Analysis
-
max time kernel
132s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
01-08-2024 20:54
General
-
Target
FW_ _EXTERNAL_ Please verify your email address to join my trusted email community.msg
-
Size
172KB
-
MD5
489f4e82ce512410cfcbd00297646ab4
-
SHA1
ba1b4454ee16a3191be1df2fb43f495d06172177
-
SHA256
435d432875a13aebd9039e00dc97e7eb2adc505d4af9272b89fb09e02de3a709
-
SHA512
7c6767746005caa7d3b71ca48284bf501283d9311a85e77289193bde9b55a47f12157fcefa863d812f714dc32db1be7a67a98bc25e61af04d359877f408e6f78
-
SSDEEP
1536:NibgIuSzpWAWsWG2/aW86iuTHJ1cpjaYVWAWdWa+yi32W2c+QN9Il43nc86WfqWn:NibgdxL+mc+QNl3ncH802OsJECrhzg3
Malware Config
Signatures
-
Drops file in System32 directory 14 IoCs
-
Drops file in Windows directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 28 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\FW_ _EXTERNAL_ Please verify your email address to join my trusted email community.msg"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://urldefense.com/v3/__https:/sav.sendio.net/LILLIGLAW.COM/sav?ua=LDEROSE&sa=Melissa.Lutgen*40mt.gov&id=1722461204.30752.1.0.7c93eca6.f803__;JQ!!GaaboA!ufunxcs0xjNZdXYFK-gi_0A0CCMsh4pAw8y35tL8X-ZjkUMzyRwnqkjazY0IW6h8CJ8-4MrTrFuO6TfIMYnEzGw$2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5d922151112df242890531dbab04faf9c
SHA10beda016cf7156b155127787ce2d5248f030b61c
SHA2564a017bd988d46590d1004e92651f24054c4d8f07458f1b3221413e5a045dfa35
SHA5126e5c3b184df8e04efc91b4b14ed7e8c36ca5f25f88699555cf184f9bcf51e51547a2e580badb94371ea65e720f5105efae58c6e96770ea523d8e8781cf620e50
-
Filesize
342B
MD56bcffc2f06cc03a6b690295a5bea1105
SHA129b91a2478983e9f9ed7c1638e744f5b21e14bc6
SHA25686ce038062db72f532233a6aff4bfc4b80622a653390d66205077430717adeb5
SHA512c061356a12c1dd82732c94c97e77516341042a48043148b38534a1aa6a2e130c200623b98c0a0f3064de399a9a266c0ceadc6f5af1f343ef556938bc19574660
-
Filesize
342B
MD5d6d4324f32afb9bdeb65e0da79be687b
SHA155064dc2351e552b21da8a464651d9387134aced
SHA2561b368b7ecc466e111ca9204a069ac3b9e4f2693984442aa5555347e8328e5593
SHA512940391c7619b3d5d8b494ceb79133c72686cb6cc12ff4ea4459f3ca8fdf091819c37cd38790f2c23644ffff4db55c5098d1a92f12fcccc732890e2d8355e842b
-
Filesize
342B
MD5c4689e048fb2c14d44fc990f632e2b3a
SHA128319f064f8b880cff1b68d4653c40d70d7b03a3
SHA25621efa7ef2e21eaeae5c14c5e4a53814dbf0da83b4bd5d4b39fef31414eacad8a
SHA512ac484f9270d7b1cf3bc5a1e9e364d9b2a48b6b9e4dc5bb67c658e29f7017a71fbcebc23fc03acde20f62a433abdc139d998e87a395a347a52c3dac72b49e89dd
-
Filesize
342B
MD56250d65d062a6e07d8fc22b49fe81023
SHA192c232e235dbe7e1b15a2710bb5debc14a66c158
SHA256e0171d4a842e9350220d8ae9284f9ae65865506a7a33aad2bab29a0b69c69420
SHA512aad053ff5088d566aa9448859b0abf1ffe51623d8569c3cb7fae273eb67ff2b4c441478dd640a09028cf1d415f89b33e7ce8ce79773bef444a3a65b1abab48b0
-
Filesize
342B
MD50d28fdf77bee4480bf1c2723377c7870
SHA1e2ba29f493b218f4bbc7627340a1a9c0eeee72f5
SHA2566ab32e9e28a821b7d2a9d58d1644056145a04617ece8867012b86595e2fa2746
SHA512653c74586da54309396aa02e51df04aa28fb9bc2b79c792a908294de4e08d5989552b2842172ab2add95d729473c604a3757c367c760c68943e31778a6c00909
-
Filesize
342B
MD506fbfea50c7151402679e90e707e011c
SHA1143e02335c6eef6b175a44d6d784e98aec48a4e2
SHA2563819784b75046c1003679ce777bac54a80565d28fcb295c6e33ed134dcaa6928
SHA512ec74fb7e32f748b65619871ce75157880bfbd217ffbff3167eded09510e7924addf48db3e4ef4141dd9966268bf485aca3a9e2ab4675dfb88caa12f15381c214
-
Filesize
342B
MD5056b9ded2ff3221acacc330d86797ae0
SHA1d3475233514287f4b579ac11531eebc80d9233d4
SHA2561ff7e258d2d292d64db16df7e24dff85194d42390cb53e917717f86aae279656
SHA5122062c5e460591e78a2dc01d7c1a6271e5d6871ef1162cd265d017411782d24c7df662a279d038e7d50fb3fe9756bbc3432a222ed610a0e42db6b0d7945a20bd0
-
Filesize
342B
MD5eac44d099882e2886735d9f11054d287
SHA1c0a04bbb2cb31233e0815b7d9041bb4f13d3b7bd
SHA256c06537225d15921496aa441ff4edd2b9c1a949b19e1bd40e1f5914b751d76d80
SHA512d3ed00532e47b7a91ec63aa49733cecc31f8ebeb89735aa0daad7938dc49b27251242792cb1196a5d07ad3535fb65e24846216cde5433d6525502a329d600054
-
Filesize
342B
MD5a4bac1b853fab5571a6df0558393ae4c
SHA18eec687c5dc11a108b2885c6eb1e56d10d07bee6
SHA256f532c6300c64984c76bb008be8615f34b0884c1465aebbdf4968b16f1dcb4efd
SHA512e3242e26560e9574841f7004627d2ce94925326603c1ec3a5aa9e4a002933f7a7e57bf82effbaeb613b5929e52a5676ef5685b027732018e81eb10cd2e1b5ecd
-
Filesize
342B
MD516b26f16468cdd228c19471a2a222705
SHA14728cc4f228919aa0f2f956b5c55ce17407d463a
SHA2560a63eeb6f7882051df70790a392561fc9f1868adb9cb487183e3fbb8a971cb41
SHA51249182de529269fc0f24f06eb33ac39c29dbd8b9c3bf442c466de6a126a66c6ff725a8b88de20507daa2826df50aed5709e57165e20898360dc981bdc93963301
-
Filesize
342B
MD5e3e57f513215502a1b6f13c253051ebf
SHA13cfe8e84efb7d86763a1ecea751ffac35e06231e
SHA256ff1bf579936387d5f045fb770d1c16c6af9a850c73561f49e4837ae4f55b22c7
SHA512e80edaf3225664bf060099a574ae88cdcc32dd21f70b64e44a57e636920ef6fdadc43b1a11ade2945079e30c021d76ff6cfa84d5f733da87bad250400ed9d44a
-
Filesize
342B
MD53b912836d79c9dd298ccf020df4d7966
SHA10c9b783f960ae1c071dea5c911daa220bc82c57d
SHA256fb2e8b1e903facdc52d8e1916b4a0f94d37e1fd6c58faa8cb51f4190b8b1740f
SHA5128c66d59bdf3020522d373747f95f5d2954c0e62604f19d3f70134e07500056c69d18156280ab12d36d98abdd67e3b83ce21a539867cbd25c898cd713a27da427
-
Filesize
342B
MD5a3ad276e8d505930071e39c3736c6df8
SHA1ef25220087cce2f87e01dcd1961e296912251064
SHA256589396d12048048ca2c1765c1b2c7a984addf1e4b2aabf39e0d8ccadeaad6cea
SHA5129dc4db0389370d5087ea4e687a12f51c82058a1e7c884e549068da95171928ddee115fc6c595f6807c57016020b62eb4f5dc962cdfbe8b5a42a9e6e4e090605e
-
Filesize
342B
MD536d5fe036c944eb0333c86b5f0142706
SHA131c5220e972a315d3876958fbee2ebb64144e3d8
SHA256969e7f5f4687555aa1d3926607453e70a2c5cfc7e33f13494e09281405952040
SHA512aaf4d28bd786b7751fa544e7610685c188e1e8f864343e3ea4a3526c31ef173ef2b37faf12544f77f3633e60d19283e37131acdf6cd342db410214e59942d0d3
-
Filesize
342B
MD5df3ed98fb581b3d761637ab95fed7495
SHA1c240336423b040ecccf70d9d3863b70c8560ebba
SHA2569a7d8dbd6fddb086f049aa4b3c258b69ee50c0e9275ca5ff01d84472b59d0fd6
SHA5121efb0c26ecbe6671dbe7239740af8d45180df9d73f5f2f2f98464a2b5a60bb13b54898ecff657d6eb9a04ad02d56ded5cb8c7e3ea18cdfc5418f02c92a0136ba
-
Filesize
342B
MD58963651691e4b26c99ed8ac6e5408b9f
SHA1b86324298f3c7eea1657720c829c09ba087cd7bd
SHA2567c3c4e20502a9a486b9938044701b609ec7297b3ca88b296ed75b38b9d1e871c
SHA5123ff71c7e405c1f40dbf6bf70420374e18235c5eb10cb96b5bf7635d9355e4043ad1298f647b4af7eba6db5d66731a9e48a25a9f3971aebcc51d8d1e6b4e1ea48
-
Filesize
342B
MD550cf2c0723484a91433d4f32a936462e
SHA1af8df87596f18ffefc4d5b60658e8c2896fd16bb
SHA256f1bce48e9c45f639684df6e9d523eb7cd504f7c2283d093be6ec3bc5416d22ae
SHA5124f4d6f865dd03782078d113387895af0d07942cf3aafffcdb350580b29ac85ab32de50c24e2475669c3ea9b3f09c69c8df2c5bd0cbc29643845ef7caa73fd043
-
Filesize
240KB
MD592cff17d76e60bfaa1eaa6ae914f205f
SHA1437f5c08e4443a7bb6c19d890e9788089bfa5072
SHA2565033d3db508a3683fa3d2a5805425414c344c0389b406e9e33a18a36a739baf2
SHA512ebda852bb09f5f5c4fe06444ff59823b4027ac1989dac695616b38047b7b1fcc4ab225c5fb05313837a7d833665cb1d1d9d4b9a4b03c3bf930acc7e8eb391fce
-
Filesize
1KB
MD548dd6cae43ce26b992c35799fcd76898
SHA18e600544df0250da7d634599ce6ee50da11c0355
SHA2567bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
6KB
MD5adf3db405fe75820ba7ddc92dc3c54fb
SHA1af664360e136fd5af829fd7f297eb493a2928d60
SHA2564c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476
SHA51269de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB