Overview

overview

5

Static

static

4

Mensajes e...7).zip

windows7-x64

1

Mensajes e...7).zip

windows10-2004-x64

1

79bc2107-a...19.eml

windows7-x64

5

79bc2107-a...19.eml

windows10-2004-x64

3

01DEMANDA.pdf

windows7-x64

1

01DEMANDA.pdf

windows10-2004-x64

1

02ActaReparto.pdf

windows7-x64

1

02ActaReparto.pdf

windows10-2004-x64

1

03. AUTO Q...19.pdf

windows7-x64

1

03. AUTO Q...19.pdf

windows10-2004-x64

1

04. OFICIO...19.pdf

windows7-x64

1

04. OFICIO...19.pdf

windows10-2004-x64

1

Outlook-25jgxain.png

windows7-x64

3

Outlook-25jgxain.png

windows10-2004-x64

3

Outlook-fad5tdcw.png

windows7-x64

3

Outlook-fad5tdcw.png

windows10-2004-x64

3

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Outlook-fad5tdcw.png

  • Size

    593KB

  • MD5

    46f926d3813d28e5eaba891947a198e7

  • SHA1

    0b2ca9e38b55eba02561395fdb0cb72464b97f55

  • SHA256

    ef0370861e0c1b8c04020ced3e4206f9636002f9b8624c75fbc8496c827d5bf2

  • SHA512

    93fb763524d949cd76144edb3ec414c6b69afa39478670fe08a6bf79ec5df0a5095e98babc4df4ac6d6b0cccbdb39a22d897d267dd65ec3cf83d2643e3ea1f77

  • SSDEEP

    12288:J2N8fBZ1Vjv5Ffi+I/BtigIIgrUIsKq5roWD99fXzmxlxF5lW+6X0t:J2g1Vj/irXHIl5woW36xlxFr9x

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Outlook-fad5tdcw.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2208-0-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-1-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download