Analysis
-
max time kernel
110s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
02-10-2022 20:23
General
-
Target
fwdPacking List (8.76 KB).msg
-
Size
25KB
-
MD5
22cac913784ba7331e7aa96ce23fc7ed
-
SHA1
470cb89eaf735348d3ddc0ec1dd25d51a390e653
-
SHA256
c3dabf7c8397559c952aa488cf7f6ad57ba614e0e17923ac061a5cadcc94c6ef
-
SHA512
f4055bbd44abda4a9eb20a95ee372e981f8963bf78e7d5ba04542fc6e6629a95f6d9cdd6315cd9b27c508ff3c94c762d5faa4f687b150b888d9a189210755ca0
-
SSDEEP
384:4sSDaf9+XzLT4qgFxJb3ujB5GbEpw144fLnxdjU1o78/8sA:4sSDaf9+XvT4qgFfb+rGyw14k/8o7O
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 39 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\fwdPacking List (8.76 KB).msg"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\fwdPacking List (8.76 KB).msg2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1672-132-0x0000000000000000-mapping.dmp