Overview
overview
9Static
static
1Dashboard ...ge.eml
windows10-2004-x64
attachment-10
windows10-2004-x64
1attachment-16
windows10-2004-x64
1attachment-2
windows10-2004-x64
1attachment-3
windows10-2004-x64
1attachment-4
windows10-2004-x64
1attachment-5
windows10-2004-x64
1attachment-6
windows10-2004-x64
1attachment-7
windows10-2004-x64
1attachment-8
windows10-2004-x64
9attachment-9
windows10-2004-x64
1email-html-1.html
windows10-2004-x64
8General
-
Target
Dashboard _ Triage.mhtml
-
Size
347KB
-
Sample
240523-ss397afg28
-
MD5
ed77d79a1e5c877ce027495943b528af
-
SHA1
34adeb3ff3f9369e804480de07ee6a91070d9420
-
SHA256
7fb869990ade7b8b0332d244ba8863154b4d1d60ebb6229b16073a8307b86d1f
-
SHA512
250001f2073c5e303efe1b5e0e68888823a946f04c2f78304118430d1a1fafc24cd61ba8a0887ae907101609e59a9865b8aa8fdcf132528f74062067b48e53cf
-
SSDEEP
6144:QoRai04pDXhhrO+ZARhtqnZGYT+mbteJBON6CdgMZWuiCm:wbQ6XMuZ
Static task
static1
Behavioral task
behavioral1
Sample
Dashboard _ Triage.eml
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
attachment-10
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
attachment-16
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
attachment-2
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
attachment-3
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
attachment-4
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
attachment-5
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
attachment-6
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
attachment-7
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
attachment-8
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
attachment-9
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
email-html-1.html
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Dashboard _ Triage.mhtml
-
Size
347KB
-
MD5
ed77d79a1e5c877ce027495943b528af
-
SHA1
34adeb3ff3f9369e804480de07ee6a91070d9420
-
SHA256
7fb869990ade7b8b0332d244ba8863154b4d1d60ebb6229b16073a8307b86d1f
-
SHA512
250001f2073c5e303efe1b5e0e68888823a946f04c2f78304118430d1a1fafc24cd61ba8a0887ae907101609e59a9865b8aa8fdcf132528f74062067b48e53cf
-
SSDEEP
6144:QoRai04pDXhhrO+ZARhtqnZGYT+mbteJBON6CdgMZWuiCm:wbQ6XMuZ
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
attachment-10
-
Size
18KB
-
MD5
ec3b16efe1fdc65613b9d7390b9e236d
-
SHA1
5e0cb07744267d129a43eb909241c4ab3ea742d2
-
SHA256
84af9930ba0c704fed0de588dfdefcd66f58213b76b2e2d2029cd0c27db76f05
-
SHA512
3955537f5a7af20648ee279675ebdd159cf751b3fcd667d68b89896045d123f76a7db93a090b9c0fed13670a092bf397fdad423631ea2e2a31434adcad14503f
-
SSDEEP
192:sfyrI3TW7ulixfk7bgZHXMFwyAgyYpElADT/yQ+eHmA7/wcIful7cT7bnZHXMFwQ:4yrIsfk7mKyHA7WT7NQyQA9T70QyQAJ
Score1/10 -
-
-
Target
attachment-16
-
Size
10KB
-
MD5
c8eacba472db7bd7ad02438579beef45
-
SHA1
3f68c2000fba3bb9c3e164ab29872899395ea705
-
SHA256
006d8b8ca56e761eb5744784a39125ec2ab60f678385330527ee429f845da045
-
SHA512
dddc8baf0e1ca5f0003b8be0013c08617bec67ec728523994642e7f7bc46472191ce43afbd0514e930914db57ab9d00087fd7333d1ec4e2e8c711c28d27a2799
-
SSDEEP
192:oo32UqRpmrIUIeYrItTcc820Nd3ZqGwFuguEz+WmtpwJ2e2PM+RXmAC06jLK:1mE0ZqCguw+WmtpwJ2PRXmAC9jLK
Score1/10 -
-
-
Target
attachment-2
-
Size
224B
-
MD5
8d2de7cf9a15fa7227cd99e8a9dc9563
-
SHA1
bd7c7d8b0ba3095e39e2c71e0e5d4e3a7bb62170
-
SHA256
aab277d076c7a34c38a247bee397b134e2a17ea7befbe99b9992fc923dbd0be0
-
SHA512
f0b6be1a0460358c8c33ee8d20a037b895615f13e9ad38f211eb3bf8baa1a6e7bae78a3c9468147cf45abbf82b71a71d151981e8ae3b807142c2b41e381201c3
Score1/10 -
-
-
Target
attachment-3
-
Size
77KB
-
MD5
b5211e39d34016a26fcb7284db271d99
-
SHA1
7bb6388f3431c4143534065c7697949ec1c5f14c
-
SHA256
af610dccf84ae5217cdc88e90c8ba7adb19fa5447de0ddcebe89a2df2f74a05a
-
SHA512
d689e59c349395beacd7e7ce36b7e185819ee8e25f54fa9caee0b106b5ceacf5be5201ef2e696eaf73d7b5a54c06c252d90a274ee8749647020c653982ef68a2
-
SSDEEP
1536:Ff5+xsTW48StgZRs9Qx564grfiZJorQhaqyVJ/:FiL2Qhm
Score1/10 -
-
-
Target
attachment-4
-
Size
303B
-
MD5
d01ce1915edf50f5c28f38e3e67d1a0d
-
SHA1
ed22105e03c28e3a6e458f2e10e412ed8285ac2e
-
SHA256
7101b573628511efa02d6f6fa09d93e49d7b73a6eef29a32bcaa246e60a36522
-
SHA512
e40199934f1ddd1d1408d4787589d883769987e53f3bb74ad7f4d2f45442f9cc5ef0acb98b9dea82464c541e22587ffc7e5f578120e1b88e0858f61e69594237
Score1/10 -
-
-
Target
attachment-5
-
Size
4KB
-
MD5
172eea6424e59c0c64973fc295809f76
-
SHA1
a8818e2368829fd2b443e35670f8fb460eea23bd
-
SHA256
279c65607bb2fb7e34c2c54f15137e6c43031d14aee93dc9f972aec7f5cdc148
-
SHA512
987fe5d4dbe50875fb78bbb34bdfc236dc7ee20bb109962d58638b1fe6731982818c7c54784561cdc66438e77f18e82fc342591b0246988465d61251068fd688
-
SSDEEP
96:sHH92vInqJCUfyPQvEFL9dskdsdHdDdFd42621/:sH7nq/EFL6
Score1/10 -
-
-
Target
attachment-6
-
Size
124B
-
MD5
96608500af4d6ac3dc36bce9d0853ea2
-
SHA1
84a72e6eccf3423e19e48ef7ad0de3d76dd8d707
-
SHA256
d1d5976797181140362f06118d5499c243baffc97285ed70d213e8eb4dfc067c
-
SHA512
d22f498a225bea677e62b61e443eb2bd64e114b610d6a4058ad8530604b0e7f64c4710b336dbf19c2221c0cb66c7a5670cb045843b57b7b62267977c08cfdb72
Score1/10 -
-
-
Target
attachment-7
-
Size
23KB
-
MD5
7254ebe9f779e2c55a71c87d1438f200
-
SHA1
312158c7f6f8bc15caf2e8daff617e9f48e1d712
-
SHA256
113d7ab962b365e1aad5353b5a453012ced1344cbf4cf04eec2030e81e2e748f
-
SHA512
c3dc336d45a864747cf971203306569f00f525d2b8508f58e68109ff96db9255720de3cbd3b32130f482dd73cf0417ed31658b7cd870e81ad9a44def3e48420d
-
SSDEEP
384:GXfk7gQylAK0KCT7zQyiAPT7pKyFAdT7eQyGAz:yfk3ylARTQyiAPT4yFAdT1yGAz
Score1/10 -
-
-
Target
attachment-8
-
Size
17KB
-
MD5
e88115d10649fe20b9eb44825e874504
-
SHA1
bd8a3e2bac2ab7e5319ab14d39eeeedfb0ec5831
-
SHA256
c934513b446329c0d698918efb70dbf3efc40a3e28f52d12011589a1e7bd5cfc
-
SHA512
37f47dd47b95247043c12d28f162c68f18a277d497bad8dc079201455524304b703cdddff138d223130edab4f0695ea124edae61824140788d07167b2f072bac
-
SSDEEP
192:mT7ulIGfk7bv/ZHXMFTyAtYpElADT/yB+eH4AIfcvful7cT7bvQzHXMFYyAgyYph:m0fk71VyqAIqT72syQA+T72IymAC
Score9/10-
Renames multiple (125) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
attachment-9
-
Size
41KB
-
MD5
fce0d7b4f64fd1206b4dcccf168d0395
-
SHA1
e38519cf0801de303e72700c1d8bed3d3d0bd749
-
SHA256
42dcf41bda72baed40cb5eb68ec932f74166af2ca4344034d3625961c9a4d0d3
-
SHA512
8bf0a16ae1db6e403348e6ca641893e80e5e596fb20de1e8f10c4b95baf12aef02269f59fa543de73e5797321ef23befdf06ff0bc25f5a460d79a8b2ba2c876e
-
SSDEEP
768:qTFyFPAOpTAydLABsx/yTOAQlTOyCA3TzyCAbT9ybAI+eYXIUq:qTMPAOpTzLAmxQOAcTqA3T5AbTgAI+et
Score1/10 -
-
-
Target
email-html-1.txt
-
Size
46KB
-
MD5
f89ac397769c4e5408fa86d952d25e51
-
SHA1
c736e87b7f55c3bb45f8a069025a6a5eebe9af47
-
SHA256
67d8331321ea783243abc9948c8e8459d3fb4991b4203bb664adfdde9ac60bd2
-
SHA512
761b12d1cea4e898c3724690707e2acf974409faa2fb2bc93e58264b89d2198992e870cc13ad98be11ab799544674f9fdda88ab8aa68ee7d10f34aa84e660b70
-
SSDEEP
768:olwQ3eMNm8EAo5bMfJYb65mZZYO3UWUC0QcpsyZ9typpsyZ9DOPs:hMY8M5cJUZZd3UWUCBIU
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Defense Evasion
File and Directory Permissions Modification
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1