f5a1fe94e1149bb309a3a5c630135d49fdbac678be42ecefc37ebc09d76873af | Triage

Analysis

max time kernel
66s
max time network
68s
platform
windows10_x64
resource
win10v200430
submitted
09-07-2020 11:29

Sharing

Report Analysis Logs

General

Target

Prueba.msi
Size

4.7MB
MD5

d7946fd7c8240520bf14ac2a3ab4be1b
SHA1

bbe2d4a68ffa1c7a70f1e491b2b3d15124f63194
SHA256

f5a1fe94e1149bb309a3a5c630135d49fdbac678be42ecefc37ebc09d76873af
SHA512

82ac9a63f8d10a325ee39feefb780771f292da58a1f815a46d2acd36da3f27b43f217a329f5137c3e2500edac9c3929341dbb490bb08da65a46de51ec7088bc8

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

2564 msiexec.exe
2564 msiexec.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

msiexec.exe

description pid process

Token: SeShutdownPrivilege 2564 msiexec.exe
Token: SeIncreaseQuotaPrivilege 2564 msiexec.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Prueba.msi
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of AdjustPrivilegeToken
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2564-0-0x0000027CB4B70000-0x0000027CB4B74000-memory.dmp

Filesize
16KB

Download
memory/2564-1-0x0000027CB6A40000-0x0000027CB6A44000-memory.dmp

Filesize
16KB

Download