Overview

overview

8

Static

static

Quarantine...es.zip

windows7-x64

1

Quarantine...es.zip

windows10-2004-x64

1

ffcfbe72-c...af.eml

windows7-x64

6

ffcfbe72-c...af.eml

windows10-2004-x64

3

email-html-1.html

windows7-x64

8

email-html-1.html

windows10-2004-x64

8

song.png

windows7-x64

3

song.png

windows10-2004-x64

3

Analysis

  • max time kernel
    28s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quarantined Messages.zip

  • Size

    12KB

  • MD5

    b60a2721b413df1e953a3f449a5cfa8d

  • SHA1

    6f09408178844a121e2496d352ca5291d150511f

  • SHA256

    1d4e551be7e915d456c9f8330d8e063c9025664975430aa9de2df24727a04d5a

  • SHA512

    2194ca68a59334f3a52222a2fe9c793120aa044dbeae097458ce16b726ba76f2ab48fafdef1ed40f403dee1f124f41476ad729a0be2466ae46e308768f66f279

  • SSDEEP

    192:Wx3c1909upeRlGQQSW5yX+X7ynAPt6lkfcurGhXSuJrXiGK86VLB1K6ePK2tFCQ/:WEAuu6SW5YBnKrtmiuJC8S+tIQ/

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Quarantined Messages.zip"
    1⤵
      PID:2036
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1980
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x180
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1200

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1980-54-0x000007FEFC451000-0x000007FEFC453000-memory.dmp
        Filesize

        8KB

        Download