7d66e768ed6851b0e4f74c94b7b86c1d24ee779e89d7dfc0f51d12a135d6e9ce

Resubmissions

19/09/2023, 08:52

230919-ks2glaaa53 1

19/09/2023, 08:12

230919-j37kxshg95 5

19/09/2023, 08:09

230919-j2f2ksfg2z 5

Analysis

max time kernel
118s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

message_19092023_0822.eml
Size

264KB
MD5

8d82bea1223c77cd66405de356255369
SHA1

aaab8ca3020caa2cf519872b210310a74d478b5c
SHA256

7d66e768ed6851b0e4f74c94b7b86c1d24ee779e89d7dfc0f51d12a135d6e9ce
SHA512

93e0cc21c2505a6294a677c641e9f4e21f77572fe92f59324e985c25a3e602845a120745dc7b0faf4051fd5841c57916b24e84d99d9afee0d85817869964f3d1
SSDEEP

6144:GPOx5diCley+UZ1hJ5+k/dLVHquGkcf3o4wUTuV6jPmreQViwY3GJ/ym:GPOxFYy+UZTJ5+wsuGkcg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\message_19092023_0822.eml:OECustomProperty	cmd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4948	svchost.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\message_19092023_0822.eml
1⤵
- Modifies registry class
- NTFS ADS
PID:4816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4424

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
e07be9033cde63409dbf65b2d4f4d588

SHA1
0fce8df989841f52ae61b516f98d60baafe52d66

SHA256
326946704a3e126489948e890c612497e9a6c0e4aab8ed5938eee4bd19fd7585

SHA512
75b26bb15ffb479f4481462759e72013cb45a38813668b4ff5be101cf3d1a04afa8541f72be654b97083a7104aedf1951971c01e97f384639e572c85ba53ea78

Download Submit
memory/4948-43-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-45-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-36-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-37-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-38-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-39-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-40-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-41-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-42-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-46-0x000001F28B3F0000-0x000001F28B3F1000-memory.dmp

Filesize
4KB

Download
memory/4948-35-0x000001F28B7A0000-0x000001F28B7A1000-memory.dmp

Filesize
4KB

Download
memory/4948-44-0x000001F28B7D0000-0x000001F28B7D1000-memory.dmp

Filesize
4KB

Download
memory/4948-3-0x000001F2830B0000-0x000001F2830C0000-memory.dmp

Filesize
64KB

Download
memory/4948-47-0x000001F28B3E0000-0x000001F28B3E1000-memory.dmp

Filesize
4KB

Download
memory/4948-49-0x000001F28B3F0000-0x000001F28B3F1000-memory.dmp

Filesize
4KB

Download
memory/4948-52-0x000001F28B3E0000-0x000001F28B3E1000-memory.dmp

Filesize
4KB

Download
memory/4948-55-0x000001F28B320000-0x000001F28B321000-memory.dmp

Filesize
4KB

Download
memory/4948-19-0x000001F2831B0000-0x000001F2831C0000-memory.dmp

Filesize
64KB

Download
memory/4948-67-0x000001F28B520000-0x000001F28B521000-memory.dmp

Filesize
4KB

Download
memory/4948-69-0x000001F28B530000-0x000001F28B531000-memory.dmp

Filesize
4KB

Download
memory/4948-70-0x000001F28B530000-0x000001F28B531000-memory.dmp

Filesize
4KB

Download
memory/4948-71-0x000001F28B640000-0x000001F28B641000-memory.dmp

Filesize
4KB

Download