Overview

overview

6

Static

static

Newsletter...B).msg

windows7-x64

6

Analysis

  • max time kernel
    143s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2022 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Newsletter En Paraguay proponen un complejo experimental con fotovolta... (79.7 KB).msg

  • Size

    120KB

  • MD5

    66486d5e6464f6bbd903458c59533d63

  • SHA1

    535694de035e93742b468ea398f27ebb1b7b2ee0

  • SHA256

    72cb9e47edfdec3b39202c995ec49cb620e0d5d9bca5c1ff1fe237eb1b0470e3

  • SHA512

    cfbcf73a57bcb4e60a5b153ef7eb372aac2bbaf96f18d43b4077a49e6667cdfa8abe18be6b15992b87324987afb34b8dac3148edd7b244f141820ac9ef8cb5c1

  • SSDEEP

    1536:VVfUOv8Yo3j2ISm616MZF3TAqXYn/6VgZjnY9vCN4hhTmg2lwHHWaR0xDooCE4bo:V/EnSI96lvayeLZ2p53i

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 7 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Newsletter En Paraguay proponen un complejo experimental con fotovolta... (79.7 KB).msg"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • outlook_win_path
    PID:1044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpv-magazine-latam.us13.list-manage.com%2Ftrack%2Fclick%3Fu%3D2790e780a1533f4bc05c8679a%26id%3Dfd98de1729%26e%3D031d8f4de6&data=05%7C01%7C%7Ca8109b92ab72483089fe08daa17362c0%7C42ced7fa2a984ee2b504c5d0896d07f3%7C0%7C0%7C637999814201325330%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=whRt6am5e68wviObcVF1A1eNCG432U6T765snLP2rd8%3D&reserved=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:828

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6c54c653b76af16d39d7c8e1cdf2764

    SHA1

    46cdd74a71428334d0b90e9d35bcb623a4cdd127

    SHA256

    258b22bc5555e70c8c6ae30a598e5bd39685095b71fa087910d740bd106aa21a

    SHA512

    8399b55df5e085bab6bd2058399fa2c66575e2ed94c5bd84a2c6948ab2d71319e3a679d88f6fda1673ecca4b5cda6b90e8ec8793c706d25b7e060081372ad752

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    5a8e4b4af0dcbb7d0b7330f2036f90f2

    SHA1

    322922fcdd8c90bf8831b26634a5d881111e2ef1

    SHA256

    8c73a61b058000f2e57edeb2872d7e11fb0bbd9df8a380e3845be54c7846ff3e

    SHA512

    febe4a8ea5782e8aa5304dae0618c89ff95cc6ef685fd269e8422f3679866175a860ba8c28393b3c52345a744f320321960303c20712e90b6d488b61c7ef86d1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    5KB

    MD5

    0fd39f08d4921565ae99e4f025737f06

    SHA1

    c71134f55842eec865d2aee4536794a3cc4c2151

    SHA256

    3d910d24beea3ee8a132356c5b5d61f4da8f2a8983dde4349d9dc217f2d50856

    SHA512

    5209f6e6857a9625d242e143b7064eb91286731f33ff96f10311306b1883188fea0a3ab73b0cdde291973cde04829e54cb9aedea4e26e30623ece8eeff172ad0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H1OJAI45.txt
    Filesize

    603B

    MD5

    a57a1cf2af17379a1564aa647a0e3948

    SHA1

    b0a65b7a7fb6ab40959845d6a51dc6027f3d9914

    SHA256

    396728357101ba2d84003feff46796a193862ae0090352c7cb4ef9d4cd59f0e3

    SHA512

    dc0bb8e19b195747af144d3e07b547c035d2eed1ccdbe535e1da0037951cf86392416dfbe9879d726e4e4c8cd29d7debe0adb75d6b8d2aeb9afa90b6c7d7e5f8

    Download Submit
  • memory/1044-54-0x0000000072211000-0x0000000072213000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1044-55-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1044-56-0x0000000075071000-0x0000000075073000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1044-57-0x00000000731FD000-0x0000000073208000-memory.dmp
    Filesize

    44KB

    Download