Overview

overview

5

Static

static

1

Potential ...te.msg

windows7-x64

5

Potential ...te.msg

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Potential Phish Tceq- Review and Complete.msg

  • Size

    92KB

  • MD5

    0013158c6a21f480c72fc3f13d4019c9

  • SHA1

    667a7bb102b180219ec5911217e55f615dc14957

  • SHA256

    1fb71bb37303a0964bcea7214b5ef50b63eff909fbeb61e04b65de1d821a9826

  • SHA512

    143a139551a8934fe74da8e4420c733e3b4702e56beba50e81012690772ecc5e1a620d32691b9698bf8c9d8c0c9c5878be30f06fc2ec1b20863eedf22d915bfb

  • SSDEEP

    768:3tIiBecPWKdDzDNh9VNnHMAQu+ncmHqvYrKNzHUulJI7egdWsKFWsKcTARbpA4Fr:dleceKd64YrKR0ulJI3WNW64RIwrwLi

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Potential Phish Tceq- Review and Complete.msg"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl2.mailanyone.net%2Fscanner%3Fm%3D1s7JoR-00DTLd-4F%26d%3D4%257Cmail%252F90%252F1715799000%252F1s7JoR-00DTLd-4F%257Cin2c%257C57e1b682%257C17902772%257C12174482%257C6645058BA4483146C0A92AE402576CC1%26o%3D%252Fphto%253A%252Fctsfcnn.saeetzelit%253Fnxv%252Furma%26s%3D6mB036XNg29NYSW91HW5laGp4IE&data=05%7C02%7Csteers%40tceq.texas.gov%7C685df458e63e43ada83908dc7698c89c%7C871a83a4a1ce4b7a81563bcd93a08fba%7C0%7C0%7C638515645790219784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=bN3bR%2BA9Y5XEycd1brwmxKZRmKJRFgiQEDc7rYsu9yk%3D&reserved=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5b9d9c939d554bc29ed443dd4ff2256

    SHA1

    7b46e1f85a7665aa317db449f20084c9c4abe7f3

    SHA256

    f252e683d4c6f99e9c655c9659f00e2de716f267181c4c3f6dc34f003e532c80

    SHA512

    55ffdd2a335031eed490b856559513c04afaed12aff66de56266a685bd1112eb0905ae5a315501eb5447dab3a16b3709c14ac52eb3cb6a9b4337f56109953954

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c0d4bd939fcc9480951ded7ae8718a0

    SHA1

    36b7f4feba7c662b6f493a85a972c978c295fdba

    SHA256

    0f54564ebf34e8e662fb171f203993a420377d44aab1f82b68f8edf6b495174b

    SHA512

    42d7cc42d88bb591f341ec5ce8706a862e56ddd7ebd4c4cf375b12c520f81f32e59e6391913862b19f2caf422ee8e73926339c52d521955cd0216498f11bde69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d86a9a293fada516cceb734413c5d6c

    SHA1

    807ae64e26f273ef3530cabf390c32ea3a1541cd

    SHA256

    b9cb41a5e96623a24febeef2e319b52baf6bfdc8ac1fb62d79a314413f5aff62

    SHA512

    aca265594c11c12fcc511b91087ca528a612640a9033ef952a919152bde5f3f67d91411d1fc0a483d179d1e8a1b6639f277afdb31bc84c95a1c7665bf54e3a34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5817d1d35587680e29c8f7e278c18b12

    SHA1

    901623a3b13be44e318ac410516b613a1e155acf

    SHA256

    b19b3792c1afb982544e0bfd05826b854e2228c1918b567e4bfcce6a71e552c5

    SHA512

    1d02d2f5e9dda5d56b14934f330ec6f033476795d68f4d6eba59982f1e56e6b685a500e8a00a67010b3bc4e4dc3d86cf6e8d8005641c7508b5cfa31077c76064

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6dd86932fd51ef6965ff6270d05e97b1

    SHA1

    55e67423f3afcb7c9855f5546d437d04e622f24c

    SHA256

    6543c00c965ee1936e57ba8c660cc4852b9b2e841d1e41fa8c0f88ad15b6888c

    SHA512

    a364818e93a27aec5578c2ee89b5147920950d984b0fdc5a78cc903934b771919fb38cf1733c046b4a60d0aaf8926356b0bd07d1abd2fa77ec02e98672df303c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af075ce188d4fc541fbf873bd99a6a18

    SHA1

    495f2ffb3c218b498ef222ff8cb5baed827d9240

    SHA256

    e61bc55bcfd087f24103bb698916cd277f4c7ab5d725d47329778410314c4f70

    SHA512

    83dc83217fd8de62aba383fcd144cd0109839f1e8d4acf725af922e3255262cbc780848005fdd74b605c49709c7e2ed12226e0d36dd58510d01eeb05849292ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c545982d018d114097445ed8c06cd6ef

    SHA1

    5a9aa3cc518ec41b1762ca7d6672106e20c28761

    SHA256

    4e795b34a7fc29a16dfaa1a327686f8613e2f3a9d7cfb644f0a09cb22bd8bf20

    SHA512

    c758c608164418789565a512ce44c9a108f7d8fe58eec9f7cb77517e0eb13c12971acf0198a6b61cb2d48466608b1e4657a456bf25b6b6013f3a30c5729d8b11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53844f2ee7e5c513007655eb839b691f

    SHA1

    85e8ff3ec0d3e58458b4e0322ad699b2da1b986d

    SHA256

    45b1b70ac5dbb59bd43f32032ec75506feb4bf50e10a05edcd979d27ef27a5d8

    SHA512

    06ba5466e1cc7ce0a7c2368bb021d7e63df7dd0b871b64ee5f40aabba9269fbbb009d9a506df5ff01ee4ae2038c872ad28993681f91a354713e749a6c86f697c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bc868c39f6f973ef8deb31d823137352

    SHA1

    0b4b4f20a09ad75d18d2c8a825fb53b4b98850e9

    SHA256

    cdea4d5a92e9a8081964cf65dd1a15dc7e81e8694648578a6bfa37173e369f63

    SHA512

    82ab706cb5193b07e4ae31d7c35de301efc7d74fd291eadd8f1f4d05eecb32e67559102339ee0649bd7e562fb3930e67a84c569364ceb69afc6fe2350dd78435

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6fa68826d6053bf7e5d31709f4272ba

    SHA1

    3b49200bb2ba03ae25b99199a7fd7909e6009582

    SHA256

    24969eff285304667ef7e20e8262cca1a3c625da9e42c7e2008ddaa340b03f42

    SHA512

    032a66a122c0216057637d223303103488daafeeb03aeec9ab923e6e3534ab8478f3906cdd971ee1204dd6edbbc0d8f8ecc9a9429625c47d3f65f292e77dff29

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    dfc0fc70abafe0c887c3bb99bd29d518

    SHA1

    03d0e9c7af34fe15ab456ac40b40ea3b96a6e920

    SHA256

    e1fbc7117129ea18422775e1b0670697073b86c75cc1aaff6ca77592507617f4

    SHA512

    c3615201ad2312630d6c6986883c7167bc53a8bdb501d6eb52e6cb25ae8ea7d01c38b18b5316c2420b496de7017845d00acd1c1a7e6e028049c6cdffc71928dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat
    Filesize

    15KB

    MD5

    e993cab0cf167cd7ca8b8a294a05ca1d

    SHA1

    f3a20879ff2e38fb3bb97d345362eafeac6d55ba

    SHA256

    cd7b47fd5c38dfa58678eb370c2a110e6a32e44d1d46c528a27d32fa6cf82dcc

    SHA512

    f71e6b1bfcbe1f3c77d1b04cd01d23a775ff34527e11cb3c03f9028417dcd5e696d4e340760c4d9fc9e69f2e19eb5b5e9948507c932ef0dc2b89d21547fb428e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat
    Filesize

    33KB

    MD5

    92fdcab1de1b196f13ed2ebaebb40b32

    SHA1

    2816fcf03cdfc6670a2a74bf0ad1e1bf31a9b2fc

    SHA256

    58ac3bbcff2aef79ed5bf2742171d30b74ba0ab620caa910fcfc9457622fb90b

    SHA512

    1a1bae385117914d5e334ccc6fc70ef409efa719e75cfc35862104d86c8877f1836c1c5d2a162d30061d0007129d8375a653d0a590fbb888b85879843aa5dab8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\favicon[1].ico
    Filesize

    15KB

    MD5

    9d62dcc244c0f3d88367a943ba4d4fed

    SHA1

    5fc5ec953d4344422eb686b9fc61ea31caed360e

    SHA256

    fddf75d3376bb911db3189aa149f508317799b10611438b23d688b89db208da7

    SHA512

    78cd9a7a2cdafcc378a3cb1215325be78d54a4459d5c4c7271de617a272aad10a951bd7f2efe15ebf4e70a059420d988ac093c481af02c788d864aa9e316df22

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
    Filesize

    16KB

    MD5

    12e3dac858061d088023b2bd48e2fa96

    SHA1

    e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

    SHA256

    90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

    SHA512

    c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB648.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB714.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB647.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB739.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{07372B83-0D77-4970-8447-0E3B70D128C7}.html
    Filesize

    6KB

    MD5

    adf3db405fe75820ba7ddc92dc3c54fb

    SHA1

    af664360e136fd5af829fd7f297eb493a2928d60

    SHA256

    4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

    SHA512

    69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/2392-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2392-195-0x0000000073B0D000-0x0000000073B18000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2392-742-0x000000000ECD0000-0x000000000EE4C000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2392-1-0x0000000073B0D000-0x0000000073B18000-memory.dmp

    Filesize

    44KB

    Download