Resubmissions
03-12-2024 17:14
241203-vr8jmavmew 503-12-2024 15:36
241203-s1396a1mev 503-12-2024 15:34
241203-szv76a1max 3Analysis
-
max time kernel
106s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-12-2024 17:14
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_whitefish_muncipal_12032024.eml
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
phish_alert_whitefish_muncipal_12032024.eml
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
email-html-2.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
email-html-2.html
Resource
win11-20241023-en
Behavioral task
behavioral5
Sample
email-plain-1.txt
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
email-plain-1.txt
Resource
win11-20241007-en
General
-
Target
phish_alert_whitefish_muncipal_12032024.eml
-
Size
60KB
-
MD5
453419084607eee276dc79185b6f18fe
-
SHA1
c9b04275f61a1a56109c337fb6b4d2c9a1e70311
-
SHA256
d5f446c33216d26ed66fdc70bc492280d93c0c23e8c21054aa2546896c489c77
-
SHA512
34372cdc262da07b55801e463f3676a7515ff431b56e11a0c69da2e95f8a8830f4dec3afd6fcdac17a5875d636728201ec5a65f045438526efe458ed935fd825
-
SSDEEP
768:9cTMTAZh9P749V3N6vUUaTM0BQ7h9SItodhIBP6cp3el6Iq45aIPMuOP/LGS91ZK:9cTMTARP74rNxBAvUydz5WLl
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\Temp\phish_alert_whitefish_muncipal_12032024.eml:OECustomProperty cmd.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1084 OpenWith.exe 1612 MiniSearchHost.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\phish_alert_whitefish_muncipal_12032024.eml1⤵
- Modifies registry class
- NTFS ADS
PID:5344
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1084
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1612
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5b7443e89f0cb29d51ee6a257750e54d2
SHA184127eebf275e781d5276af6fc4d09c5a6bfb7b9
SHA2568226877d6ab2e4834aea6bc71bd9865b28d0bd1ec2e8b4c23b8acf0301c56f26
SHA512446cfe25d82f3bbf7badd324cae691ad62e13bd7469e415f47b9141bddf30679219c672937f4f6768796c2936c3b9c557fabbda1fb51c5edbb7c1964bffa17be