Overview

overview

5

Static

static

1

noname (1).eml

windows7-x64

5

noname (1).eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

3

email-html-2.html

windows10-2004-x64

3

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

3

Analysis

  • max time kernel
    837s
  • max time network
    837s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 09:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    noname (1).eml

  • Size

    65KB

  • MD5

    4d647743f019194eff61ac6f968e4f7d

  • SHA1

    c85b7a2d55d93c070d86ba827791e245d4e3da04

  • SHA256

    0bb65fcfecd467f48536b3849896322d4aa44ac1214dffc287b12ad0441fb426

  • SHA512

    d7d06a78499e4539cc7651c4e9a8789b98e795e46768be943fc67e5dcb84c9017d6855cb7bc7a537160d518889c0c4335f902e5fe1c9da9a9320143e3a5c6905

  • SSDEEP

    1536:117WqYElhjrcK9nbmSDDB/ggFr6XW56Qhh/u2pPfLn4Yqa01:bWCTdJ4rWAWhYL

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\noname (1).eml"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1924

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
          Filesize

          240KB

          MD5

          65b4ffb10642c9b68db93e0e2105159b

          SHA1

          dbd829b1189caf661250fc9514662a04a151bd31

          SHA256

          8a1caf120b45c52cf12410c9628474a5e9e230540783cbbe3a01a6b02c389821

          SHA512

          88f45cecd03021c751cc85371d2e953a01ea07f3ba63a7063cc7b588400ae2a57ca35fdd07fa2c0021b3a253fb1b0006de526374c28415ebd099443e1e99ab3a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
          Filesize

          225KB

          MD5

          24984d7e6006fbf06b16f2a55d1c74c0

          SHA1

          a9923948aa77f7b9ad7f8520b343e6384c198705

          SHA256

          8a0f5fa991f014dcad6eada5eb4e6bde4bba434d4a1be5463e0d10606fc2bcf6

          SHA512

          8e47110222ded63de80273b8c5f5f56ee36b28fdf1c692a02882076c5a092576a81b25ddfecaa0f83538e5757290c88d6784977a4409b118d023ffbf9a638eb5

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
          Filesize

          240KB

          MD5

          f763924fde2585d3107ee65e567b19d1

          SHA1

          bdc201dc266b993b23d7e1b63f1eae2dd19d0e4d

          SHA256

          dec78b8e92dc98bc19546b26d6eb56f7af1e6a9936a7352d52cb9bfbb9028ccf

          SHA512

          270282ac7ccc0babc0a63bcba1bcc22d825c11eaa7ecb166d108e1a78b3c976c95a19d367f9b08a34094fdc6a1287d9c17d0a3a3fb62130745c0afdfcb9ea80c

          Download Submit

        • memory/1924-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1924-1-0x00000000732ED000-0x00000000732F8000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1924-124-0x00000000732ED000-0x00000000732F8000-memory.dmp

          Filesize

          44KB

          Download