Overview
overview
10Static
static
852c03506-a...92.eml
windows7-x64
552c03506-a...92.eml
windows10-2004-x64
3Electronic...23.zip
windows7-x64
1Electronic...23.zip
windows10-2004-x64
1Electronic...23.doc
windows7-x64
10Electronic...23.doc
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1image001.png
windows7-x64
3image001.png
windows10-2004-x64
3Analysis
-
max time kernel
108s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
15-03-2023 05:15
Behavioral task
behavioral1
Sample
52c03506-a7da-5b88-f72d-0d619d687292.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
52c03506-a7da-5b88-f72d-0d619d687292.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Electronic form Dt 03.07.2023.zip
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Electronic form Dt 03.07.2023.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Electronic form Dt 03.07.2023.doc
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Electronic form Dt 03.07.2023.doc
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
email-html-1.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
image001.png
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
image001.png
Resource
win10v2004-20230220-en
General
-
Target
52c03506-a7da-5b88-f72d-0d619d687292.eml
-
Size
917KB
-
MD5
dd4e84ef5a633b36a5e906fa3d0ba5fb
-
SHA1
6a655e943b310f9a074395a288813ef6970b420a
-
SHA256
4a2330672b0fb2cc9105ceeb860d7d07fc336506e460cce3c3812bad07d9307a
-
SHA512
c047cbea02e8455f0d356e26ca0cc180d596e80cda0ba1873c7d7f1c6fb8414fc68e042f28f8d237cf465d778d69faad93d14055de57bbfd160d0343f47870f1
-
SSDEEP
6144:C0YVxr1QNujLnBRwwWzNKH6VqnlUXbkO6+RTx1SNTJL+ct:C0G4+LndENw9lUXbPpvW1+8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\52c03506-a7da-5b88-f72d-0d619d687292.eml:OECustomProperty cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3776 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\52c03506-a7da-5b88-f72d-0d619d687292.eml1⤵
- Modifies registry class
- NTFS ADS
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx