Analysis

  • max time kernel
    477s
  • max time network
    360s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:32

General

  • Target

    a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml

  • Size

    35KB

  • MD5

    0bdf90c601459a55b436af24ff96fdf3

  • SHA1

    b751e92a160249e8743ade1f79d572803b3d57bc

  • SHA256

    59c34ab10c3ed2f66543503c63df63cc7afa45bdd867c37a2281eb363116fa22

  • SHA512

    15a52816937b41a92c05986c2d6b98d3d545b6fc8d15486c9535cc2d80a1b5a556f3263a3a2f3fe5a432833afd2abca1710fc3449566e50f90c6de67de7c530e

  • SSDEEP

    768:zk08a88PqsrXQ0uhx6V6UaFSC9CJClCcCCNZ:zkO88P9+hYdSZ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    240KB

    MD5

    05f4c38631980fb366798b274bae9a77

    SHA1

    32b074485d1e13e580e780c96eac91c1ff502662

    SHA256

    2e8fbd5ebb7407aaeebf61f08a20eb38bd66b42059c26a63e8ca3dec42e19336

    SHA512

    27fd6456317d4defc0d7173bdbc6d7693ddc039969eaedde7de966475760b9531c7d9dcf227ddbcb2db4084719aa76b511e85a15dd334d48e7dfaa6b3bca0ef3

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    235KB

    MD5

    47948ff650ad2532d9c4b57d06194b43

    SHA1

    6e997648dc0bbf61398e6708e6df511e6d43a0e3

    SHA256

    3a89ea50c9c4fbd23ce14f5f61d0c750edc64ccef5f11c192384c3edd102bc20

    SHA512

    16af7176196cf71d14fafe79a56c9811b3ed312fa691e26970f31eaae3ccd351335f11af982bd2ce9bfd0b7eba220c88d6f736c3528f5db23d588ef3dc132e8f

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    235KB

    MD5

    73dfc030c11041ce48a970b8e0cca999

    SHA1

    f1d7d453adc5956472dd02da19cf73837949a36e

    SHA256

    13cee8455b8739b34601d110a92f739a2da7a8b2484bacd61baa0e18c6945a90

    SHA512

    fce0e364ffeca5c66f8aa913006341c37cefbc0b976897eebe3f8a50379dedce3c5133298f1ee078288b26c4c30fa3ec94a149e01b1e0c30dce5f7c8c41e06dc

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    240KB

    MD5

    f7a124ee31c6065d5808947d2af91934

    SHA1

    cc917cf3cf4c36ce6e6c777ea6612fc0a42fb5ec

    SHA256

    dde0afa274f543a966c4a013280799b922b68965d2e2518c79e85d0f3b62fdb4

    SHA512

    6df485d70a3e3e2763f7668b7f2def8adc2239dfe39df08881584973d5263fd75a6639b04b3bc930d815fdeff798544881b998467cdd17433a84e644662bd3e6

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

  • C:\Users\Admin\AppData\Local\Temp\{E9A09C70-D3F1-4915-AF88-DC722C2048C3}.html

    Filesize

    6KB

    MD5

    adf3db405fe75820ba7ddc92dc3c54fb

    SHA1

    af664360e136fd5af829fd7f297eb493a2928d60

    SHA256

    4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

    SHA512

    69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

  • memory/1516-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1516-1-0x0000000073BDD000-0x0000000073BE8000-memory.dmp

    Filesize

    44KB

  • memory/1516-142-0x0000000073BDD000-0x0000000073BE8000-memory.dmp

    Filesize

    44KB

  • memory/1516-163-0x0000000069C11000-0x0000000069C12000-memory.dmp

    Filesize

    4KB