Resubmissions

03-12-2024 17:14

241203-vr8jmavmew 5

03-12-2024 15:36

241203-s1396a1mev 5

03-12-2024 15:34

241203-szv76a1max 3

Analysis

  • max time kernel
    106s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-12-2024 17:14

General

  • Target

    phish_alert_whitefish_muncipal_12032024.eml

  • Size

    60KB

  • MD5

    453419084607eee276dc79185b6f18fe

  • SHA1

    c9b04275f61a1a56109c337fb6b4d2c9a1e70311

  • SHA256

    d5f446c33216d26ed66fdc70bc492280d93c0c23e8c21054aa2546896c489c77

  • SHA512

    34372cdc262da07b55801e463f3676a7515ff431b56e11a0c69da2e95f8a8830f4dec3afd6fcdac17a5875d636728201ec5a65f045438526efe458ed935fd825

  • SSDEEP

    768:9cTMTAZh9P749V3N6vUUaTM0BQ7h9SItodhIBP6cp3el6Iq45aIPMuOP/LGS91ZK:9cTMTARP74rNxBAvUydz5WLl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\phish_alert_whitefish_muncipal_12032024.eml
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:5344
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1084
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

    Filesize

    10KB

    MD5

    b7443e89f0cb29d51ee6a257750e54d2

    SHA1

    84127eebf275e781d5276af6fc4d09c5a6bfb7b9

    SHA256

    8226877d6ab2e4834aea6bc71bd9865b28d0bd1ec2e8b4c23b8acf0301c56f26

    SHA512

    446cfe25d82f3bbf7badd324cae691ad62e13bd7469e415f47b9141bddf30679219c672937f4f6768796c2936c3b9c557fabbda1fb51c5edbb7c1964bffa17be