Overview

overview

3

Static

static

1

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

open.gif

windows7-x64

1

open.gif

windows10-2004-x64

1

quarantine...go.png

windows7-x64

3

quarantine...go.png

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quarantine-notification-email-protection-logo.png

  • Size

    5KB

  • MD5

    41c956a66f5a549da0babb243a6a3b5b

  • SHA1

    ccb0b53971683d0be57634bc39cac32d51e59ee0

  • SHA256

    6aebcba38143ecdf51bb1c4c9f93b36766ef661635b662ec8ac829bdc37b8e6b

  • SHA512

    1ab41c0a08c81f7677a1abb0f2e0ae7ed0a2436dba00b5fb30f5c4f1cc8e869208ca569763f13fc31ad70d4e62edb95cb8c5517417bd77a810b026784315ea1d

  • SSDEEP

    96:pr7/ASjzM6usMxXbZYrlZllwh1kCVa/0tco3smULFj9D+UzAe:J7/AWLusMxrCrlrlTCy0b3snp9D+Uf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\quarantine-notification-email-protection-logo.png
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2192-0-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-1-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download