Overview

overview

6

Static

static

[加密]RE...��.eml

windows7-x64

6

[加密]RE...��.eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    247s
  • max time network
    372s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml

  • Size

    53KB

  • MD5

    b5ae9ec8e8970a1894e3cbfc89566323

  • SHA1

    6c0fcce103973c179549b15e2fdf97a4846a935e

  • SHA256

    2f44ee8fcf124707514980e80b1a8cf59af39e26d65be44db728bcac62d6ab52

  • SHA512

    fb88404bdee650bb393f8a6ee7481cee8913231915fe4cfca05bd1967360762f23a66d5b533574f7716879e22a917182ec5def4b1632664eeaa747a16713968a

  • SSDEEP

    768:PE7VaUYRUhU4BF0bbPsHLWnJk6054T83paamaqYISTJ1UtnAyLa7tKu6oi:XSTBCPsSqS83paamFY7tKuC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • NTFS ADS 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\[加密]RE_PH01_EEC_11_30__菲律賓_METROBANK_153筆.eml
    1⤵
    • NTFS ADS
    PID:4120
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
      PID:4848

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads