Overview
overview
10Static
static
8003e0d05-e...4f.eml
windows7-x64
5003e0d05-e...4f.eml
windows10-2004-x64
3QS75790832...QQ.zip
windows7-x64
1QS75790832...QQ.zip
windows10-2004-x64
1QS75790832...QQ.doc
windows7-x64
10QS75790832...QQ.doc
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1image003.png
windows7-x64
3image003.png
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15-03-2023 04:56
Behavioral task
behavioral1
Sample
003e0d05-e098-4f77-c885-46d789da144f.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
003e0d05-e098-4f77-c885-46d789da144f.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
QS75790832498186151LQQ.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
QS75790832498186151LQQ.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
QS75790832498186151LQQ.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
QS75790832498186151LQQ.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
image003.png
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
image003.png
Resource
win10v2004-20230220-en
General
-
Target
003e0d05-e098-4f77-c885-46d789da144f.eml
-
Size
941KB
-
MD5
b2acda5d87c402c817235bbe6c2b1300
-
SHA1
58435040fe17a26b1e49f6663db9f8dcf5b39ca3
-
SHA256
07528a336a55d5fc37f7add62ee8c61d205644808769a07601d6f54ac99dad4d
-
SHA512
d7b8129d90adcbdde33d63cae58a849985dfa64dc205472706a01918d6630348419debe27878c780910eafc57d3328a10517f1330c7e9aa3ce2c8f0ee10e5dfd
-
SSDEEP
3072:XGHGAp3b6wK0Edmu00HR8fyvemUewoTl5E/TeCZ00gKkW2X7kSYAEbqV11tUR05q:Xa/ZGfe90HR8fTHC6KCZozkdAEbs1icq
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\003e0d05-e098-4f77-c885-46d789da144f.eml:OECustomProperty cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3024 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\003e0d05-e098-4f77-c885-46d789da144f.eml1⤵
- Modifies registry class
- NTFS ADS
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx