Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 18:30
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
email-html-1.html
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
email-html-1.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
newsletter.png
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
newsletter.png
Resource
win10v2004-20230220-en
General
-
Target
newsletter.png
-
Size
34KB
-
MD5
8d0418f62008ad5fad19779902aca7ce
-
SHA1
45c51ef73455dd3eba3a7529e175f846a58b3de1
-
SHA256
30b9bfcab3bb0e0ab3f2790ee5f858a0ed608cd846da9bcff732fb74884a7265
-
SHA512
d57467b53f7d3bc1fc69646f04e439d26638aa62f2591ccfa30d6c09bf7d6fbd30c732f0459605878a1277c001958cb3be2b335876cb9db76ba0a2054db7f9dd
-
SSDEEP
384:jz61PTSvZ7IIPHfXdqO2vxLk80l4hEXzFKIr0MOyVUqn0Lygg/N0vFGrJCMyX5/H:P61EZ0EH/dT2Klb5KI7acIANBFS/H
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1728 rundll32.exe