c11b0d4c1534f9bd0ef963b2d88fc9b51fa2ef7a393d2c6f83cfb71470fa0c3f

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03-08-2023 13:03

Target

EXTERNAL_Sales_invoice_PO.4515498749-000100002000030.eml
Size

652KB
MD5

7acbd286e7167c819b294822f30e0d1a
SHA1

601b0d7f9f4fa55562d2700fa6f895406e42f9c8
SHA256

c11b0d4c1534f9bd0ef963b2d88fc9b51fa2ef7a393d2c6f83cfb71470fa0c3f
SHA512

af142bd7a78bfd70d8f6c4ef2cc77e329d9daf90f911596871a641e8b8a600e79f4538f8f5238cd4732ea63f79de026a7924b01507fdfeeae183f76807f79b4b
SSDEEP

12288:nipwgu0IbWLIJkQu7raNX243NAa4/7OjgS/SWt+QzAd0P+:FgyWLQuHaN9NAa4/qMS/T7+

Score

5^/10

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3060	OUTLOOK.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3060	OUTLOOK.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3060	OUTLOOK.EXE

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
2a0bfb273adf5b805cf7b2cfa41a20cd

SHA1
c4898b11b8537a28e01e4218188fc7c77c41d6a0

SHA256
5214aa34a69b93e7e72244fe7fff3162bac0f0916cf691694c53e4c05e5ba920

SHA512
e36a10a1fe1d2b254704c97d9e3093e479a7c0bfc338a0fd21cd90d82ab5c40a23928abe7d26e0e908918de583b0010d6b0e16d5488ed33695450af18547a749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
fdc7131ae3017b55fd732a1e7aed7cba

SHA1
d74e5f0d196fb8d234b8509455f430957bb01420

SHA256
63fc40821c21650631936849b495ec40f23d5568631ca94e1e2363c58d9e377d

SHA512
3b2d0957fdcc2a23de8aa7bbcf6f5f0f500f263d3d17db7af99d771fe036920e0ae8889b559140376882c3a78886312c6edc22298afe445a4f0165b2ac0d759c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
memory/3060-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3060-55-0x0000000073F6D000-0x0000000073F78000-memory.dmp

Filesize
44KB

Download
memory/3060-182-0x0000000073F6D000-0x0000000073F78000-memory.dmp

Filesize
44KB

Download