Overview

overview

5

Static

static

1

Message_#1...c7.eml

windows7-x64

5

Message_#1...c7.eml

windows10-2004-x64

3

attachment-2.eml

windows7-x64

5

attachment-2.eml

windows10-2004-x64

3

Sps-public...20.pdf

windows7-x64

3

Sps-public...20.pdf

windows10-2004-x64

3

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    24s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Message_#1-6de70020bd4f4d339f703fd8d9222dc7.eml

  • Size

    204KB

  • MD5

    5753d8122708058974288750dd2cd7ce

  • SHA1

    76099a1f9584e4a068c052629b80f1e8a8ef6acb

  • SHA256

    5a661e0b60d4e9f7d42b321a9c245a1bb22f44d5f7de3d31230dec9847ad83ea

  • SHA512

    d21ce8433d33261b01bcff2a2b40724bc41de275c33a2d224c801a17bac1ebddda747453ab5929211c288a1dda185ddd6f9b5e36834c2525d4422e95cf09157e

  • SSDEEP

    3072:019FcGImhLOh5zyxLZ35dNP8Wjpot4LKTEIkMSIFLJQeihFURDeH2y:0bqtWyrY35v88pq4LKTEILLeNca

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Message_#1-6de70020bd4f4d339f703fd8d9222dc7.eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3036
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2856

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
      Filesize

      1KB

      MD5

      48dd6cae43ce26b992c35799fcd76898

      SHA1

      8e600544df0250da7d634599ce6ee50da11c0355

      SHA256

      7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

      SHA512

      c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

      Download Submit

    • memory/3036-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3036-1-0x000000007360D000-0x0000000073618000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3036-124-0x000000007360D000-0x0000000073618000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3036-133-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3036-135-0x000000007360D000-0x0000000073618000-memory.dmp

      Filesize

      44KB

      Download