Overview

overview

6

Static

static

Kidney Donor.msg

windows7-x64

6

Kidney Donor.msg

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2023, 20:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Kidney Donor.msg

  • Size

    122KB

  • MD5

    5f629d629b337d35da0e65d79b5d4882

  • SHA1

    60e1eca7adc7a8660d140ce903a72e329c11f786

  • SHA256

    eb4003bded92d37bde24f7cf9bf7c88fd4b98cedb4c626102af4147b83400e6b

  • SHA512

    dd72cf1b3e18aed1a63d822b56c7a1b7161fc44cc171b50b0e5f0db6547bf5f30b234a1c2d3dfa2859c91ec5fadd64cd970d4c752a0939d8e0679847cb4fc26b

  • SSDEEP

    1536:PRbtCL8OeNwv8KiHWNWkZ1c12EPgoHNql5Dzni:dgeCRi/12EPgQovi

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 7 IoCs
    collection
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Kidney Donor.msg"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • outlook_win_path
    PID:940
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/presentation/d/e/2PACX-1vQUu1l1-uWXuR2Dq-_tlkRfP8Wtmmo_sVXIqBjHtvzrlNZw1KKAc0URXAWOEtDHzAbET-oVm6py3LTp/pub?start=false&loop=false&delayms=10000
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:596 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:596 CREDAT:275475 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:596 CREDAT:1651734 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2284

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          0db58fb987b9d2f495962bdff9248580

          SHA1

          2416923c991096db509f02e0771684012ab8cfbd

          SHA256

          8b3773d58939c2f52e44e09ab802be50097f80cfc67155e59b836b86e3e97fea

          SHA512

          91c13a3b0164e56fc1d2dda8774900d50a9dd185529340e166974bd529775f748d8a5f610f61ecc08fd26f2312d3bff708eb5c782ea014776927538b58cef4a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_18CF33A810D0A2D5C0C28C211FE5F3C8
          Filesize

          471B

          MD5

          47ca3cedb51ab9e282f8654033435e27

          SHA1

          69b5555f030f2391bb54a9bbb346df1e26a002fe

          SHA256

          1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3

          SHA512

          2aa7a4b0efad026629c3cd5aeaafa94dc280c0fe9ae240bf0ca71fc99e1f3a5b9e42d8bdb0d379bae46fa846b44b1bcde2947d28b32d2fee067950275265f0db

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_392D09B4041D6970192F5EF741FAA9F2
          Filesize

          472B

          MD5

          a9a6d8383e460a8e804f11a512bb9b41

          SHA1

          c96be9f9856e7c022d6d52c2b377277cfeafd9ef

          SHA256

          4858d47a453741a62a248c9e8b5e642a88b00506420ac8daa2f2bd8d82d8cb8c

          SHA512

          0bb000cbd5ddb1578c7231f407d06888df8e58914c048e8a250909babefac8b62307413b56879001aba72ea21720ca6878c8c6614c254d479f15314969182c7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_ACA51E1ABBF1573BBD9B48CF6AC4217D
          Filesize

          472B

          MD5

          bb809cfb572b68b1ae1e01bc048dbcfa

          SHA1

          a739e1a0fe77e7914d7ae95ad60100f547537f93

          SHA256

          7320fb9fc844b9a3dae88d01238fbe49c8f75911a11129d9d856229c90f9f324

          SHA512

          98813abdda991b17a3a78e6b12854b8c8fbcc6c2a16fa60f010c1a5ee5c5fcb32802236cbdec65036060ca88c5c4dcee0304774c63686c6dc902f7581681e7f6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_259154B02A93A7C95A00126214FBE388
          Filesize

          472B

          MD5

          606fcf39141ef88b306e57d4e668a4a7

          SHA1

          44beb9bacadce23c8840f7aaf7684e3ca51b8f24

          SHA256

          70590f19e047aa25431a481210a260e9a57a103f6686954b0bdbd93bf9350863

          SHA512

          6b5bb6830962f80ba69be09a5ce29a2e88b2d4e2d86a8813e0820c0d32788e996fd0236d8c5a4141edbac98923a4097f3f280749bb0df5c3baf0a784ac55154a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          fb80c0b1382d979cf7a563ff6db90a4a

          SHA1

          c054b83695102d43421ed9a11d2b631a4867f578

          SHA256

          11a135d6447021da0cfbfeaf0f220fb1bbbc28d8b537e246df30240065a10bf7

          SHA512

          7edfbce3099fac863df2f141b47671f9f8a45401a4ac7379231ee90d33590892ff83ccfa21da950b4e81fa6034cc9520c4ab73b683b2501bb3ee2073c28b8e48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_18CF33A810D0A2D5C0C28C211FE5F3C8
          Filesize

          410B

          MD5

          0bab18a962ce1eb1528c5c184f110fa5

          SHA1

          cc3c3a265c0e93338736d29c9e1337433de83958

          SHA256

          e89b60ca814d36da905dc31540a0797a96bbcc27feb69509900a178778e8a523

          SHA512

          a8b62ba75684d7f26c756d54a8428c977fba5a8e8130b5a4705ed9d3470911f90b648e0e427196edba21d383fb7490053e2bfd89bd55b3c8c4cb744574a97a9a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_392D09B4041D6970192F5EF741FAA9F2
          Filesize

          402B

          MD5

          5b08a8f7b28c0134f40f3eeb630176bc

          SHA1

          bbdcb44718374005324d78f78bd962040051af35

          SHA256

          9798c514f84328b9d896c034fdddb030a56e311410bf44d5405f52dbed1d9e76

          SHA512

          78f140d05f05120aa05f27348e172cfb8c97379cbf03fcd367abab7abe565554a282c483b0e4d2378a821d9d54855735a8d039a4544a90ee247b148979513542

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe8086d7c4990604750af464102940f3

          SHA1

          0d7af13a31695a0770d91d6f6176cbab9c336929

          SHA256

          f0055f97f327bfde9efe9c297f34c169ff1454f51d26251691762cdd049ce131

          SHA512

          01f9d9de6d59d233e5801afa913997fc827231727a3096df48ce87d2d1f3cd3f93eb365f8d2ec6ed6996a1492721f0053bd1a2829c4e2354a9fa509108215889

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d94884b25a3196ef36d3a46a30e72b52

          SHA1

          32e6a0b2a7ed3fa06d3f6cd8dcdc66b3fe1b49bd

          SHA256

          6387e99cf419b9adc1facbf89d905ff82b836a898e0bdd0048c44b26553beefc

          SHA512

          63abfc9806b2ed5fd7a0c5b698f2a39ece29d87601bcb16d3df130fa4f03cdf494f93aef9efacfe0e3c8ff2c3ab4e145cae018da085ac9d13eca4c9198daadcb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          bb98d7403a19638dd470a7cff1b804a6

          SHA1

          61e418af5c5344ac5828090a29e163bf155fea2e

          SHA256

          288bcfa51a38f00123d597cbc87fa73e8c9bd0d73fc7c77ebdf0da74b0350c31

          SHA512

          9963c8fea2a38d6a451c597525e88ea9e7b5ee9f1c93c71bff0f668692f92da3c617491d2f7e13f85debaa690bf725be4188671b43d9d2d86f54b1aee53d2f0c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_ACA51E1ABBF1573BBD9B48CF6AC4217D
          Filesize

          402B

          MD5

          6be14243d361c41a0fe0c83b03ac7313

          SHA1

          385a0372ac423a6d6951b407d5cae1ff565ef072

          SHA256

          22016c694619252310207ae6a3ef102b7fcd35e46063523698b923db4d480561

          SHA512

          ec1f66d3b5c44d0eb5a049b7369d3e89abdd2a433ced273a8dfb19ac202431d5df7e75facd6d27e1832565d1a7c992fe852c935a23f25ec40e060f0939f0bacd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          8745446f07d5d77babc94d0a3d17a5cb

          SHA1

          60713f474071c388e69cd2a3ee8fcae47d675415

          SHA256

          78bf42b4bd2e1d9aa6823b72c834d8aefde80f3b541f9f0f248cc9c75fc93a44

          SHA512

          8830443c9e85e6220b6e696bbc7ec5b3deebc9ae8107102f48c285a4e1f46232a7917f3f34b14a67da25b4d1bf748341e329a5c307113abb61c66d9aa2050de1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_259154B02A93A7C95A00126214FBE388
          Filesize

          406B

          MD5

          dc7270b13738e80728dd32c7148b42ed

          SHA1

          5990ffa70b015cb47647e66660815e0aef2b4aaf

          SHA256

          f6a5aa2c58d3c12589ef8dcb3ab45de9c850f355a8dff576247146a832fee758

          SHA512

          75ac66714b9351ce90ccbdf202f93d22f075ca1d4cbd9534436e1fa341e551fcbdadd4a733640c8724b0983c223d66e99c2c0272e874ba814289dad7561ae4e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          0768c8d983286a3934a18cc5e6916044

          SHA1

          2d24bc8c1c1ec97025fafb249189ae0221fb001d

          SHA256

          8fc1923a1257abb3fcb64e34cdea3a5bd6ed7c0ae2bc39e17bc0b723265b8054

          SHA512

          e77f0d7420ffb38c57506edf3600ca4673d2a0624068a898c2068a44ee2094abe5d9493f4f68b679ae13be81a8fedb5a077878920d6d05a27f2fd2f4cdbbf865

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
          Filesize

          24KB

          MD5

          ac2321b96b65e76d1946391a4b8b597a

          SHA1

          4fff60dc178e98ef6b9578905ce5ea991d735e36

          SHA256

          6008d46f88a5681a4bd2ea6d86d3da24c048cbd0c6ff8e89c4328b4168dea68a

          SHA512

          5edaaef1d23743cc67a26d84caa54ec3bc076ae7c3e14f41e6e0e4ea487d634fc9c63ecb1bbe8ce2ec8c5814f4639ae908da61cd8dfcc325370aff5e93eb34a9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
          Filesize

          29KB

          MD5

          3d5fbd77149e6317fbe1f5ca4c74238b

          SHA1

          e4fe0a68206e621b4837e693defa13efa213481c

          SHA256

          db3f336f0b00a37cfc775ffabbf91e6ff68bd6d1b8cebaa0912d3db1d093e9d2

          SHA512

          85834d5ba654cf669701b57ec23e68b8b19e8bdd10d39dc1e1da7df714c3aacd3d29d9b8839993b56b1eb9fd383f6581bf8be4a964c1abe774b0c739f58f662e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
          Filesize

          30KB

          MD5

          db3699898c3bc4ef322367d85e130781

          SHA1

          ed6c65688923ded036420d4a1f48d40aef4172c0

          SHA256

          5aed9ad00a2abf32f2d2268a8d06a284aee12390af75ea776fbebd92086f30c5

          SHA512

          cca0da20fd4a5607f3479eefd80dd6a27a61c3dfd9b4f460df8e11aea50d6c372ffc634460cb41a8585a13e208f07d66cb4c0eb26a790e8a7e8b883dac22e963

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV8L6YIU\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
          Filesize

          19KB

          MD5

          de8b7431b74642e830af4d4f4b513ec9

          SHA1

          f549f1fe8a0b86ef3fbdcb8d508440aff84c385c

          SHA256

          3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a

          SHA512

          57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IV8L6YIU\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
          Filesize

          19KB

          MD5

          cf6613d1adf490972c557a8e318e0868

          SHA1

          b2198c3fc1c72646d372f63e135e70ba2c9fed8e

          SHA256

          468e579fe1210fa55525b1c470ed2d1958404512a2dd4fb972cac5ce0ff00b1f

          SHA512

          1866d890987b1e56e1337ec1e975906ee8202fcc517620c30e9d3be0a9e8eaf3105147b178deb81fa0604745dfe3fb79b3b20d5f2ff2912b66856c38a28c07ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff
          Filesize

          21KB

          MD5

          9680d5a0c32d2fd084e07bbc4c8b2923

          SHA1

          8020b21e3db55ff7a02100faebd92c2305e7156e

          SHA256

          2cfe69657c55133dac6ea017b4452efff2131422abd9e90500a072df7ca5a9c8

          SHA512

          e19a498866f69f3d8136a65a5ab4e92cc047170673ed00b506e325165a84216267b9fef1e5cfd66458e85ed820c12e9c345cec9bee4de48e1c2e2b1a784f179f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\KFOmCnqEu92Fr1Mu4mxM[1].woff
          Filesize

          19KB

          MD5

          bafb105baeb22d965c70fe52ba6b49d9

          SHA1

          934014cc9bbe5883542be756b3146c05844b254f

          SHA256

          1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

          SHA512

          85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1X8BPSSJ.txt
          Filesize

          608B

          MD5

          961e49d818e14013850dc4963caad665

          SHA1

          eff8cfe0e57bb05ad045bf3fefbda06ea5529830

          SHA256

          683bd49376b3529222ef64bd88112ba5ed143e716ccd95c4661113d62618138d

          SHA512

          f04fdfbc17f4e6d08a90044b8c574dcc2e0645454c08b65b31200b077a912f7407de304a2dfbaec14113a98effcf8e1da891bb098a4584669346cdb1a0abe6d7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3O3XV81B.txt
          Filesize

          237B

          MD5

          0d40b4f20f9115b72ea8baac58ea5f87

          SHA1

          63d4cfccac55c8eed9307ca54855c90a9b87af5d

          SHA256

          6fb8e3706ff12b97e5fb4616408bb611daf5c165869c53d501257d5e1c7d3d09

          SHA512

          d2646e9cbc8bf639bff655f0185d4d0ee674e4d3f18dbff02aafeb70fb005069d6747f7b43424984dbef57491241a8a4dd2ecef2fb586d9fa3130a74e2e1d51d

          Download Submit

        • memory/940-54-0x0000000072221000-0x0000000072223000-memory.dmp

          Filesize

          8KB

          Download

        • memory/940-57-0x000000007320D000-0x0000000073218000-memory.dmp

          Filesize

          44KB

          Download

        • memory/940-56-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/940-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download