Overview

overview

5

Static

static

1

malware.eml

windows10-2004-x64

3

email-html-2.html

windows10-2004-x64

5

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    1222s
  • max time network
    1626s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-12-2024 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware.eml

  • Size

    20KB

  • MD5

    e80e7c094ffc4bfe3b7938c85c518499

  • SHA1

    bbbb57b753bf88276504362c1bfc7b65ab1e4258

  • SHA256

    e99e5bfe4c68192a6d2e7e66eb9518e8d1157be94bb79758bf607230abcf6ba7

  • SHA512

    cdaf9620b1f790ff79e9ef4bf543c9209d13aff847a1472ab275c0003ca8db7582127927890acfae6a5e54c2c9f24aaebf7ad0cd035fbc5179b51d742c2de7f8

  • SSDEEP

    384:GaIzqdm5bMOMWL/DWuE+/v/AEswARiLUpKCkaqFbqzhgZz3QgOLKyhzAqXHOi5GN:/O5oOtyuE+nAEHwtpK/aqFbql+3dOL/c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\malware.eml
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:380
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2304
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k UnistackSvcGroup
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3984-19-0x000002A963240000-0x000002A963250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3984-3-0x000002A963140000-0x000002A963150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3984-35-0x000002A96B580000-0x000002A96B581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3984-37-0x000002A96B5B0000-0x000002A96B5B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3984-39-0x000002A96B6C0000-0x000002A96B6C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3984-38-0x000002A96B5B0000-0x000002A96B5B1000-memory.dmp

    Filesize

    4KB

    Download