File name:

Выставка технологий для умного города в Астане 💡.eml

Full analysis: https://app.any.run/tasks/eb0fdf62-66d1-43f0-9882-a375d66f32a7
Verdict: Malicious activity
Analysis date: December 06, 2022, 04:44:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: SMTP mail, ASCII text, with CRLF line terminators
MD5:

6CA52609420AAB030FAF466C475DFD8A

SHA1:

39C56779BFF035E9672B8D1064D4134626E952B6

SHA256:

11D1E277977A08FE57EE974AAA1598E74B3DCE8CEB34F51039E618D9831342EF

SSDEEP:

49152:LljJrBZ854XvSQnNdx6NTNz7gwJjESXrCPaRdvPJfTxIbXPs+tDx46Tiiin9Mco+:A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Detected use of alternative data streams (AltDS)

      • OUTLOOK.EXE (PID: 2436)
  • INFO

    • Changes default file association

      • chrome.exe (PID: 2712)
    • Application launched itself

      • iexplore.exe (PID: 268)
      • chrome.exe (PID: 2260)
      • chrome.exe (PID: 2792)
      • chrome.exe (PID: 2712)
      • AcroRd32.exe (PID: 2572)
      • RdrCEF.exe (PID: 3416)
      • AcroRd32.exe (PID: 3780)
      • RdrCEF.exe (PID: 3096)
    • Manual execution by a user

      • chrome.exe (PID: 2712)
    • Dropped object may contain Bitcoin addresses

      • OUTLOOK.EXE (PID: 2436)
    • Reads Microsoft Office registry keys

      • AcroRd32.exe (PID: 488)
      • AcroRd32.exe (PID: 1836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 1) (100)
No data.
screenshot