Edit tour
Windows
Analysis Report
Factura35107263.msg
Overview
General Information
| Sample name: | Factura35107263.msg |
| Analysis ID: | 1584768 |
| MD5: | ec5d969fa0a8bee009ab454b7cf4e1ec |
| SHA1: | e518f5dcb8f1c720b07ac15edd625c16361bf283 |
| SHA256: | bd558374e259378540d4bd41bf7d8803088be1eb4677e6105652376197a4d41a |
| Infos: |  |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
AI detected potential phishing Email
HTML page contains obfuscated javascript
Creates a process in suspended mode (likely to inject code)
Detected suspicious crossdomain redirect
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 6740 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\Factur a35107263. msg" MD5: 91A5292942864110ED734005B7E005C0) 
ai.exe (PID: 6760 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "5C8 5079F-3902 -4C6F-891C -A5E73ADAF 7AE" "FF65 5A22-5E1D- 4D02-BF4C- 71F1D76050 E3" "6740" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
rundll32.exe (PID: 5492 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
chrome.exe (PID: 6172 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\AppD ata\Local\ Temp\Temp1 _FACTURA-5 003950905. zip\FACTUR A-50039509 05.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6820 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2072 --fi eld-trial- handle=195 6,i,876384 4644308401 885,954133 8060301156 133,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- notepad.exe (PID: 8116 cmdline:
"C:\Window s\system32 \NOTEPAD.E XE" C:\Use rs\user\De sktop\FACT URA-500395 0905.htm MD5: 27F71B12CB585541885A31BE22F61C83)
- chrome.exe (PID: 716 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1752 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2256 --fi eld-trial- handle=201 6,i,133489 2687026541 7558,88171 3764180697 2289,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
7zFM.exe (PID: 7228 cmdline: "C:\Progra m Files\7- Zip\7zFM.e xe" "C:\Us ers\user\D esktop\-" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)
OpenWith.exe (PID: 6892 cmdline: C:\Windows \system32\ OpenWith.e xe -Embedd ing MD5: E4A834784FA08C17D47A1E72429C5109) - notepad.exe (PID: 7468 cmdline:
"C:\Window s\system32 \NOTEPAD.E XE" C:\Use rs\user\De sktop\- MD5: 27F71B12CB585541885A31BE22F61C83)
- chrome.exe (PID: 2992 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\FACTUR A-50039509 05.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2180 --fi eld-trial- handle=189 6,i,806969 9020101522 557,739497 5800054209 964,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 7892 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\FACTUR A-50039509 05.htm MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7940 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2188 --fi eld-trial- handle=194 4,i,708194 9003119817 988,166591 6272034957 3416,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Source: | Author: frack113: | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | Joe Sandbox AI: | ||
| Source: | HTTP Parser: | ||
| Source: | Classification: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||