Overview

overview

7

Static

static

1

newhotmail.zip

windows7-x64

1

newhotmail.zip

windows10-2004-x64

1

newhotmail..._store

windows7-x64

3

newhotmail..._store

windows10-2004-x64

3

newhotmail...rs.php

windows7-x64

3

newhotmail...rs.php

windows10-2004-x64

3

newhotmail..._store

windows7-x64

3

newhotmail..._store

windows10-2004-x64

3

newhotmail...es.css

windows7-x64

3

newhotmail...es.css

windows10-2004-x64

7

newhotmail...s2.css

windows7-x64

3

newhotmail...s2.css

windows10-2004-x64

7

newhotmail..._store

windows7-x64

3

newhotmail..._store

windows10-2004-x64

3

newhotmail...il.png

windows7-x64

3

newhotmail...il.png

windows10-2004-x64

3

newhotmail...on.ico

windows7-x64

3

newhotmail...on.ico

windows10-2004-x64

3

newhotmail...go.png

windows7-x64

3

newhotmail...go.png

windows10-2004-x64

3

newhotmail...ne.png

windows7-x64

3

newhotmail...ne.png

windows10-2004-x64

3

newhotmail...er.gif

windows7-x64

1

newhotmail...er.gif

windows10-2004-x64

1

newhotmail...ex.php

windows7-x64

3

newhotmail...ex.php

windows10-2004-x64

3

newhotmail...og.php

windows7-x64

3

newhotmail...og.php

windows10-2004-x64

3

newhotmail...ng.php

windows7-x64

3

newhotmail...ng.php

windows10-2004-x64

3

newhotmail...e2.php

windows7-x64

3

newhotmail...e2.php

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2023 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    newhotmail/hotmail/css/styles.css

  • Size

    1KB

  • MD5

    ff2e2bbf0a5b2be28dcd2be9e138f2c2

  • SHA1

    4371c8fed104ac9467f261792a302d5e20f0df9e

  • SHA256

    27732da9086f732dfbe7ed9dc94da532b413cf0565b2b11afcd8b09208bff464

  • SHA512

    c1a0d2139f016b44ca12a80d22b01e67fbfb684f8fa49c69b18db1891cd1f8d8a2b87d4a22a8e5ced553300c5248eaa914fd06cb667650dcf639a494330ef50b

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\newhotmail\hotmail\css\styles.css
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\newhotmail\hotmail\css\styles.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads