Overview

overview

7

Static

static

4

ForwardMai...le.exe

windows10-2004-x64

7

ForwardMai...le.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ForwardMai...it.pdb

windows10-2004-x64

3

ReleasePlu...DF.htm

windows10-2004-x64

1

ReleasePlu...lp.odt

windows10-2004-x64

1

ReleasePlu...ew.exe

windows10-2004-x64

5

ReleasePlu...ew.pdb

windows10-2004-x64

3

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ry.cmd

windows10-2004-x64

1

ReleasePlu...me.cmd

windows10-2004-x64

1

ReleasePlu...df.cmd

windows10-2004-x64

1

ReleasePlu...ox.cmd

windows10-2004-x64

1

ReleasePlu...ig.txt

windows10-2004-x64

1

mboxview.exe

windows10-2004-x64

3

mboxview64.exe

windows10-2004-x64

3

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

1

scripts/HT...ry.cmd

windows10-2004-x64

1

scripts/HT...me.cmd

windows10-2004-x64

1

scripts/HT...df.cmd

windows10-2004-x64

5

scripts/PD...ox.cmd

windows10-2004-x64

1

scripts/pd...ig.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    301s
  • max time network
    518s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2022 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ForwardMails/MailKit.pdb

  • Size

    245KB

  • MD5

    ac472f76399f2be95599b42d951fa51f

  • SHA1

    182c20a5c84e84ad4fd9af4ea9420a748fd8c1a2

  • SHA256

    f6d2bd103dd3e56b6fa4fb8c9320e9df2f4bd3fceb94b0ef6f61f3478af7ed47

  • SHA512

    c162f9c9c212fcb083b775d94c8bc88b84522bfc24e1ec4986c4e3ef272d65a2ea3f8ee9e977da28b8f8fa49b6153ecebd2894356a14ca61da6ad76dded4f173

  • SSDEEP

    3072:5i9SC/K2ovizgp3Vohwfu7kQgzcNk/bstDMH6o/HwXlMlT/DBR6Q30pB:5ic2ooe3Wha5Uk/BSSrb9YB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ForwardMails\MailKit.pdb
    1⤵
    • Modifies registry class
    PID:1952
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads