Overview

overview

7

Static

static

7

Email-Worm....a.exe

windows7-x64

7

Email-Worm....a.exe

windows10-2004-x64

7

Email-Worm...99.exe

windows7-x64

5

Email-Worm...99.exe

windows10-2004-x64

5

Email-Worm...OU.vbs

windows7-x64

1

Email-Worm...OU.vbs

windows10-2004-x64

1

Email-Worm/Jer.vbs

windows7-x64

1

Email-Worm/Jer.vbs

windows10-2004-x64

1

Email-Worm/Kiray.exe

windows7-x64

5

Email-Worm/Kiray.exe

windows10-2004-x64

7

Email-Worm/Klez.e.exe

windows7-x64

7

Email-Worm/Klez.e.exe

windows10-2004-x64

7

Email-Worm/Lacon.exe

windows7-x64

7

Email-Worm/Lacon.exe

windows10-2004-x64

7

Email-Worm....c.exe

windows7-x64

7

Email-Worm....c.exe

windows10-2004-x64

7

Email-Worm....d.exe

windows7-x64

7

Email-Worm....d.exe

windows10-2004-x64

7

Email-Worm...tr.exe

windows7-x64

1

Email-Worm...tr.exe

windows10-2004-x64

1

Email-Worm....a.exe

windows7-x64

5

Email-Worm....a.exe

windows10-2004-x64

5

Email-Worm/Mari.exe

windows7-x64

1

Email-Worm/Mari.exe

windows10-2004-x64

1

Email-Worm...en.exe

windows7-x64

1

Email-Worm...en.exe

windows10-2004-x64

1

Email-Worm/Merkur.exe

windows7-x64

5

Email-Worm/Merkur.exe

windows10-2004-x64

5

Email-Worm...ld.exe

windows7-x64

5

Email-Worm...ld.exe

windows10-2004-x64

1

Email-Worm....A.exe

windows7-x64

7

Email-Worm....A.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-03-2024 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Email-Worm/Maldal.a.exe

  • Size

    80KB

  • MD5

    cbcd34a252a7cf61250b0f7f1cba3382

  • SHA1

    152f224d66555dd49711754bf4e29a17f4706332

  • SHA256

    abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787

  • SHA512

    09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9

  • SSDEEP

    1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Email-Worm\Maldal.a.exe
    "C:\Users\Admin\AppData\Local\Temp\Email-Worm\Maldal.a.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:3028
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\Flopy.vbs"
      2⤵
        PID:3728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
        PID:3060

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Email-Worm\Sharoon 1.exe
        Filesize

        80KB

        MD5

        cbcd34a252a7cf61250b0f7f1cba3382

        SHA1

        152f224d66555dd49711754bf4e29a17f4706332

        SHA256

        abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787

        SHA512

        09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9

        Download Submit

      • C:\Windows\Flopy.vbs
        Filesize

        560B

        MD5

        24b79b368001cbe34074a2a5e67a2e06

        SHA1

        867a0ee94b5b2c8f54068e72de73eb819e3fa298

        SHA256

        19f27ae792655c4af7610272b5a05667d2d81e05a4d346abd5c35715d29e9900

        SHA512

        8debb8148a432cd4c906e42f5535513bd7828eb8461b0e54b7602e38c041a0421bd11c619ca7d9af8e1905cde3af27f11ba7ca220ef3b567caf48b62ebcbde3c

        Download Submit