Overview

overview

8

Static

static

1

AutoMail/AutoMail.exe

windows7-x64

3

AutoMail/AutoMail.exe

windows10-2004-x64

3

AutoMail/S...g.html

windows7-x64

3

AutoMail/S...g.html

windows10-2004-x64

3

AutoMail/automail.chm

windows7-x64

1

AutoMail/automail.chm

windows10-2004-x64

1

AutoMail/mx9x.dll

windows7-x64

8

AutoMail/mx9x.dll

windows10-2004-x64

8

AutoMail/mxxp.dll

windows7-x64

3

AutoMail/mxxp.dll

windows10-2004-x64

3

AutoMail/sample.bat

windows7-x64

1

AutoMail/sample.bat

windows10-2004-x64

1

AutoMail/smtpsend.dll

windows7-x64

3

AutoMail/smtpsend.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2024 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AutoMail/AutoMail.exe

  • Size

    196KB

  • MD5

    d377c08d908b09383645c72d4625e0a8

  • SHA1

    1970985cf0ce4122430e0631d8c0167f386cdee6

  • SHA256

    8f5488ac85ae55f8ba2000a748974f28bda32522000196fc0e41124cd99d0d91

  • SHA512

    235c7e7f52cd724c3ac312b4e9091626d1d32ad2454d1e6f5a4076df6d3176df36c4a4589acfb8283e18042ea4c958143d0da82e50b5c0a016d44986503871f3

  • SSDEEP

    3072:q3kRfsJNWuOpLpM2OxAMc0plJtxUUT5+bvIIbQMSIJ5RfQPH:c0OUPVKNxh4hV1

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoMail\AutoMail.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoMail\AutoMail.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.automsw.com/starting.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a4e917032e6c883f1f91bb3f6244120

    SHA1

    8874326135d1565741ef887d081accbede656db0

    SHA256

    7168e23f09648782e298b7a0c09d20133877f6507f086eb254b3a67c642ecd52

    SHA512

    104fb461323ad5707b1431abbd3d40a709eaad3daf3a1f2d1d9c210b8cf731aced8772472d4d70b04fa72c019af27d17419fac2b23081706aac392c5449ba25c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ebfe368b962f48842479a406492116b

    SHA1

    653893a43492e2c312b602d70f52382d1de5b91f

    SHA256

    277b84ce07d50d5a701de3f7276f7d881735a94d06749fb254e5a82c2d077d57

    SHA512

    c7ef2a19b947fb61786c4939639e23d562cb470c57f4aa5afdaf8492ec1e8e4b700882fd5d0aa316d62a85b3dcd3e98529035d2be704afe014eb24b2477b69a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a99a3470356a875141b4759165c8c7a

    SHA1

    78576cf4fe6e81cf50b8d62261fad332cabc0ed5

    SHA256

    43f838571bd513882a428cf7bc83c7f1f679c49ee1f2add7a025e5b1826e3a35

    SHA512

    9f30cfe1fe0d594da78bbaa6f3d85dbfa4d78ab670818d7114b99e580ae4e1ad8cbd24b7a4136f2325a876d4f76ef8aeafcd94363eff0e6b026d7fe03772b0d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    615afc04b15c12269110a0d8c8e70fbf

    SHA1

    583dab65537b110e389f44e4fae8cf2c85a77bb6

    SHA256

    dd707d61e96ed27fbfb8ea04bec896a734bbc7c3f89034196c3bfe5fd7448869

    SHA512

    0dc2f7b7774c929964a5ff45d588735fc8bdd6ef6798d724d9df15bdfe6ff764bff1adc29179f0ead06945d22fa86877fda5af1425799aae7975dc26d75393f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de6d88785c5214dba82ab94572c27acb

    SHA1

    ea2fc1ae29b7bf92d7622dd593160a56a330f0ea

    SHA256

    2ce320e6155c4ca6ca441c776795233a5fb711c499be119aec983390acc246c0

    SHA512

    352beb07582f4f68cfb76046df05b3ec9b53d177db2c0f093659b36a68fdaebd864e48b195b1784a8df8edc8e5369bdba3d87cb88cb6af33c5096c530d13d961

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f9a52e792cdeb11df9f5fcadcb49a6d

    SHA1

    734f5cf6a6f5faa7c08053e1a156c10dc0cfc842

    SHA256

    819c3c0bd3d8450862a1410988b7e5c5a60619c9aeef48d5c1d2c5586efd9508

    SHA512

    d40f89c4cc3608df54205f0ad518c32bd92b34dcc30ac4e2886e93e08f6ee0395cd93afbf843993a19bacf982aaf660b3f0ac071f8a83438aeb4825eddb27765

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    baaa855eed00e0c4846d3361d172b572

    SHA1

    a72caf7e67f41fb404b4685e371163a6b38a8046

    SHA256

    0f8c0bdb4fb9a375db8b67343f91445f11e2c20cf029a06399e22834c258743d

    SHA512

    cb4c8650aed55ecb1452e5a50ae9e067150ec4b5db66ce9a4063f3a0fa77158c07e2de404d59dfac53e8502fa8b3f82fce738a5c29215b68d21dd99e38b6fa90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f018be1f14e44975e97f111a4a8bcd94

    SHA1

    e7dcc7d3c1661453c644ce4fd387d90e222d8fd6

    SHA256

    b4c9b7a26c302145c5baa159df790eb2f3a2ca2470af582a7215a7f6ff783b76

    SHA512

    d05ef68a173b98beeab90ebe0e7f1a6dbfcaa972618187981745a1a547335de8f5f1528e44961c1e8d5bf3deb42c294d3a1e3bc67658abe7702347a431d73335

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    960a1b7d86e89ffbc5251fdc71baf215

    SHA1

    c6674a37247597af6ad168035b67dc66b0ee1527

    SHA256

    aaa86dc918b43a0b34cdf2deff72c1b1e11df7c3a7b8767282b28611228c889d

    SHA512

    fc1d55c0b02c55be09bc7a19a7539355c6d2e2476391432588374974578d8c3fa6aad09367b5946e24fb4c02a15ffac19fa04b252ea2187698b385d7b3bb6dfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5881d7344511c011e8dc94b83a312dc0

    SHA1

    769777ff90033d20081770af18b51eb526debfd8

    SHA256

    f8b5eed189b2223145f7f3a51a52083838b1105fd812242bb2a56bfc60f16db1

    SHA512

    7b726ad23972a57abf2080e37b54054f57b0562c4e85b14986696d0ea57367927337e460417c4e4f51f79fbd9d6871ff86f159fe294bac1617c7e248be1a1bf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    756608c5ff4913cb68fd952e78a2f60e

    SHA1

    fcbbaac07ddb2f27f96773ef423690fa395d7fdf

    SHA256

    18f7f7e9502a69498d69944ba250e52d0c70462a60d4284d5d2b239f999e076c

    SHA512

    b0759808009f98bb1d1a44c43767ea16a34540b5ff5d6847c71e88df2a3ccb7de13b0bcb5c049ba31aa5b0408270ca76ad37da6d20b212f8692b8abcf356d06c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f22046a685813ebf472ea382ea16f6c7

    SHA1

    4815cdbd149f0f7bcea60602e8bef4b3b7108de7

    SHA256

    c002b0f96b7bf5400cdde7b4b4efa4486f9f5a71b5406d0232f5f2e187f94b8e

    SHA512

    e37aeae0214acfddc2f6248c2d834c1402ec55c433ce1408a2bd3a0add7e2e815a38e08f6766b992ecaba0f1466f8ebb117f5a2c123c05b53d15537ac3388aab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8d99e610ff89e4da877f8c0be8186f2

    SHA1

    6aa1d0fbd6acd5299b3413809e1992947a2db5b9

    SHA256

    f9cab0abff24fc70411270cc9f3c76d8ed1854cab4fdd24e4ebd255ba2fa35f1

    SHA512

    0a9080eff34a87da6a0e861765c0b328797befd6f86c2d7a95c25f2217051838563a08c73c4a35d276185317a772a2bb452d6cd2503f1ad82ac939cefd0304f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8ece744d8905221b7ac258b6efe2e80

    SHA1

    9e7f231c1caf8e2cb7de030d63b1198f20be9b1e

    SHA256

    5c1d71f312b719d703264c66ed54aa376f6abc651416478f8d2aa179ee397363

    SHA512

    85602aec5c2c1a61eaa48d884b4fa70d5d1bb8fc82f6ac227fb5a1d0325778ac474ad066c048142ae320e5d7a0c6c1faea2ab38551f018ae1ef789ac7fe1e899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    466bb07174ea82bf0ea3135df8964d95

    SHA1

    ba16d59b98d94fc3c9a6d0b1cb97ac51b3d82afe

    SHA256

    3e1c412f2bda079004e925c2c49a545188e95028ac35d8b0f3044b76e13e7dfe

    SHA512

    b1866e56ffdf046b7be4c0408b5bb49274f9bcb2023b6cbc3180fc8db5ec1077207046416508c711890bd63cbc38416e38a0f3327430c11964a6277673217214

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6185ffacf8fcf8c6ed0061f3cf3c2037

    SHA1

    ce5c01c21a1872de055a85ceb8878d19d94a8a85

    SHA256

    1ce9bedc8856b08fb71f3d6502ad55e3aa5eb40c79169112a121ac3564885e4c

    SHA512

    a6ff152e0d1422d76001870e3629ce3e9b752729f6a8687f25d2736d5c157f9b72da566fe1500d5e030ff10c4f2cc13eeeb9d74ae02d8617f865372752fee18a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c740ce7b33b742d44a506120ba64a40

    SHA1

    a5eb9ef50438685ef98bb909b32d2a6f24cfcf45

    SHA256

    7fbe1c67e3d47c9f58fdc0beeb1b9fb3d34e88e7ef442077e0e312b6fc41118f

    SHA512

    242bc2f5ad02f88fb7e947678f08cce54ab072b864021e3ad13ebef354932de5c4c59ed6002ee0b195317da28675f0d00e1eb3dbf62917808e6e7d6fab052528

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d67bd2b516f3cb7a2bf38160201dc5ed

    SHA1

    72b4ec4a555c50032c2a33a7a447c8a838bdb59c

    SHA256

    0d960f3201d6147a5b32964c12c5818b8eb24845abf3cf51fd3b16f6c03d3dcc

    SHA512

    60195d9d36c43e590805e4fbed2c731519a2d86b787603e65d4516d418989e29817548c4231351d32c122cfe2d1a73b3d649dc5d51c4abdd19a5846436cbd5e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbb202512ed6cb32fc6cb739fd65f247

    SHA1

    6c538649ffd5c3b98d1465f2a9db038985daa8a0

    SHA256

    1d9eb07885254079a0642f3747e0f1bc317a214119d54139917b52beaf151445

    SHA512

    c4795e85cec29ae2c62ec96985f0ffbb73e4349b9b2b2cf160913ab5b7c05dc28ef155b34249dd06bc10d7b07de051ca03a481dd63edd5455290ed5b5ea3a4a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFD94.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFDF4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit