Overview

overview

6

Static

static

1

56342154-6...07.eml

windows7-x64

6

56342154-6...07.eml

windows10-2004-x64

3

Enquiry2314.xls

windows7-x64

1

Enquiry2314.xls

windows10-2004-x64

1

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

unnamed.png

windows7-x64

3

unnamed.png

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2023, 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56342154-666a-7621-bfbb-b6f5681cd407.eml

  • Size

    634KB

  • MD5

    c115b7bc9bff2b8607e2295708517335

  • SHA1

    90c8ef9b7b244dc18c9e7d5b3c134d97d8b243e5

  • SHA256

    2c7350104a75f91e63e895efaf250f149be13996e9e39b5f9373c8fe9c338aee

  • SHA512

    3c7d0bae14bd70422078a945e85d8773501081706de713dc2bdc82b8504c32362be3e734245b44315077f1545f4a3793db925332bae728389f30b60ac029d720

  • SSDEEP

    12288:vnK1/sBcdHGKzj/VGTDK7adbMPWy8xwxG/jSV5UZJU8i/aJ+zU:C1kBMGKz54MeyYIahI8gzU

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\56342154-666a-7621-bfbb-b6f5681cd407.eml"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • outlook_win_path
    PID:1704

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • memory/1704-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download