Analysis
-
max time kernel
93s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-01-2024 16:20
Static task
static1
Behavioral task
behavioral1
Sample
2 Days To Go!!!!!! Win a Tesla Model!! Drawing Thursday Night!!!.msg
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
2 Days To Go!!!!!! Win a Tesla Model!! Drawing Thursday Night!!!.msg
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
2 Days To Go!!!!!! Win a Tesla Model!! Drawing Thursday Night!!!.msg
-
Size
167KB
-
MD5
65bd8f777059af5f9ad745fd33c20e56
-
SHA1
900d0fcc2098b3bac81787b77f0300d56abbbc24
-
SHA256
e3062dad0a52f7f0cad5270f404c1b3d0deff96eb7fbddf19fea75fbbd42d6ac
-
SHA512
b61760625a4c32237ce0578d4c66a53bc88ca65f619a838b4e08fb8952a1caa73e9d9aaea7d61b33e966a67c173636f58cb8855a1cf35e2b2e25cd528da4992b
-
SSDEEP
1536:Gg1kbWkWnBDei+PE0pBHWRWiKw73BByWiFLJcLt95QSVtCa6S03B3:b1kiE3sg+BByWSJcLt9JqZSUB3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 560 OpenWith.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe 560 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2 Days To Go!!!!!! Win a Tesla Model!! Drawing Thursday Night!!!.msg"1⤵
- Modifies registry class
PID:3440
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:560