Resubmissions

30/10/2023, 12:29

231030-ppdctaeg32 3

30/10/2023, 10:24

231030-mfdacacc6z 3

Analysis

  • max time kernel
    138s
  • max time network
    267s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2023, 10:24

General

  • Target

    Document Purchase Order BNK-295980.msg

  • Size

    264KB

  • MD5

    616cf66aa84b76dbb575de88d65d6f80

  • SHA1

    aa1d299b0de6e195c5177815c08082fcf4b9962f

  • SHA256

    f7c753b43a9dd03a388e57237a14861e28db225e6c11ad3ea04a80143aad8a71

  • SHA512

    545223b66f33aa8c34dbf6b2371a6c4d34c3f52b291ab76c16f99521723b1106388047e3f6fd5c6ee66edd64e1d18f72bb579adf90b6e86e1c92489a0252df40

  • SSDEEP

    6144:Kh+EMdRduTOxCuTeg+kmpOUprp28qXwLx7UkaZCiFr9qUQl0rr:jRnxUr928FLxStDQl0rr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Document Purchase Order BNK-295980.msg"
    1⤵
    • Modifies registry class
    PID:3864
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Document Purchase Order BNK-295980.msg
      2⤵
        PID:952

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads