Analysis

  • max time kernel
    115s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2023, 07:27

General

  • Target

    phish_alert_sp2_2.0.0.0.eml

  • Size

    8KB

  • MD5

    9a84fdd3cddf477862e5511e62ff0868

  • SHA1

    524d21890241f79862ba6ffbd3fea0f443785310

  • SHA256

    f275ae8f79e23f56779559534a292f877725a43893dab8b8d1d9a872ef261a33

  • SHA512

    ed0e8cbf514970441a4e10b35fe766812dbb8632e0fecdb2a318bd097b4c4e6f7f63e5d69df7d34761ecc96a3d990273aeaa72f04e1ec24f6783564944ae244e

  • SSDEEP

    192:t108yXW7p1NQ6V500RT1Y4j7mfI5lrhPIOxG8t:t108yXW7pX9V500Nt7melF1G8t

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2040-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB