48b19a098df05aef8086fafe1967812eb39fa1411716384080277c721ef5fadb

Analysis

max time kernel
117s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2022, 19:30

Target

Merry Christmas and Happy Healthy New Year 2023!!!.msg
Size

69KB
MD5

3e4a4bd8bd3a7731d36b0023f281ffa9
SHA1

1bea3560b055b86b963b5141d2624d2dc46161cf
SHA256

48b19a098df05aef8086fafe1967812eb39fa1411716384080277c721ef5fadb
SHA512

60858f0a5c2632e5a22d35138b91c6814cb72686588996cc87479fbad7774c935b32b059e9933e242a419267c1176d9664af82068e7c25938389eb1e59e0d148
SSDEEP

1536:EeHfNdRRdKI2gnkWNWV5zHOyldbf8Uyig:d/N5dKI2gnkzFlp8Zig

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
372	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Merry Christmas and Happy Healthy New Year 2023!!!.msg"
1⤵
- Modifies registry class
PID:5072

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact