Resubmissions

23-05-2024 14:32

240523-rwr6naed5w 10

23-05-2024 14:31

240523-rvpzxaee27 10

23-05-2024 08:41

240523-klg5daba72 10

Analysis

  • max time kernel
    315s
  • max time network
    317s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 14:31

General

  • Target

    0-13.eml

  • Size

    831KB

  • MD5

    6db92808a0b24eb310faf7a5aa440ce6

  • SHA1

    e96bf9b8ef57280a02c9d06a68ea8526c19ba431

  • SHA256

    8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1

  • SHA512

    531524e6ea3df525119d16b97418b9a64a0d2526561b6b251a70e3b8ae24d6d28fb0b9405dbad0232cf59b8260d6505064b361d1871ca85db03494c402f2478f

  • SSDEEP

    24576:qQFbx4Egi43IFPNFnFSiO0DifiQXvohVV77b:aEgiX5v3+c77b

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Filesize

    225KB

    MD5

    a89bf928321ccf7b2439caca9dead310

    SHA1

    4824943d13e7367778f56c5afe35b647158e5fbb

    SHA256

    386ba08c74eb9240106c68fb9cc266045f608788f8062234c429094bf273e9e8

    SHA512

    9b9db40616919db92e2f293dae5a6b87aaef410205e7fc307d773abe0ef0c35dcac67e227a3d3ff43980c8a0ccc0429ce59f310816ae9b5c09961f439b372f66

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

  • memory/552-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/552-1-0x000000007383D000-0x0000000073848000-memory.dmp

    Filesize

    44KB

  • memory/552-128-0x000000007383D000-0x0000000073848000-memory.dmp

    Filesize

    44KB

  • memory/552-134-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/552-136-0x000000007383D000-0x0000000073848000-memory.dmp

    Filesize

    44KB