Overview

overview

8

Static

static

10

Proc.Eelet...br.msi

windows7_x64

8

Proc.Eelet...br.msi

windows10_x64

8

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    23-11-2021 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proc.Eeletronico80rdgkj4 qoz4br.msi

  • Size

    4.0MB

  • MD5

    1321ee6809d5368dc9ec125e04bc4cf8

  • SHA1

    f1c0503e18eba4af77c5e637b38f2cf323e6c2bc

  • SHA256

    c8c447eabc388282ef6ee8678cce4aa65557bf557a936109485648fd217baae8

  • SHA512

    c348633687ec45a8c6a82fb7339ceb54bcc7c7448108841d4c4aa54ab15de582dd4b2b981ce76c743dd6d3f5ceaf96491cf2a9065df3439aafd33d1398900597

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Proc.Eeletronico80rdgkj4 qoz4br.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2032
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 85E9CFE13329B663F4D0B2039FA018A1
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSIBCD9.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • C:\Windows\Installer\MSIBFE6.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • C:\Windows\Installer\MSIC0B2.tmp
    MD5

    0872fc86ddb1c0c51beab1deaaa80218

    SHA1

    abe143cfe0053d6e93c042815f020ff4714794bc

    SHA256

    99f2f155dfed73c33416e82ca6cd8f6dc66abbf50513a5e2a857d12e49504c60

    SHA512

    1b15ea0122d5adef9098381a2dc9659257ba13704fc4b51105c535044c94e370b9ea24e70c836e85cd0b4c9cc4dab63522c74af2ab913619984e86c27888a346

    Download Submit

  • \Windows\Installer\MSIBCD9.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • \Windows\Installer\MSIBFE6.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • \Windows\Installer\MSIC0B2.tmp
    MD5

    0872fc86ddb1c0c51beab1deaaa80218

    SHA1

    abe143cfe0053d6e93c042815f020ff4714794bc

    SHA256

    99f2f155dfed73c33416e82ca6cd8f6dc66abbf50513a5e2a857d12e49504c60

    SHA512

    1b15ea0122d5adef9098381a2dc9659257ba13704fc4b51105c535044c94e370b9ea24e70c836e85cd0b4c9cc4dab63522c74af2ab913619984e86c27888a346

    Download Submit

  • memory/540-57-0x0000000000000000-mapping.dmp

    Download

  • memory/540-58-0x0000000075731000-0x0000000075733000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2032-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

    Filesize

    8KB

    Download