Analysis
-
max time kernel
281s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2024 19:42
Static task
static1
Behavioral task
behavioral1
Sample
a1s-root6=email_banfield_2024_12_12_18_API-4Y8LGw4pXVzKtYpq-2024-12-12T18_15_04.eml
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
attachment-2.eml
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
attachment-1.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
email-plain-1.txt
Resource
win10v2004-20241007-en
General
-
Target
attachment-2.eml
-
Size
28KB
-
MD5
ffbdd02f8b20dbadc5e387311f64ad98
-
SHA1
75c30b3761403aecdff33ad7c3cae52fd0783707
-
SHA256
4ec589091e7df11daa50f5ffafb7ac1348b025796034adf8240b4bc76b4e3d95
-
SHA512
56ba9b4399120e5414fca397bd3d06061bf405193b2800ce25f4d48e851f9f20095bd933284f07936471bf02445b17ff58e62980007da1b50645037aeadaa9ad
-
SSDEEP
768:YhFl9JyxhD3jaup3rdhbaY8LTMrns7JROFetnvF:YhFl9JyxhTCY8ys7Jzx9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\Temp\attachment-2.eml:OECustomProperty cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2408 OpenWith.exe