945a38204f87b3f239b4b2becfb2f6cc4d2882f29bff6925e0255a7fff9a1c2a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 09:15

Target

EXTERNALPlease correct your delivery address to ensure timely delivery. ✍🚚.msg
Size

145KB
MD5

3a1b43409e3c2dbfa21361da114f4af8
SHA1

95ab1d48151f7b20a7a3d9f667c288d5ff0af0ab
SHA256

945a38204f87b3f239b4b2becfb2f6cc4d2882f29bff6925e0255a7fff9a1c2a
SHA512

3ec219c88f1126f8f25179ba5ac6afa931e49a9e7636cb82ab33b7b4bc524f18ee1ed9ca4216b4dd1e8a50a5c615ff77a9260e9c12b4c4ff0e6ff003c64958e9
SSDEEP

3072:dfg/jtwIjFZI0keAlqcKPjfASeNXtmcMx4LuTo/tZqrL5IVJNLYcx:Zg/5wIFZI0VmKjPOdXZqr8

Score

5^/10

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2500	OUTLOOK.EXE

C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
800B

MD5
5d70703422c4f3e8dbe75ff1ca11b51c

SHA1
2f1efe05b667952a49bda6699b09bfa6c4df4aca

SHA256
c53db102bc6a0383ff07b3965490504601825078b215673808221513a49fc037

SHA512
c69bc84d9a4837ada45a0e25a315ee26d1166f488e60c172e8c0746fee1cb033cce2598d882c18de7765290b1116349856d2b023c29c21f6312514957dcaa44f

Download Submit
memory/2500-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2500-1-0x0000000073CBD000-0x0000000073CC8000-memory.dmp

Filesize
44KB

Download
memory/2500-124-0x0000000073CBD000-0x0000000073CC8000-memory.dmp

Filesize
44KB

Download