Overview

overview

10

Static

static

3

16024396335.zip

windows7-x64

1

16024396335.zip

windows10-2004-x64

1

d57d6ee71d...a7.msg

windows7-x64

5

d57d6ee71d...a7.msg

windows10-2004-x64

3

shipping d...ts.zip

windows7-x64

1

shipping d...ts.zip

windows10-2004-x64

1

FILE072024.exe

windows7-x64

10

FILE072024.exe

windows10-2004-x64

10

Resubmissions

15/03/2024, 09:48

240315-lswf1sfd93 10

Analysis

  • max time kernel
    322s
  • max time network
    326s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d57d6ee71d3e0a161bdadd309300d5e7d1129af61886889a8b197addea8617a7.msg

  • Size

    291KB

  • MD5

    d26ec10d5be6b25f879fc0c9f91d65b5

  • SHA1

    230049e849f93203c35f581e662181cf583379fe

  • SHA256

    d57d6ee71d3e0a161bdadd309300d5e7d1129af61886889a8b197addea8617a7

  • SHA512

    6522638195072c233468f12ff32753ae9737a919b7d90f131c5d2063ee74273c489c77190a733d69670edad72a7fc1195c01915cbc7d43374452cf40df684a36

  • SSDEEP

    6144:fuTFsSgr/bMXZbqx2ulmOgyeNuw3VXgF6kXRYncUg+4SnbF4:mThGbMX9W2ulmOIZg6kBQESnC

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\d57d6ee71d3e0a161bdadd309300d5e7d1129af61886889a8b197addea8617a7.msg"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2556
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1328,i,1108969370678017020,8261740941552710495,131072 /prefetch:8
    1⤵
      PID:2812

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
      Filesize

      225KB

      MD5

      d8845ae188eb5efc70e4c9fdaa47452c

      SHA1

      759d35b53146df316fc6f43b313503adee215b96

      SHA256

      215640198dfe5c6444fe43553765f905818b2c79bf97dc0e932f77779c8e384e

      SHA512

      ae7f9190e55272e39f2d8187638a817c6ea85b4c3cf4049e8bb7f7eb4efeb0a31de789b983ed934c0a75a9ac523b0bd9ff6031cc5a130fd18bd647e939de18a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
      Filesize

      240KB

      MD5

      a9034a666bb82387fa2f89a15bed246a

      SHA1

      d3f7ac4d725bdb36b56e3f3655372fd9678e748c

      SHA256

      7c104c2d05ab31aadf0ce9b7ee1253e78a18cd2578a3799fd986d160d6d06918

      SHA512

      7818e562ac7dd8b04771634dcd48b16a1d594f331ae235a119c50887ea101d82d842fe28442f96270843aec28d58c45ebfd2bde08f427830ebf0ebfc53b8bf70

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
      Filesize

      1KB

      MD5

      48dd6cae43ce26b992c35799fcd76898

      SHA1

      8e600544df0250da7d634599ce6ee50da11c0355

      SHA256

      7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

      SHA512

      c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

      Download Submit

    • memory/2556-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2556-1-0x000000007106D000-0x0000000071078000-memory.dmp

      Filesize

      44KB

      Download