aef96cffefde68af571c1ceb836f2bfb4f2f589ad54f225e6669e255852d75ceb4852c80d51946b79334e13db3b53b8354ae1bae2d1d7891

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Runtime.dll
    Filesize

    50KB

    MD5

    9b1e204e028dfffa4bb74807b201ec0d

    SHA1

    4c6d1f366d801cf643acdcd7be2a664543e98b1b

    SHA256

    6ee6c540266d50b8826086e280f0d8f14b56889a6dfac3cb7496f3bffa5dae2a

    SHA512

    82e35a7080b1e7a9b4928fb10d8f3abc0f5ec3e7cd2da2a4f7b246a05b44fcfb48007423e15bc3b211d72037d47515990804361ba7559336e776724a62dd64af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\System.Threading.Tasks.dll
    Filesize

    15KB

    MD5

    744bc8c51ec110d91ab4389faef74118

    SHA1

    1b1828bcddb7e98b6a6b9c4302c09ce251576ebc

    SHA256

    1f6e9b759f591022c0af8820a4f950a1bda143044594ccb0680609c0354daaa7

    SHA512

    024749b180f199097ed494d9c6bc3931b8b2f82b159b396f72237c6b3ed9ccab51283e9cd37dd9b0d6002015b5f7e916226e33766ce659b39f8d4d60e137c978

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\clrjit.dll
    Filesize

    1.1MB

    MD5

    a5cb3a411cc605e2df5eeb0883141cf3

    SHA1

    b833af0ccc8a63c4606600616c65dd92372b71a3

    SHA256

    83e4c70fc959d515a21ed2d6d4b820b98bfc86263d54e0fa52586e7eac0d394a

    SHA512

    5a6a4ede4961a8c0013cfdae8eaeae879a3383bd36d266804bcdf12a87581e985c68b002564e9fffefc27e1f830a07080298e1920fab1c47386f28035ae382ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\coreclr.dll
    Filesize

    4.1MB

    MD5

    bf520b97e327e4c5257af4a078d4a22f

    SHA1

    caaca105cc1ea8445dcfea2216ba1332dcaa3c3b

    SHA256

    55e3ae09677a704ce553c251bede6df6d8eb2550b8d6f71b7a7a24fb7bd7d962

    SHA512

    f30716ee57cccb775eee4bb1cccd18656a1b5f2633fa94d1cbb3e39c82a0db0d75b62cf5b58dc2fb266a694ff0e629e02cabd67d2b256b24e0dad2cc01635e9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\hostfxr.dll
    Filesize

    459KB

    MD5

    bf56049b53cc1e6fc531a09792e3b873

    SHA1

    1206c1a990e56fffa0ef89dddf7a1d1ae1de270f

    SHA256

    fcdfba40e49ffa6eca764670c1814f46da1dec98ae7cea11d973fb0d287ab133

    SHA512

    5573f29f0a1f31c1fb74d51d1915351c64eb9c449d5ee607e8cc729eac11d180960a7f8134813ecc766cd0c3c15fff63b9987077e6bcf3fe7bf63256e03f7bd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\hostpolicy.dll
    Filesize

    455KB

    MD5

    10eb17961082c765c80fa77ee409fbcf

    SHA1

    6e99cb7c28d6e4dc82c503c6fc5881c60dd8784a

    SHA256

    ec787e91a074efe1e9a4a80d9c34c5e6f58dca03155c75e47cb5c75fd9682888

    SHA512

    f4731248de579c2a8e81adab4b9bdc5c347d7df511c9f39e31a575835bfc28da2f7cb6be4a90999723589514f3e04368f3ab98ac47eb33ce68c9cd5a14cb50ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\.net\ForwardEmlFile\cyjdqr1b.pcl\netstandard.dll
    Filesize

    111KB

    MD5

    239bcc8be505ef67c4601884baab8e4d

    SHA1

    c56466b8860ff2e50eed09613da356fbb217c1cb

    SHA256

    54f6c425cec240c40da0588df01ae5b0a1110dbe68ddaea6a21e5d8eb288dcad

    SHA512

    25bcc454e3f35f743f39daf41eb1ee4146ab788fc20b67b1438670a50e534ceb4a95aba2e46654af9994aca1e53129c897b18a94364498a061784ab746b8436f

    Download Submit