Overview

overview

8

Static

static

10

Proc.Eelet...th.msi

windows7_x64

8

Proc.Eelet...th.msi

windows10_x64

8

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    23-11-2021 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proc.Eeletronicoyilg1707 03r9th.msi

  • Size

    4.0MB

  • MD5

    c937a24384d2a4117ba1edaf5bae2f63

  • SHA1

    e413d38000e5e0a7b3998e20fb1623fe149ba5e3

  • SHA256

    1d7cec07e9cffe08e3b79cc38e0f0e59720934a456657dcc994256b88e43dab0

  • SHA512

    5e2390e8c7c4a0b2a5e57eb3832a6265e145dee0079c82d210604ff1f045cf98e2f7c6124fd26736a3fe4a39291cb004adcba2da9b8c35306401a622f1d90150

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Proc.Eeletronicoyilg1707 03r9th.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:556
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 85E9816EBB0E4E3376DC8662F01C5432
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:1376

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSI11A.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • C:\Windows\Installer\MSI32D.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • C:\Windows\Installer\MSI39B.tmp
    MD5

    0872fc86ddb1c0c51beab1deaaa80218

    SHA1

    abe143cfe0053d6e93c042815f020ff4714794bc

    SHA256

    99f2f155dfed73c33416e82ca6cd8f6dc66abbf50513a5e2a857d12e49504c60

    SHA512

    1b15ea0122d5adef9098381a2dc9659257ba13704fc4b51105c535044c94e370b9ea24e70c836e85cd0b4c9cc4dab63522c74af2ab913619984e86c27888a346

    Download Submit

  • \Windows\Installer\MSI11A.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • \Windows\Installer\MSI32D.tmp
    MD5

    9f1e5d66c2889018daef4aef604eebc4

    SHA1

    b80294261c8a1635e16e14f55a3d76889ff2c857

    SHA256

    02a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222

    SHA512

    8f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b

    Download Submit

  • \Windows\Installer\MSI39B.tmp
    MD5

    0872fc86ddb1c0c51beab1deaaa80218

    SHA1

    abe143cfe0053d6e93c042815f020ff4714794bc

    SHA256

    99f2f155dfed73c33416e82ca6cd8f6dc66abbf50513a5e2a857d12e49504c60

    SHA512

    1b15ea0122d5adef9098381a2dc9659257ba13704fc4b51105c535044c94e370b9ea24e70c836e85cd0b4c9cc4dab63522c74af2ab913619984e86c27888a346

    Download Submit

  • memory/556-55-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1376-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1376-58-0x0000000075801000-0x0000000075803000-memory.dmp

    Filesize

    8KB

    Download