Overview

overview

10

Static

static

1

ba53e28462...61.eml

windows7-x64

10

ba53e28462...61.eml

windows10-2004-x64

3

Resubmissions

19/06/2024, 09:41

240619-ln4a3aseqn 10

19/06/2024, 09:37

240619-llwhfaxhpc 1

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 09:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba53e28462f5be2540824ccde6aeb615c2f3d161.eml

  • Size

    970KB

  • MD5

    fcf740695035341857f58def98e6aec7

  • SHA1

    ba53e28462f5be2540824ccde6aeb615c2f3d161

  • SHA256

    f04bcf8afdb7836f84801c68c8912f2602978faf7f5b45ba5a13309dcd49948e

  • SHA512

    6876c2ddeccadc5c60ef02fd68f1f4d98dd55085ff1ce722ed2e13c7751d0e4b845929ca6884297c8e26ba6dbb57142574f4b8ecb65475b6991c8626df64c199

  • SSDEEP

    24576:qqR2sL8XSmsdcTN7qXxWCeMFA5V3JCLbU9S5W0c7f:LLASmcc+Wr8Y+cr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ba53e28462f5be2540824ccde6aeb615c2f3d161.eml
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:1480
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads