Overview

overview

5

Static

static

1

triage-rep...du.zip

windows7-x64

1

triage-rep...du.zip

windows10-2004-x64

1

triage-rep...05.png

windows7-x64

3

triage-rep...05.png

windows10-2004-x64

3

triage-rep...y.html

windows7-x64

1

triage-rep...y.html

windows10-2004-x64

1

triage-rep...rs.eml

windows7-x64

5

triage-rep...rs.eml

windows10-2004-x64

3

triage-rep...al.eml

windows7-x64

5

triage-rep...al.eml

windows10-2004-x64

3

triage-rep...aw.eml

windows7-x64

5

triage-rep...aw.eml

windows10-2004-x64

3

triage-rep...ls.txt

windows7-x64

1

triage-rep...ls.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    triage-report_14290-jt04_AT_txstate_edu/original.eml

  • Size

    69KB

  • MD5

    37525f35aae730767900e07641538c3c

  • SHA1

    5c6efb81cd65069c6e769e5f566a220a689cd321

  • SHA256

    1f8cc0b1987abb47e59f7b0ad26345716dfcfd42519b6289c5b6dd9eb7e36b07

  • SHA512

    d0d49dcae0ce8aac76abfa4151f269779b5e366c1688fb39d88a3c64541256b8eb4f17889c12bb5386287af9171c95dbd793c2fe3d5775e868f327bd1ffd850a

  • SSDEEP

    1536:nNbP4LkF4Lnwf2pFQl663HnvpYjAJ+BS0rGgKv/k:nlQ4swOpCjhYjAX0rGggs

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\triage-report_14290-jt04_AT_txstate_edu\original.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    235KB

    MD5

    26cccee235affdd6e421cc0021f6f2e9

    SHA1

    1314e637fe10dc67e11c4e0cd6060f011dc4d324

    SHA256

    c6c1c5e649d5e9abd14524104b3b4823be6cebd8c830d62e93b8378a5d3f664e

    SHA512

    a3f2611f8a588ea3c97d1a643323e0f4f11461861ff951f5ac20f21a5925ac44b054c02577a0271139499e59bc32d48e9203b635e959c2595480f6452b6673e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    b4b7c43f7e78e36996eacdb3e7f6ec96

    SHA1

    dbcdb2b1c8cef702336e8e3acdd55bb44e58e828

    SHA256

    8417e94c63fa8ccad391f722b97148f38d523ae78056c31a68675d32445c6678

    SHA512

    31293a59bc69509644b0cccd7be34d0f03ceff124c6d6adff2417483adfd8cf5ef5eedc0a47a297fbbb80e9a0b36ebc7afe9014d24c4d02fd3723ebe511deef3

    Download Submit

  • memory/1900-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1900-1-0x0000000073B4D000-0x0000000073B58000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1900-124-0x0000000073B4D000-0x0000000073B58000-memory.dmp

    Filesize

    44KB

    Download