Overview

overview

6

Static

static

1

Fwd- [Nexd...53.eml

windows7-x64

6

Fwd- [Nexd...53.eml

windows10-2004-x64

3

attachment-3.eml

windows7-x64

6

attachment-3.eml

windows10-2004-x64

3

email-html-1.txt

windows7-x64

1

email-html-1.txt

windows10-2004-x64

1

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Resubmissions

07/02/2023, 07:12

230207-h1ypkaaa39 6

07/02/2023, 06:47

230207-hkmx5ada5t 3

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2023, 07:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Fwd- [Nexdigm] Payment - Invoice #IM33-1753-S3-1 Pay Remittance for 2023-02-01, 04-53.eml

  • Size

    506KB

  • MD5

    79d1f34e89466ea020de7701038b1235

  • SHA1

    37442643cb290c354fda0c7abb4edbbeb68ea844

  • SHA256

    38848e4c271c75bcdea254774e94a5e0806104235fe85920c4b160c510780ce6

  • SHA512

    8de63fc5b68163159638add687698b239054477e4bf39d94566f26edcaf5bef21415c6b52a15ed75a6b7c183530df0b6a94840617d00f4eba3ea85e6adb7be7c

  • SSDEEP

    6144:kyFP2/eReiIvwyJQusiqJ2OJVEy6fMRiVHXKvk2yKoS3CmlPT5j2Td7a45:+e1IvW2JMGXQIKosCqATx5

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Fwd- [Nexdigm] Payment - Invoice #IM33-1753-S3-1 Pay Remittance for 2023-02-01, 04-53.eml"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • outlook_win_path
    PID:2024

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2024-54-0x0000000072E81000-0x0000000072E83000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2024-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2024-56-0x0000000073E6D000-0x0000000073E78000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2024-57-0x00000000766D1000-0x00000000766D3000-memory.dmp

          Filesize

          8KB

          Download