Overview

overview

5

Static

static

1

Please sha...ck.eml

windows7-x64

5

Please sha...ck.eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Please share your feedback.eml

  • Size

    17KB

  • MD5

    29c6bc40c3c0e340048a59f201f0aac8

  • SHA1

    f43d62a94c9695c87394e2b21bb0e3c230396dac

  • SHA256

    7471520c96fb28215da011a8f363352897938e842612ad502bd52e1cc378b48b

  • SHA512

    4439021847840ac4eb4284d0d1dc8cde89fed928830c256d98b05b6d557f2097e0622f589f97c313ea6ca79a02120ca12a50d93848912b9a1d1f4a8eebebbae8

  • SSDEEP

    384:jnicgMphdMklI29dGrhaCus7Far2QH0DxB/1iwYFrlbHhWjg/c/qIAA1iG:NhdnzChXusR0200Dxjiwql7hag0iIA4/

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Please share your feedback.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    235KB

    MD5

    d8c7f73c86348063562d483c9db39f83

    SHA1

    aa9e9b3d36debc07d3bf1cc5699f2c80df480fca

    SHA256

    bb39fe332eb1838fefb137953ee21b0697d130d1a50b469525b490e8631cd895

    SHA512

    75c6b2feb412bc410235687a8062c33ac239257a2986fb7c3a9567d2573dea13dbb3b295fc6ac761632c573dc69d4c4b401d905fcc0d80af976cabb4f45df7cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    4e5d52250da6dcbc502e7b70b269bbf4

    SHA1

    df89b5e8eb396199bbc2867ddb5c20bd15987ec4

    SHA256

    38e2fc69c67917d02f4a464e40dbcea3721b002a14766e2fb46d568e6ba64487

    SHA512

    5a1640ca58eb9fcf273c5d2042fbd843730675aab6eb996554ca6cd54a00f7c9702fb6dd9e35796b5b496127623de5d8e2b8ee92ee30a0a2b923241e2a4ba90e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • memory/2332-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download