Analysis
-
max time kernel
247s -
max time network
372s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 08:53
Static task
static1
Behavioral task
behavioral1
Sample
[加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
[加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
email-html-2.html
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
email-html-2.html
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
email-plain-1.txt
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
email-plain-1.txt
Resource
win10v2004-20221111-en
General
-
Target
[加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml
-
Size
53KB
-
MD5
b5ae9ec8e8970a1894e3cbfc89566323
-
SHA1
6c0fcce103973c179549b15e2fdf97a4846a935e
-
SHA256
2f44ee8fcf124707514980e80b1a8cf59af39e26d65be44db728bcac62d6ab52
-
SHA512
fb88404bdee650bb393f8a6ee7481cee8913231915fe4cfca05bd1967360762f23a66d5b533574f7716879e22a917182ec5def4b1632664eeaa747a16713968a
-
SSDEEP
768:PE7VaUYRUhU4BF0bbPsHLWnJk6054T83paamaqYISTJ1UtnAyLa7tKu6oi:XSTBCPsSqS83paamFY7tKuC
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NTFS ADS 1 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\[加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml:OECustomProperty cmd.exe