Overview

overview

10

Static

static

8

003e0d05-e...4f.eml

windows7-x64

5

003e0d05-e...4f.eml

windows10-2004-x64

3

QS75790832...QQ.zip

windows7-x64

1

QS75790832...QQ.zip

windows10-2004-x64

1

QS75790832...QQ.doc

windows7-x64

10

QS75790832...QQ.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

image003.png

windows7-x64

3

image003.png

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    003e0d05-e098-4f77-c885-46d789da144f.eml

  • Size

    941KB

  • MD5

    b2acda5d87c402c817235bbe6c2b1300

  • SHA1

    58435040fe17a26b1e49f6663db9f8dcf5b39ca3

  • SHA256

    07528a336a55d5fc37f7add62ee8c61d205644808769a07601d6f54ac99dad4d

  • SHA512

    d7b8129d90adcbdde33d63cae58a849985dfa64dc205472706a01918d6630348419debe27878c780910eafc57d3328a10517f1330c7e9aa3ce2c8f0ee10e5dfd

  • SSDEEP

    3072:XGHGAp3b6wK0Edmu00HR8fyvemUewoTl5E/TeCZ00gKkW2X7kSYAEbqV11tUR05q:Xa/ZGfe90HR8fTHC6KCZozkdAEbs1icq

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\003e0d05-e098-4f77-c885-46d789da144f.eml
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:3008
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads