Overview

overview

5

Static

static

1

phish_aler....0.eml

windows7-x64

5

phish_aler....0.eml

windows10-2004-x64

3

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2023, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    phish_alert_sp2_2.0.0.0.eml

  • Size

    8KB

  • MD5

    9a84fdd3cddf477862e5511e62ff0868

  • SHA1

    524d21890241f79862ba6ffbd3fea0f443785310

  • SHA256

    f275ae8f79e23f56779559534a292f877725a43893dab8b8d1d9a872ef261a33

  • SHA512

    ed0e8cbf514970441a4e10b35fe766812dbb8632e0fecdb2a318bd097b4c4e6f7f63e5d69df7d34761ecc96a3d990273aeaa72f04e1ec24f6783564944ae244e

  • SSDEEP

    192:t108yXW7p1NQ6V500RT1Y4j7mfI5lrhPIOxG8t:t108yXW7pX9V500Nt7melF1G8t

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:1160
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads