Overview

overview

6

Static

static

[external]...ul.eml

windows7-x64

6

[external]...ul.eml

windows10-2004-x64

3

email-html-2.txt

windows7-x64

1

email-html-2.txt

windows10-2004-x64

1

email-html-3.js

windows7-x64

1

email-html-3.js

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

image001.png

windows7-x64

3

image001.png

windows10-2004-x64

3

image002.png

windows7-x64

3

image002.png

windows10-2004-x64

3

image003.png

windows7-x64

3

image003.png

windows10-2004-x64

3

image004.png

windows7-x64

3

image004.png

windows10-2004-x64

3

image005.png

windows7-x64

3

image005.png

windows10-2004-x64

5

image006.png

windows7-x64

3

image006.png

windows10-2004-x64

3

Analysis

  • max time kernel
    77s
  • max time network
    71s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2022 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [external] Re_ Automatic payment via Credit Card successful.eml

  • Size

    359KB

  • MD5

    43b96d94645cf214099f61dbf9b99a77

  • SHA1

    609078efcfe6cbfdf06572af4407dcfd6e92d622

  • SHA256

    24c4f94de545416dfd664bd6b545fd4264e73e6a998730e9e035c58e03d7c30f

  • SHA512

    e6b941cb1d9c29bc602cb7da9525f2193b98c151cb19e47958bb938507538d06b347506d6d68f9fe0545852f8fcaf38a6b733dc8654b524a90fe57a4654ffd60

  • SSDEEP

    6144:UTx3bnsBQscikDtjj490vUo72quVbg5bLGZfk0ZA/8NcXoCWQwe7W1vo57:UTx3bnsBQscigtH4XKi0mvA8Mwe78e

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 7 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\[external] Re_ Automatic payment via Credit Card successful.eml"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • outlook_win_path
    PID:1676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\19KI45NE\I‎N‎VOICE-439046.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\19KI45NE\I‎N‎VOICE-439046.html:Zone.Identifier
    Filesize

    26B

    MD5

    fbccf14d504b7b2dbcb5a5bda75bd93b

    SHA1

    d59fc84cdd5217c6cf74785703655f78da6b582b

    SHA256

    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

    SHA512

    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

    Download Submit

  • memory/1676-54-0x0000000072AF1000-0x0000000072AF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1676-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1676-56-0x0000000073ADD000-0x0000000073AE8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1676-57-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1676-58-0x000000006C4D1000-0x000000006C4D4000-memory.dmp

    Filesize

    12KB

    Download