5bad4a12d8bda4f3ae3f509c896d18c07322f734e860a7b2cc9a44f346e7fed1

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[BULK] Hurry, Almost Gone! Claim Your Camping Set Reward Today.eml
Size

100KB
MD5

cfd2514b9d478c7f51ae54cb3e534c38
SHA1

7ca70a3771be360ae180bcb42742d7f6d37e521b
SHA256

5bad4a12d8bda4f3ae3f509c896d18c07322f734e860a7b2cc9a44f346e7fed1
SHA512

b2248dbd718855d8f2b994ee65cdb4535a12d1d4a0f59749a5a1ff81c7facf7131791d9c0a4970e71ecc903673d719a73cc337c178e853e884b897494173b492
SSDEEP

1536:IkSGiuhESzdziU+0Wkg6upjULG4Fdq8JLsu3Z1Q5/v5gmJPGLAjrL:IkxJE0iGWk1uiLxFJLGX+mNjX

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3952	cmd.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\[BULK] Hurry, Almost Gone! Claim Your Camping Set Reward Today.eml:OECustomProperty	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4936	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\[BULK] Hurry, Almost Gone! Claim Your Camping Set Reward Today.eml"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Modifies registry class
- NTFS ADS
PID:3952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads