Overview

overview

10

Static

static

10

SecuriteIn...36.msi

windows7_x64

6

SecuriteIn...36.msi

windows10_x64

6

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    28-12-2020 23:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Exploit.AppendedJar.1.Gen.18612.14136.msi

  • Size

    1.5MB

  • MD5

    63919fe60f8a6549c8a583fc9de6e1c0

  • SHA1

    a70d3d0ff6fe23ffd3d2a1ac5cbd699fc140c7fd

  • SHA256

    0ec7cc1d954f61f7f8c3a1d7b65be6a0023b2b38d6278679867c1695db7f2596

  • SHA512

    b3301a78ff766ec545a00f3cf4d281632922e36a013cf19ba57641e535d25ce31a3e2e173bc6574f404554b13e8d0393b65d8fc35be7647030f10de5518af50f

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.AppendedJar.1.Gen.18612.14136.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:648
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3528

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads