Overview

overview

5

Static

static

1

RE INVOICE...TP.msg

windows7-x64

5

RE INVOICE...TP.msg

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RE INVOICE Paid Notification - Service check status INV#AULBATP.msg

  • Size

    25KB

  • MD5

    1683163f746ba3c83d88ef3267f14cb6

  • SHA1

    5176dba651083d16affaebf658590161d92d7d9c

  • SHA256

    3ddec32f0fe86a99e22a5079c77d3355848aae96ce52f43184edbae7904399d1

  • SHA512

    2f54a2ae371332cad517e2315652a182199ff0bbc2b2f1c05108de1f07fe68a725bc0618b7d57571304b3ab2cd7c393aa992036cfbaa1c42e1e3592a3c9673af

  • SSDEEP

    192:4zcJFrUQK+tZo9F0RZ33rRgAOYw//icgeYzLSHTewuBYzIinPxpXWz:NFrUQKHmz33rWASOFmTewuikinHXWz

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\RE INVOICE Paid Notification - Service check status INV#AULBATP.msg"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    f4cba3d52240bffe1bd1c848721d184b

    SHA1

    215b2562d81b643aae8acd20bd85e5d4f22b7960

    SHA256

    b44d6baaf49965f5fafbae9840e8e1c0ac813a3e502cb03122a877b4e5dd49cb

    SHA512

    bc78ea7be75e0bd6dd7e20cf001b369b97426f9fc9ee10e0fe731a19933da7bbd1a1a9ca57cad72bc443fb6680ad40026e429727160dba7b129566002b62b70b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
    Filesize

    240KB

    MD5

    0b2aa1fc245d3f4e8c1ce651b7c935db

    SHA1

    6066977213723a0c83f1ec2d51f15124672156c5

    SHA256

    5b2a769a9c41dc3142a1599ea154d3181b5c1365865cd44c2b7a15b79223a4f4

    SHA512

    3a34d5e34ef3a15fd55138db75918a1f220218decb8f5a36e6f938434ee6e48a2b93365123dfdf3acedcbbd7a5f8add2358a4bf573ddc263e10837558bee0862

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
    Filesize

    1KB

    MD5

    48dd6cae43ce26b992c35799fcd76898

    SHA1

    8e600544df0250da7d634599ce6ee50da11c0355

    SHA256

    7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

    SHA512

    c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/2028-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2028-1-0x0000000073F8D000-0x0000000073F98000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-124-0x0000000073F8D000-0x0000000073F98000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-162-0x0000000069E21000-0x0000000069E22000-memory.dmp

    Filesize

    4KB

    Download