Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    13-02-2022 12:30

General

  • Target

    90f613caa131c663e32aabc31b5fccc99edcfa874110d51cd627531d3a67b16d.msi

  • Size

    382KB

  • MD5

    63bed40e369b76379b47818ba912ee43

  • SHA1

    11c72a1239ffe8b6bcd2f5418c369b044f3bfc4a

  • SHA256

    90f613caa131c663e32aabc31b5fccc99edcfa874110d51cd627531d3a67b16d

  • SHA512

    aa1be6812f84d8cf205cac1878d8eca1c3d345d7807e3804b6814028b74b3355fd68b90f804b3973ef40aac8bc6d395fa4063b1aca23e9394d0aa74a551f5174

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\90f613caa131c663e32aabc31b5fccc99edcfa874110d51cd627531d3a67b16d.msi
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:944
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:560
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:808

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/944-55-0x000007FEFC4A1000-0x000007FEFC4A3000-memory.dmp

    Filesize

    8KB