Overview

overview

8

Static

static

MSI Center....0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    1817s
  • max time network
    1159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220722-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2022 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MSI Center_1.0.38.0.exe

  • Size

    442.7MB

  • MD5

    e532fe9dd47f907c0703208eb6b25ff6

  • SHA1

    dab73d8130571f993299a0b643325e04c4d12def

  • SHA256

    149ed212e4cc99a940a98c23e3713c1b91cbd90377ed47dd8fbef0a9d260196c

  • SHA512

    ad02b620f5984737f8eadfc148a7f852684fd8e39353100c2b92c460965984565e3e1fc6c5592333b44a9f01cc3e6bd67935f7767678ba7f58599c5b06480ada

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSI Center_1.0.38.0.exe
    "C:\Users\Admin\AppData\Local\Temp\MSI Center_1.0.38.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\is-96D7F.tmp\MSI Center_1.0.38.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-96D7F.tmp\MSI Center_1.0.38.0.tmp" /SL5="$701CA,463670121,140800,C:\Users\Admin\AppData\Local\Temp\MSI Center_1.0.38.0.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Windows\SysWOW64\taskkill.exe
        "taskkill.exe" /f /im DCv2.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-96D7F.tmp\MSI Center_1.0.38.0.tmp
    Filesize

    1.4MB

    MD5

    d3c7a070ba8b15d74ab36cbe9ae29f50

    SHA1

    7e4911f81616d82706320e1063a64882133d1e89

    SHA256

    7cb2fdf5c9703462e8b6d9c2a1daf6583e6157118b1304b943e86d9529719b02

    SHA512

    78a936646510514b1a5bb95920103493849bc90e517897754bf1ac8b431e2e2f10f18f3e58e394ba1c95d787ec874b7b6efc27f9900f9d2906ed0cf6f11a2f6f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-96D7F.tmp\MSI Center_1.0.38.0.tmp
    Filesize

    1.4MB

    MD5

    d3c7a070ba8b15d74ab36cbe9ae29f50

    SHA1

    7e4911f81616d82706320e1063a64882133d1e89

    SHA256

    7cb2fdf5c9703462e8b6d9c2a1daf6583e6157118b1304b943e86d9529719b02

    SHA512

    78a936646510514b1a5bb95920103493849bc90e517897754bf1ac8b431e2e2f10f18f3e58e394ba1c95d787ec874b7b6efc27f9900f9d2906ed0cf6f11a2f6f

    Download Submit
  • memory/2168-135-0x0000000000000000-mapping.dmp
    Download
  • memory/2360-132-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/2360-134-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/2360-139-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/3504-138-0x0000000000000000-mapping.dmp
    Download