1f49cbe45a58ec27e848b1918cccb7fa704191cea0bf0419e02d9c7a7f80cf02

Analysis

max time kernel
297s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

phish_alert_sp2_2.0.0.0 (5).eml
Size

18KB
MD5

68c3e4c1f029a6c8b4821a485b257b74
SHA1

b381a721457ab002b2b441c2088ec7321d13e36d
SHA256

1f49cbe45a58ec27e848b1918cccb7fa704191cea0bf0419e02d9c7a7f80cf02
SHA512

d2a211f249b5fc2edb25b02732e2276c4d65cf32953bbbe73b846ae6e708cd2704b570c531de0e831b3ccb35c594515c5fa6aac20bc62bd8544d0028d4dead25
SSDEEP

384:Kx9CeF/h8wz42HPm3/ZroFlVvs9Yb7U7Nf0tJN:4/Wwz42HP6ron8Y87503N

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (5).eml:OECustomProperty	cmd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3796	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1752	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 (5).eml"
1⤵
- Modifies registry class
- NTFS ADS
PID:4976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4372

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
c388c94b115a7f271c5c33f6a22af43e

SHA1
5643c0bdbe7efbcc54b4480bc2e8753fef062056

SHA256
340515e3fbcbb97717232e34dd1aa22007334136510547b223315367873289ef

SHA512
42e16f196b6336024fc847b7d0d3a19509928a5c8538910f2043ac5462e23c08eca0a6a61de3eafb68ed0aa7d3ef5cdf29aa80a9371756fc6251b6fc5cc5a747

Download Submit
memory/3796-43-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-45-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-36-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-37-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-38-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-39-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-40-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-41-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-42-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-46-0x000001F971CA0000-0x000001F971CA1000-memory.dmp

Filesize
4KB

Download
memory/3796-35-0x000001F971F50000-0x000001F971F51000-memory.dmp

Filesize
4KB

Download
memory/3796-44-0x000001F971F70000-0x000001F971F71000-memory.dmp

Filesize
4KB

Download
memory/3796-3-0x000001F969960000-0x000001F969970000-memory.dmp

Filesize
64KB

Download
memory/3796-47-0x000001F971C90000-0x000001F971C91000-memory.dmp

Filesize
4KB

Download
memory/3796-49-0x000001F971CA0000-0x000001F971CA1000-memory.dmp

Filesize
4KB

Download
memory/3796-52-0x000001F971C90000-0x000001F971C91000-memory.dmp

Filesize
4KB

Download
memory/3796-55-0x000001F971BD0000-0x000001F971BD1000-memory.dmp

Filesize
4KB

Download
memory/3796-19-0x000001F969A60000-0x000001F969A70000-memory.dmp

Filesize
64KB

Download
memory/3796-67-0x000001F971DD0000-0x000001F971DD1000-memory.dmp

Filesize
4KB

Download
memory/3796-69-0x000001F971DE0000-0x000001F971DE1000-memory.dmp

Filesize
4KB

Download
memory/3796-70-0x000001F971DE0000-0x000001F971DE1000-memory.dmp

Filesize
4KB

Download
memory/3796-71-0x000001F971EF0000-0x000001F971EF1000-memory.dmp

Filesize
4KB

Download