Overview

overview

6

Static

static

1

Attached P...ml.msg

windows7-x64

6

Attached P...ml.msg

windows10-2004-x64

3

image001.png

windows7-x64

3

image001.png

windows10-2004-x64

3

Resubmissions

06/07/2023, 12:19

230706-pg5r4aag76 6

06/07/2023, 12:15

230706-pe675sca9v 5

06/07/2023, 10:40

230706-mqjj4sbd6y 6

Analysis

  • max time kernel
    427s
  • max time network
    1150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2023, 12:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Attached PDF Document for payment.eml.msg

  • Size

    267KB

  • MD5

    0e62842002cc098362e51d5aa8561d02

  • SHA1

    d3eb329b973be91f28ca5f1f51ec2b242c5a044e

  • SHA256

    80dad38de1680b4eac876d909986ca1bab122f1df14a3a3f7484de96ee315101

  • SHA512

    32e1ffca1185c21aff78eae20f6ad6afe741f50d6beab46d3d1ac54e64a2e411b0c43a1ec27d7e1731276deed363038eda7017e285b7d4e7f38039f187611029

  • SSDEEP

    6144:LmaRdm0Pw5LQbeTsHs0BzfwsaGxzOJUDmUkWON/hfnNgPh53CsoCjh:vm0IgBTwsa6zOJUDmUk1N/NnNgFoC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Attached PDF Document for payment.eml.msg"
    1⤵
    • Modifies registry class
    PID:2604
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1804

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads