9f784db35324d0c510fd696a373a2a0f5487d9584ea9d42fb0f9a230d7613827

Analysis

max time kernel
96s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

phish_alert_sp2_2.0.0.0.eml
Size

223KB
MD5

59f51de3fef832d7cd618e61bd60c4b9
SHA1

e4b039ce3002ea77c4e4587e7838644ab7972d42
SHA256

9f784db35324d0c510fd696a373a2a0f5487d9584ea9d42fb0f9a230d7613827
SHA512

2d5d558798ceeb3c006fe1f7efb7b4ea6da6ccea8b8939a9c0b1fc07c7651691dc34ef1a243fd21ebc07964270c527cf83d82b6d0f67a683b0a469a5e26df3b5
SSDEEP

6144:AK+jr9iUB38dqt4BgwXbUd/dWyv0ar2yZ:AK+j98dqt4BgwXbUd/dWyv0ar2yZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml:OECustomProperty	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4656	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml
1⤵
- Modifies registry class
- NTFS ADS
PID:556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4056 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads