Overview

overview

3

Static

static

1

Unconfirme...66.eml

windows11-21h2-x64

3

email-html-1.html

windows11-21h2-x64

1

Resubmissions

23-05-2024 04:38

240523-e9sywseb42 3

23-05-2024 04:34

240523-e7j8zaea73 3

23-05-2024 04:34

240523-e7apjaea65 1

22-05-2024 23:32

240522-3jpesadc6v 5

Analysis

  • max time kernel
    14s
  • max time network
    14s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-05-2024 04:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unconfirmed 541766.eml

  • Size

    19KB

  • MD5

    4df1072af5a86dda7092df686eb850d4

  • SHA1

    2d2f5f5f0f2794d617c4146dc8a6a4aa9661b776

  • SHA256

    56971fa5d09acc74a2bffa88c4f65ea55623d617cdf0e09c61bca65d5d4744a3

  • SHA512

    1f2815ff8fc7ec540ad17ffdc956df6a73e9b420f517e897c5791efd179e4782a50d3e51c16869f6dfc3f451680cdc618a713688898c24a0cde42b0d2e7fbf4b

  • SSDEEP

    192:gbelZUaobFsrXXItkppz4VEIDL/wAs4HPIMWXJzNS6LCSrkqdhCKwIdcxmKktCzz:wCCa6srKGz42IjPwKIdcxm+YkJ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 541766.eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:3856
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 541766.eml"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4516
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 541766.eml"
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2268
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.0.1369920602\1582261221" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36998d65-61c9-44a8-94d2-b6a5fd319323} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 1884 19e92323d58 gpu
          4⤵
            PID:244
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.1.229750009\70481491" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb5c777e-8474-491b-b5c4-782815455eb0} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 2440 19e85489f58 socket
            4⤵
              PID:4216
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.2.1668037702\175878330" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e20845a-80a7-4541-8322-b10f4bd2cccd} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 2948 19e9521f858 tab
              4⤵
                PID:4452
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.3.687542926\195733789" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 1332 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c1cd7f-10ae-4ba8-8ef5-33b3a62bfc27} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 2600 19e9793c858 tab
                4⤵
                  PID:5072
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.4.1639364686\1529950321" -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5384 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0cd6578-db2b-4a19-947e-12cfef42bc73} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 5428 19e991e2258 tab
                  4⤵
                    PID:2832
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.5.1297936764\1224851262" -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5408 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9badead1-1206-45f6-8a60-93a48b60fd3e} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 5444 19e9ad21b58 tab
                    4⤵
                      PID:4008
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2268.6.1272073165\211094788" -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8eed87f-5f1a-4597-999a-9e3477d9ca6e} 2268 "\\.\pipe\gecko-crash-server-pipe.2268" 5840 19e9ad20c58 tab
                      4⤵
                        PID:2068

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  27KB

                  MD5

                  f3e65752a72a3a51d84b3a6c41548ad4

                  SHA1

                  80e1d90029680397f0b6f509e510a71aa3d56d49

                  SHA256

                  c27052442bc7415fb00eccf20594e95641e4790f23f011114a7a5a5af74f9d0e

                  SHA512

                  35cc4f627a9e061cb7db9074da9846e046b1aeb88ce3d61afaa53c03149bb4205e932992e13eeb63ce73ccdca7253acc2333c655f7c383648717a18dc402e7ca

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Unconfirmed 541766.eml
                  Filesize

                  19KB

                  MD5

                  4df1072af5a86dda7092df686eb850d4

                  SHA1

                  2d2f5f5f0f2794d617c4146dc8a6a4aa9661b776

                  SHA256

                  56971fa5d09acc74a2bffa88c4f65ea55623d617cdf0e09c61bca65d5d4744a3

                  SHA512

                  1f2815ff8fc7ec540ad17ffdc956df6a73e9b420f517e897c5791efd179e4782a50d3e51c16869f6dfc3f451680cdc618a713688898c24a0cde42b0d2e7fbf4b

                  Download Submit