Overview

overview

5

Static

static

1

Re_ URGENT...B).msg

windows7-x64

5

Re_ URGENT...B).msg

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Re_ URGENT! Janne Honkala and Ms bookings from 22_05_20204 #804969....eml (18.6 KB).msg

  • Size

    33KB

  • MD5

    d209f76017c3c88dba69c216314eb4df

  • SHA1

    7670adbfb22d2ce2fb4db7bb3281d427c5bb0553

  • SHA256

    47e2638faaccfbb9f2ca6762a619606978281710392e0f0da447f4c40f09e3b3

  • SHA512

    710f13f81e953edd7889a90c1d346bc4f8bb191c3b5b84f219093088f2c7f63a3acbb0247c6accdb6a4283375a29ac441b645787bcea0c3d8d43337c783230f1

  • SSDEEP

    384:gM15Bo2ATfeL3ZTQAQQS2aKIfJWep4uKInWpHhvPUjOVPhmxn6Nh:gM1A2qQM2SsEWeCuKInWpK8Nh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Re_ URGENT! Janne Honkala and Ms bookings from 22_05_20204 #804969....eml (18.6 KB).msg"
    1⤵
    • Modifies registry class
    PID:3432
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads