caebd7be776ca85681704f17ba7af64f663524da0649f85cb6480d2ffa27e4ad

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

164664 - Informamos que foi aberto um novo processo em seu nome.msg
Size

32KB
MD5

17b5c59392e9e32c3cf1f6f7c9a34152
SHA1

0c3aba44caff93f8123434fff66170fbc3764e1d
SHA256

caebd7be776ca85681704f17ba7af64f663524da0649f85cb6480d2ffa27e4ad
SHA512

086bba2f9958f12583d3ffcc6330a048ade0736fd48d51855d34bba11545fdb3e064b4fd00b729df1bae8826f43c9848cb38b9197f8b576fe5a9fb02e1c375e5
SSDEEP

768:OyjBUjB5PkGNwrLF8/3PR2ywlwzG1pHLuz89Vss7h7zvzwo//5:rjBUjBqGNwfGBFwlkq489V77h7zvzn/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 606ca0319c75da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60EA8821-E18F-11EE-8F4C-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416533512"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000fddb2597dbe90edd125bd90706b5d19904c9b259f7691814dbe4abcd04fdb871000000000e8000000002000020000000ae760aced935d719d91f4aca43ee871aa489d0463f80e12c267edf1989a978f3200000002379ae64c0778f0cf9750b9f15e361d39be9f0090d46e420307f6effb50160a540000000edc124edbf60bf5a1ff680146344a05d2a2761648d7a471f441292650e0c64fbf4550c495e3d1cd1d5893032f0ed75fcac651008a4a6bba5408feb44e18b9404	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b7f93b9c75da01	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler\ = "{42042206-2D85-11D3-8CFF-005004838597}"	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\""	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	OUTLOOK.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	OUTLOOK.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2752	OUTLOOK.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2752	OUTLOOK.EXE
1052	iexplore.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
2752	OUTLOOK.EXE
1052	iexplore.exe
1052	iexplore.exe
836	IEXPLORE.EXE
836	IEXPLORE.EXE
2752	OUTLOOK.EXE
836	IEXPLORE.EXE
836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 1052	2752	OUTLOOK.EXE	31
PID 2752 wrote to memory of 1052	2752	OUTLOOK.EXE	31
PID 2752 wrote to memory of 1052	2752	OUTLOOK.EXE	31
PID 2752 wrote to memory of 1052	2752	OUTLOOK.EXE	31
PID 1052 wrote to memory of 836	1052	iexplore.exe	32
PID 1052 wrote to memory of 836	1052	iexplore.exe	32
PID 1052 wrote to memory of 836	1052	iexplore.exe	32
PID 1052 wrote to memory of 836	1052	iexplore.exe	32

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\164664 - Informamos que foi aberto um novo processo em seu nome.msg"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://53.28.223.35.bc.googleusercontent.com/38166352.2024.2788515/PROCESSO_ATIVO_42511.94818733714.2024.467899.9316554.6111566
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1052 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2813987048a07754c7f14fa605afb047

SHA1
97645c2aad0e93b7ff876552aefe438a2f6e213f

SHA256
1f079d38e51ac86be611e619426fdc924c409521b9a108b156b5ede79a332311

SHA512
ee36673fb27e434b1d52814ac587e9b97390ca6424b35d2b92d11f07ec9ce8854c7713bbcfd443a8161dcf31bf2b525767bd1f71f30570aacc379ed439cc2b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5d014b656d0d1ff5383bc9896c64c36

SHA1
c917ef65e71d6fed0549d083b20da6b74f7fabde

SHA256
799d09b3a46976e5d08c59b8b2a6c64975a9c8ed02a48e75cf0d57fa94d29aaf

SHA512
07b5a51601311259558b6b63fae6caab6658c218706442128cf553ac5df8f0c5bf32235ae6b3768a7815bed20628fdedc6a8e28e923c75dd0418aaa6b46a0a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7144ba04462abe8d736898f34ba1c853

SHA1
a96015402dbe7fa747563bda7b4255ab34d5da32

SHA256
d3e80b8efd11e2b8056b790e34415b3f9cbc7ebafaaa1e79481aa26c0af3821a

SHA512
3ad02a0ceab26a49b036d25ba03f0763bf60b6c9c4a3b3beef0ee9e8a08d53b2a1c6b07e63ac16ce35da43d478a7391221397bc9993f9b03f80ddedf0c7c363d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2d0224cb18eacf2047f304e26bd2f92

SHA1
dfcf4cab0493ef4a85d41bf14d5777ee805af709

SHA256
1c12f053e0030da0c212f6f98736dcca41406dd5ed5cc316bd6493db9ec3a68f

SHA512
b0d1cf51d6ec16f4650e04731ccf895e554308785ea2ec504cb7d7e10c4d15d6f24022bcb33ac524b71299188d9251ad1dd0367bf5f03bd36f4c5054fff1f464

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51d0f03de5df7d1435757cbf138b8f38

SHA1
c5b970692cede7a97536d4b5b73a22176adab731

SHA256
f5731ab4bd216d401d56ef59f1bbee3539e3e6f9e2c183bf6d3faf3dc41f7ea1

SHA512
726523db892c28d89ad27ba0cf2169893f62217f5bd6c61e500eeaf329180530d145ae88ffeb81c2ecc7514f724a07ec1ed2bcaec4a8c73bd08fad9752add9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b44b476302d6f2ca4b07b763dc668f88

SHA1
a1a43430691c6ba8af1476be949c27a29f56aad8

SHA256
ccdd7709f4c43d54129259fafe8a0dec647a2b24fcf6fb5e2b6287c6762cbb78

SHA512
4e1aa168c24a5cb3dc866fb493b711fa3ee4f00611efd1f2cc397a421233c84e5454bbfe0915c0d0ba39a3ae804e865618b2b3f05d35f82beeff1e00622837d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
638d1979d84532bb9260f3bf88edaf0f

SHA1
7821cf08e778a5ee37d7bf7177e684fec39a2cd1

SHA256
1e544e9524c971136aaa6d4878282f717db36d19944b7d1d0a18045797b51b60

SHA512
84fad4d8ab225f4844994c63257cb51a37de0084fd3b4b60fbf6f53de701b532095c0f5fed388fc8992bc548989e4c9408631a3ef21cfe91d005a7a1b5ea0076

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
085fcdfa5e78a6fb49215768e8a1c20f

SHA1
bc2082c347e8a41286945a0e2f6fc2d8dfbcdfc8

SHA256
77177880b98f5d9a1bc48a49413e4aaff70262ef1e97ef91ae4f5e69b8950b68

SHA512
0d78f06fc53f03a8bb22c360e24ad00a8ce36d0b6ecf62e37cd76bb33880e818893d0de4a7f545c09e27276f3cb33e38d1733e39f1fdf5afff2eee2cd38c59c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33b4e67b12216933d44a29a4f0002c6a

SHA1
8de7a4509cd5d6d15133708fd25ae1138652955b

SHA256
01fdc2b5f57499c64e4c0d5733bf1f88bcb03e44fc6a6d905bb2c6d814e3704d

SHA512
31ce44f664043007734d64e37bd6aef19090bc0349fd0e96106539700551ae5f6e19074bbbc7c8cd33516f8ed276bf72a54320b03b9d04bb7fe6c0ea2dc8e4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8be63bf602ef4f5560ec41b6c51d6401

SHA1
d46ca3db054851e5aebf730e3dff3e2e6b927a67

SHA256
12ddfcfe98b43e75327325e1d81373c0fe0c028085bb72629163842207d42b40

SHA512
8dec425fc1fdbbbafeced56fc2a078fe51a68c7bb6f7862e0c5bc0c4c34b4b26cb902cb852e01062ee0a00714d96a751bd17a07538ea0656e06dc09c4f25d76e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
096bfc1d9ca1abecf9a2f919cfef7f83

SHA1
f0356b9770dda5fed33d4b256cd5f4c6b32b6bdb

SHA256
e33442b71aca30bb958783b93ea7356abdb984a9d7e2877118f49a8691a23fdf

SHA512
671acd271f65dc41fa7c2a27535e03363f451357306147b22ed33142dd18e53b01cd559efe1c63cc569a925a94057b7b6b6a6a3a1d34af8551c923895637883b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
615af6a70555abf6b6665f0a083f4cce

SHA1
d5db17e3dd38598dc64465c4be423731152323dc

SHA256
4ec379c04d19f013875e25d51e365275eb1565d844b5e94f50a40c4f713a46e1

SHA512
51d796be83d914299b64826ed4806074d7aed2ea428ff9dbc0294ee77ac6a3e363100b29601fe845c4f4579fed25e32aeca73e4f317d807acbc0aba03db4e4cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bb8fae6efb4d69cb73f53055457dee2

SHA1
f294089e80710caabbd66a5dec3d3a0b0ec1799a

SHA256
15c5f5fad7513d7af00c8ddc7ca0b1fb2934e613e7430d0a6c4910d0b1a8b1cd

SHA512
27ef7f51ce0811ef7afd4e3f3eb52091b258a52ff9b57e56d970c0e9c8c383c847b8eaad74e31183abc764d854b997c2eb24561575dc1701c9a64381d87961ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
061c9f85b1ef986e1f77322a40a4f988

SHA1
5d8ac9a692e295b9ea71213f60d37305534a33b0

SHA256
475def2496f9a7224220f5b38dc8a7e160c57638aa2d651702a2febc4c9af531

SHA512
1ed690fece07b305f0c35eb93c510a8f003381c589a1ffcc15bd26c845ecf7dfa39915804ac76571d6e7557a75ab785596b155e6b6a6d827afa28acbc88fe8d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11b963873fcfa24346a084c580121c50

SHA1
da38d9cfd13da1450146aecc9c77295430a42ded

SHA256
60593e9cc632434be896f6544107c0ed3801da3635bcfbaf0fbab8671fccb42c

SHA512
595baa4d4454b7f7ff06534a8d62edc627015c02dafdc1a338cd026ef24c526c0138b0bf22e5a05a781c25649f6c4eb058badc64605af4114ede519dd8d5571b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a58880fde39f369c590c12a46ff5f757

SHA1
d14a1a78e3af38841b4e9db6a8ee9032577fe8eb

SHA256
688e696a328c2aa7b2a4769c63b2aa304e9409079fc101d60027e282348c6fb3

SHA512
9368827508ed5aac8dfa2efb1c2699b38c1e31c9756896c9e3429236bf4a2934a98d42a18189f924497bee2a9d5eba11a8659cfeed8eb9038550cd3e4df3abd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
762acf7af634f569e4f29e76762305d7

SHA1
93a120f5f89f7a248231b90b21d1e3f15ff4fe79

SHA256
a89c28e882b7aade417ab381baf0901830e25285a74abb24d75eebfad285bf35

SHA512
7d2dacc0acc3c86d1413c9d6dae068e6b14a478608183536e24252dfb45a88eca858146b34396a2de647896a40447e7a1805c149b1bcce3ace1e80d028c9ce62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbef5b56c508685cbad7f7cf9f12d003

SHA1
e5907a57cfe1d7edd0a6db3024526bbb78ebe3fe

SHA256
9a0c3cbf6877936b65766ad6e138589a19765e0e8a4e544c0e44a777c6f16718

SHA512
4a092a848a0aa6b87cadb8fc593475133a7616f8afc971116daa48f751d1ad702288ebbf70a24ae8410801304090b0ad068a5b1392dc3d87fbe95cb799bc6b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dadde9fa2fd0898d32a107c11993d862

SHA1
4d27409750292a36bf1f28c036bdaecc0e881cf8

SHA256
665ec960189e412faa630623cef40322fbb6ea43de6f438fd757093db9ffebab

SHA512
8e413398ee149a28ef2e3a7758704bfe942e94797876b0f5d78879126ee17b87f451ee432e9e3af2e7f950c347b821ece448de5f6acae0ccea6a34de3303a86e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dac7419431c2a321dd59485aa64aeb65

SHA1
b2d61614ba4d2a53fc3c04757c6264119c325c80

SHA256
1b07d6789ace2aa99c91460cdda76f8f6f39762b942d3ff33e5a49eca961b9ee

SHA512
2860f61d0662df2ef9452db419dc81cad0171155672936779bad6a41e5dc219b5bbfe1cbfde03b6e71b1d9f698c2426849556fe1f10be5cd060053abe11d71ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eda3b2bf455ce62b47b1223afca8b14

SHA1
4ac494631716a3017f980110536365becf3ff2b9

SHA256
006cc46d930f7579d2b958fb3d7b3bb20bb19183f33e89e8ca892ed93ba1ffcf

SHA512
51b91926fa8a1d45cbfd29f6ff3f3329dd4f83e4e004cacafe8890e191c7665316b68d9ca81280dc9ee0dc0a926a9730747801b6e5c545c541745875c56e33c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a4e0f4c783853c10bd1178204ac26a6

SHA1
648d861562caf9fd4d3b2481f5b22098be074a20

SHA256
0c14db6945422e070f4938972f06da9a586ac26833a279817919bddc7a8ce67b

SHA512
66aef50b6fb617fd4079614b6cd086cd871ad734c2a3676554b694ed0948d0ddf43e77b6183da23297559dce9a45cbef246597650fa1e9bfb3057bee2f2531b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09151de9be78e1d67a6f07faf62795c9

SHA1
152d07bd6f22624fca62ddbc9eea16fdf8bfb7f5

SHA256
5e9e6155445ea33218a36deb69c6369c51ca4ba485c1ca2d810c05c261640d80

SHA512
1f3cbf023760b69b0f997c9c7b2b22486bd42b02f4b7b2353851fc6376846d1d1ca127cfa4eed6079a46ab1d3c8d0181733956a91838d60bbe5d1fdd4b03fd1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e68eb7c3055b740250af74e10a9f23c9

SHA1
0c4562b2e9b56a01f701406dbb370cafac467a0c

SHA256
ed4c0537460d48194b8eb8dfb7e58a5e2fff6c32daedd48b28aaa0f164ef1be3

SHA512
9a5c6a007cc4222b390c525e67f0d9a48722550c9cfbaddea49b2ade53dffdb2f2e19786e696e8187d0e8f5cf5c878b3b360d5ac12aa9f69dfa79b012ba2a8c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4284a86b2aab664e9173b9709878b31d

SHA1
818686736b738240a712ab99795884f291d1bdd7

SHA256
38e11def8f21407060f371a72fc1d193cefe352db26d0d10f30b370d62eec2d4

SHA512
243191eb54434ebc233f8c633891d4b8aac6fedea54657472370d23ec9fc9072503ddb5dc6a04a5590a08813058b3832265b4d0ea6fe207ad60fdd44518629c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b891d4d790b7923357b46d71bf4361e9

SHA1
d9742d41ac598029ecc69df15b0a2b29adff70b1

SHA256
d0f59503862c50fb30c07b3d7556f81006e97767d7b1c2e333e245659bc9fe4d

SHA512
6259c7be24613c8a607fe37a7ec9ca2c246e040554354a2703b2124832165a573a4da15701124896af25174c798ac597ac2fb2e07fc972e0c95bf12e435979bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d52c09d965aa3927fe3a57fa49f3e89a

SHA1
81175deedbee92b9f16939f312582ebfb9090e12

SHA256
8501596581aa856ef7e4be2a647cab9990b8f6978bf9a2aa863827ed6c677486

SHA512
ae875c1927792dca6c4fe9602dff2bb54be1c8c95c2bae883339104be93524298af4baaf967b34e8ca13174de15bfeb3ef8861cb65ff35d0ddbbb886cb6b16ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b36778bdf543d4e84ea8241a36505d3

SHA1
557150ee647162feb3c398269f7702d4e25b9b0b

SHA256
1b68c327636ac7a17a62729e45acc102326c94c631c46f9d75139ed68bd27be2

SHA512
58d3e0fb0308f59d42e4aa146dc783fef44e5fb4738de8d55c96d41f3e715fc255a80013cc0c20fdf22b160977bcc83482bfc28b10da5017eab8fc1ffa53d2d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98641bc9ae6f978f78c02fce8f38d927

SHA1
767d235c3e3f8cae58f113b814e0b47e554ccce6

SHA256
7dd5a6afeae2d452cdcb3585ff0b387187a7324354d8fbfacceef40f63290efd

SHA512
28280811c69f567df1e5dd06eca2ba2fb5f7b3b8f5143adb0fc59924f0dfe68a1dd9f5fcac9a4832f5009080d783593a110c361eec916c54d6f72e4ec14ebda0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
538e3f001c3100ae0fa0db1fb5346e46

SHA1
3a9c5253cff0a8607bbe51823fb3d93500f072a2

SHA256
17622bf2d8e9831612c3bcd3807c4a17120178a92b13b7200c92d4b953aa838a

SHA512
32c2e708da0ae9f3c28460277d56bd307a475e3283b48674d3978a1bf2cdd5adb10de74b4ff289b636e11c4172dbc70293558e207fd8544b865409072a17ecba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a75824a64a3859b2654a957b80bfcf40

SHA1
3187716a6437778421896152f4c56b7627e991ad

SHA256
48374a89ab9beb424372ff559ed1371c576bd17b63f973856d443e41e28f0539

SHA512
869f264ce2a6cef9b4d4f0bbe21041b2df2b1d7310d947826636b15aeb002c5c2785a633a8cc7f327a91039236a558b3ec35eb9b5724d3b3ac032f841e4df539

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d5441b3ecf28617a11a747bc62185eb

SHA1
203bc1e0316ab543c837e5714a2a1bc62c1f1f06

SHA256
ece7329f016859cfdddadd0033050d0231dd4e7dc132e47113a92d0077381351

SHA512
78f89e40fdf187c5c18bc974fccf31b72d00a35d58a8fff80351c845d86877078dd5452465cbdeab928f85c15c0e49c66528ab0667ffaadd7993ddc6335533a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19a5065a5f7e7a4f94c0d076f432f8d5

SHA1
0b1dee3e1bd08ef88ece3b86b07b6b0e3bb819af

SHA256
aee2789aed50ec5d675f3e1fbf311dc239830cbf2de13b767d4b0218e74acdd6

SHA512
e9a53a1f2769ffb8aefc07eb5eb0d7646d964e05a61e272b4b8dc5ac2694b9fd78dfe17678328b7a8e4c069979373fadc6f1ccfcda91e523d9346824763da776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c2fec9de09e1268567c3450cba70cdb

SHA1
a8acd184840c9014edc7189e330d6a258679273d

SHA256
288ed36a9ca9035487396f0db858d2b696ac3639e92035b82a73fac2a54a5b21

SHA512
c41834cd3086fccd2d981c212efffa1274e2b6e11b9d1ebfbcbdac874e6e576cd3ff31b66ee8fdd39d19cbf583af96dd8a1bc0d14e7235da056e2a54f3cf9253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c551ec0611d8b7ad600329039c4acf0f

SHA1
e96e5706ac63eba6a4da329931703e9e8e3ec218

SHA256
9c268f2c8a1a9bf89bc63e0db20d691dcaa558eb7deb553d87c635e59f03a9a9

SHA512
c7bd45ee764b6dd5e3e3ab7e15200ffb7ad243158d692c4248eaae54429daa8caf897ad1f140bfcc1d43068fed6e4b7774dcbcdb3a02f4ec846a33c67d37037e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3c2ecaf76b39a7c320ce5231b369c8f

SHA1
2d67969e459737650443a99fd90c5618888c715b

SHA256
3d6a96741e27d96173ef26472af8b459c1c2ecabbcbeb062cdba1160638d8f76

SHA512
2223db47d46ce5d87de18b434823fa219d0c3fe74069297a254eb635e07ea56e90ed0d15469be2b726d29aacae389c7da7a1dd9d8359f252113f3ab4308b775d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38a7294669371a1c27df51a56cde166e

SHA1
48b8947a23dad95cea536eff8ee821208a2cf6d9

SHA256
053d838162acef214d058d3bdbc29bae0956924ba648263de4a3a3f3898e0175

SHA512
93a8e77f8ea26c178c4c0bb0abd3c921907e03e64bc54cbf46cb32349bf710d72fc4ea3ae488085164130b9d7095d9675e199594bf752a12469518ebd68cd566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bad7638769efb8e2be543c016dc25de7

SHA1
78cb0ec2a95d93011922fb147134f8359a29899c

SHA256
b5a3b93cfd30be4078614bbb9afd45342b3b86b06697ff53dbc9b7ac609c7db7

SHA512
80f01a9dc89731e02f9749bcd0498b5e8f05f39c48357717c9b330cba7c5338faadd158fcf5bc95376ad457319837e0fe9c7d65981146e9d0dc38c07609e6031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db413e033b6e4fcef83237239811270a

SHA1
0410cd3791d1ee08e53605717261c04e68a14804

SHA256
cb69c285220181ac8ebea77227841ff347c7ce6c2709fcda971f77488bf0603f

SHA512
5a3f327818d7dc02eaa7804d499d2215d0830c80decbea4a5300c0acb02fdd7354487abef28405778bf6fc58b82e2d836146093f22d273f53f33616d1333d3f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5982ceadf5c08bb5235731812bd2a8e

SHA1
42a2a85d5e114b36b828fb0a3939922e796bd23a

SHA256
999c521a1467caa39739ab012141ad8cd615529d69ab651cb8745fa71f77d05f

SHA512
ea3730058994964459ac5cc8ffe104193463253ea5e5cf4bb9f58c9c807b70ef41236aedd60d23509a0339401356788698206aa9dcdb0110d2604760ba019857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
f916b5c26035873d0e05df57f2998f97

SHA1
d9beec2bea9c839c0d0fd7a006664493fae1ebd3

SHA256
94c0f87ff66ebc7889a7f491f81a34ff0a947fe479603acda7c8427670421c23

SHA512
a9c03f28a700a92bc0b10f223d1e88883a7bafaf88e970677247294811bd0b6bc07985eefbaab09a5f72a89cbb97db3f30749e022e7e21ab5d4eddc5d2cc6a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
235KB

MD5
57c87137fdd1962300946ee4869e3f98

SHA1
d9d26a03153105ad03afe7039a8e5b92a5b9d6fe

SHA256
526191d72f771de9e285a62f6c02cae5a0eb067e51176cdd46c81b5960af0896

SHA512
8cc4651ac17ed6d35a519dfeed6e4d624f73f92f6bf6cf333ac223c37ed0e97337f5db992db283862f1d78ae45e335d80cce5c0c93062ad350fe26e47221ed4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC9C6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCC0F.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\{885F9325-0C83-4EB9-9340-5F73ADA89740}.html

Filesize
6KB

MD5
adf3db405fe75820ba7ddc92dc3c54fb

SHA1
af664360e136fd5af829fd7f297eb493a2928d60

SHA256
4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

SHA512
69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2752-162-0x000000006A081000-0x000000006A082000-memory.dmp

Filesize
4KB

Download
memory/2752-193-0x0000000073FCD000-0x0000000073FD8000-memory.dmp

Filesize
44KB

Download
memory/2752-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2752-1-0x0000000073FCD000-0x0000000073FD8000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads