Overview

overview

8

Static

static

4

Suricata-6...it.msi

windows7-x64

8

Suricata-6...it.msi

windows10-1703-x64

8

Suricata-6...it.msi

windows10-2004-x64

8

Resubmissions

29-09-2022 12:34

220929-pr4b1sagd2 8

29-09-2022 12:29

220929-ppb5raagb2 8

Analysis

  • max time kernel
    51s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2022 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Suricata-6.0.6-1-64bit.msi

  • Size

    22.6MB

  • MD5

    8b9258c77ca6bebff5a0cbf116c02129

  • SHA1

    750ecdf0c3d3b63ae0f5d3f753731345e59caedc

  • SHA256

    ce545bb7539dd09990bc9cf9d8a78492124d6a132f9d86d0b5fa60c0ae4186b2

  • SHA512

    cd1a0847d70497c4abe2a7d538d0b13461806250340158677c9f5de9258ef99ec625c5366a853a05d8809dcb7c1dd616c2cdcb249a25fb20bfcd995198f69219

  • SSDEEP

    393216:Zv+Pjv1e3OWSr1hE0UElR69nfSbkC5ZUnD8+2QZpmRuqzQbtitLPEjTJ1YkfFnJt:ZAsOWn+6UhZM8+Bm4qzQpUbKT6

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 43 IoCs
  • Drops file in Windows directory 10 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Suricata-6.0.6-1-64bit.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1988
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1472
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:692
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000570" "00000000000005D4"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:708

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Filesize

    2KB

    MD5

    9b6aa6b016605338fb3cd2008b29ba2f

    SHA1

    d25f576eb5ff15f96689fc7895cef0381ba2a765

    SHA256

    8be33bfe5ed298c9b38c4c38d3995465d303b8c987d6744b4c41857872471d72

    SHA512

    bb2a63d9332033b31940368876d30096786b5c487716693e89ed188f9c0676eb23b3440b4f7bca4c35cb51774e21df7bd2c4e8b136e2ea8bb5d3b145c78e595b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    1KB

    MD5

    edcd4c783b2b2c906602519bd8f697f4

    SHA1

    fc56fded4065d6960c6507cac4264dfd2b038004

    SHA256

    367e0ac4e24f1d1530de05a6abf81d6b572c0546b5aa134c246fa1514582fd90

    SHA512

    cb23a82c06211121e39ed0dbec5928b1a85aca7c25f2c060d609350e3a94bf82e9159a2a4d5e67295fc29bac22c95d525ea2461a0000d24c6c4cb630520f68d0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_5A754446CB863DF3C298CB4E94FD802E
    Filesize

    510B

    MD5

    b19ef5487c354b415d4ebaf3d57908fb

    SHA1

    997e76d19fb386dac3d16aeab96cabdb9a07952f

    SHA256

    dfb737aafdf4d1fd4484cf6c83cf72a242d15650e792258de22c16df5dc453fa

    SHA512

    7fb06d23e0063c2c658ddb0cd5c50518b93e814c50839da5f4adb4e26b628be677402ebcd9e25576df2a927f233dbb1a244398f4683421d2fa3044dae85aa9d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Filesize

    488B

    MD5

    c5fed5fbcc0afbd9d71aab0cb278cea0

    SHA1

    4caa951f9778abe0dc70bfad0ae3db7e2065cd4a

    SHA256

    2309bb2a15e795ff915e274771efbcd56112a5c8c83a5f61cb71f9ea96b23631

    SHA512

    ff4c8e2643133dddfd9b340e19ff0e0b5a830bf40e2c368ff8759e15c011096874c5f0f4bd80f77c3e5b62f2179f30300c65f1b27221a9fd12aca2951e393aca

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fb1f802b9ce6c67996c4a84cf7d0d51

    SHA1

    8382d82fa1a886c20302121a1755fb2e2f5fc2d5

    SHA256

    144095341af83ce5f53473aa9f77a8d0ddbd2c0375e26cd5642980bb03399ddc

    SHA512

    22ae20b7632526463233f47c4ea8162716c8346672bd83078aed3f0cfba4a8c47c34c2d7b5fbf38877ab561ab89623e8031824694b3393ef76b8da4e71d70d4a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    482B

    MD5

    fdc24d9206064357dc5368f60a441a40

    SHA1

    39f2a86f921ad4410b5dd31f988b86c471874bbd

    SHA256

    7b2f02ebcc7f0c6c943bf4408afa42f76f9b84a66ea2ad3e20791ecb06517bdb

    SHA512

    85134af85a6d6505fa0a689031bd31188987688ac5bfa3214e6daccd16c92ee2914bb174f0e68699cf15e2eee04624adbfe7f57e8705c6bb9eb6a5970b77f301

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_5A754446CB863DF3C298CB4E94FD802E
    Filesize

    484B

    MD5

    817efbf919b6abb01f483f7a1e28cbaa

    SHA1

    f536b447a48eb4843aa123ae940425d6b37ceec3

    SHA256

    85fe97e9f486d2b2f204bbd0c56de69d5d7f029b8e3d5f29322af8926a4a803f

    SHA512

    07bf67fb4e9f5b716c5bc0536e105e22ece686a8557a523d041da55be73e39e1a7d6dfa81e1c6f6c8002ca4de7065ea4717f9c2ed917a0caf61a744d645fb2f2

    Download Submit
  • memory/1988-54-0x000007FEFBF41000-0x000007FEFBF43000-memory.dmp
    Filesize

    8KB

    Download