Overview

overview

8

Static

static

6

DOC-49B8OP200.msi

windows7_x64

8

DOC-49B8OP200.msi

windows10_x64

8

Analysis

  • max time kernel
    29s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DOC-49B8OP200.msi

  • Size

    1015KB

  • MD5

    472a5b55e3ffd9c7e3f3b355bf7cae40

  • SHA1

    cf26c9f79529c897cd76fec9270d4ead9c235aa1

  • SHA256

    a54fe8044d12684b941ada860b515252623e9ddc1ae880ad370320fc0c2d5947

  • SHA512

    e7ce58cce7c899afde04f1f47cd78283edcb876d5bbb70c2dd9b03df9be6bc14abec3066968e5d4e8ceefe656ebf99cd04ab0da61be8a33ecc4ef06bda2b9a5f

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 28 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 58 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\DOC-49B8OP200.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:868
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 31F4D4E1B6C13CA75ED0A70E5EDE03C7
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:1984

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI43459.LOG
    MD5

    2ecab71e28f328e714e95af6327d1729

    SHA1

    8a769b71fe3f344b7602c2cc2dbe61efa8ae0afd

    SHA256

    05b9cb7c27ee3943372058c5ea4665e5eb3b289e472652fd89bb431fa15859ff

    SHA512

    beeefad070e753b9144a7e0b41e9ffbcd394aeabc6f63fda283997bd0829049891dbfbacbf2640d96fcbc25cfc3937d9413973b68092d8d1b3b044bacd0c2034

    Download Submit

  • C:\Windows\Installer\MSI37E2.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • C:\Windows\Installer\MSI3BC9.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • C:\Windows\Installer\MSI3C38.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • C:\Windows\Installer\MSI3F74.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • C:\Windows\Installer\MSI4051.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • C:\Windows\Installer\MSI9A44.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • \Windows\Installer\MSI37E2.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • \Windows\Installer\MSI3BC9.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • \Windows\Installer\MSI3C38.tmp
    MD5

    a3b4d222a755f43b34a0963f13f77500

    SHA1

    e3bd216f35434287197082745b9f789b9a4f93c6

    SHA256

    9692a12baf2113db4921678f3cf8746933d26d05141748fe09dcef11e5d94f54

    SHA512

    7baf4279fe8409db2a10638b060d2f19259be82363180c521a83f786d64c5b6e5b024ebeeedb163773d9d19efa1f1da036b55a94cc4009108eb2b910c64a3e50

    Download Submit

  • \Windows\Installer\MSI3F74.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • \Windows\Installer\MSI4051.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • \Windows\Installer\MSI9A44.tmp
    MD5

    b81fc21f9ea3d9c1d947389fc32c7d66

    SHA1

    d8e957a0555b3d8e1b30bb3f30b11e564b9d854e

    SHA256

    e0b42df2cb2b631b98213cc4b23273ebe71ae91e78bcb1218b4d81a2627328c6

    SHA512

    e977f44c4db748f355fbbcab65bfada4f2f639832350c83bef7ec29c54d20fc47e40d9815f2c5c4cae3e61b2ffe443a14fe1033c3fa8faf16aca1e5120cc0639

    Download Submit

  • memory/868-17-0x0000000002150000-0x0000000002154000-memory.dmp

    Filesize

    16KB

    Download

  • memory/876-14-0x000007FEF5E90000-0x000007FEF610A000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1984-3-0x0000000000000000-mapping.dmp

    Download