Analysis

  • max time kernel
    114s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 06:41

General

  • Target

    2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml

  • Size

    863KB

  • MD5

    f9b27c9bb589cd03d51e5425f48173de

  • SHA1

    a6b367db3ba36c1ef38f336dc1790847ecf54d00

  • SHA256

    dd3b7834b68dfff8b39140d4ace6cf699605f9104456b92a98c1844ec42d949d

  • SHA512

    8c86630b73f9a8143205316aada326813be9471d2e051e223f9e6cf6e8a1ddd99d3628aa4b0fa59c6040381a2289f4a0a40d6d46b4b25381a77bf188dcf560ad

  • SSDEEP

    3072:bM2ba7acpTwaPlTeIrkHNU4hRElmvOE5Akf3TYGZmtOK2TRNPtjShyFrZHk1PzB:bMVzwaARNPhREif5xvUINMcZHkxB

Score
6/10

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\2d9e4dd3-3ed4-dc8e-67f5-857831686eea.eml"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • outlook_win_path
    PID:1928

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Filesize

          240KB

          MD5

          3084734aedd3f063dba22912a16ca0b1

          SHA1

          2c90e3d1aa3275564271d61e3458179daebc95c0

          SHA256

          80225c03f3bc8957d71a8b388d7cc73d277b9f0e14e56a22b99905b5cf8ebcc0

          SHA512

          675e240b5e447a16810b1f72507ed69d8e366b657aa2a35d0b101f4004323819ed8f73eb4a598c8bd05364a8a5050d652d85065214f14e7dd1787ab993056e92

        • memory/1928-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB