Overview

overview

8

Static

static

5fd97dc280...81.zip

windows7-x64

1

5fd97dc280...81.zip

windows10-2004-x64

1

FEL_Multip...fc.msi

windows7-x64

8

FEL_Multip...fc.msi

windows10-2004-x64

8

Reporte_Es...r).pdf

windows7-x64

1

Reporte_Es...r).pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    10-10-2022 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FEL_MultiplesSucursales_CFDI_RDU060404367pdfc17641136d968a589ee7f4bf39cd15d31bd8e9fc.msi

  • Size

    6.1MB

  • MD5

    b7547316b4ac6d5a9c91ff7b8b3c0445

  • SHA1

    d5cc4511798967c413df637fcd7a89901e0b5dac

  • SHA256

    d03ad63369b1a3a7220439d6e4537dd7d9820ed7927b63422b8a0ba80c6c9b5a

  • SHA512

    d3ebcd4ced89afd207d9c7576dce89b0c015768f866fda9a4492d6bd518038283d81fe5827cd05bd9cacbcaaa86bf74db6043c903186d4bd5f2fc3cc50ca84e9

  • SSDEEP

    98304:00K/VpvGtGsVveRl/ZHVh/3o8bPZkQpSQo+uCEJSOXmUevoEMwiZZ:07NkHWRRhQ4BkQpxXOXXegtwiD

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\FEL_MultiplesSucursales_CFDI_RDU060404367pdfc17641136d968a589ee7f4bf39cd15d31bd8e9fc.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2216
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 19AAE8D75FE81679928BA81017CDB304
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5012

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSICF8A.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSICF8A.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDD94.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDD94.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDEFD.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDEFD.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDF6B.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDF6B.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE151.tmp
    Filesize

    5.0MB

    MD5

    e5d344a98d63159b4d44f21ef63a54ff

    SHA1

    51dc74864d97eecbde1a60fb1175013d6b812b37

    SHA256

    b8abe10e8bdb076d352b86b1cd0d8ff66c0d906ffdffff8c33ade778fc7063bd

    SHA512

    54814bd379282fa1cadc6e7eb3ff0a11f3ac6da6627847946429b468712da0cc8a47b0243ee07f08ec0c22892c14b33cfb626cd9972d6c9107987a05d5052b15

    Download Submit

  • C:\Windows\Installer\MSIE151.tmp
    Filesize

    5.0MB

    MD5

    e5d344a98d63159b4d44f21ef63a54ff

    SHA1

    51dc74864d97eecbde1a60fb1175013d6b812b37

    SHA256

    b8abe10e8bdb076d352b86b1cd0d8ff66c0d906ffdffff8c33ade778fc7063bd

    SHA512

    54814bd379282fa1cadc6e7eb3ff0a11f3ac6da6627847946429b468712da0cc8a47b0243ee07f08ec0c22892c14b33cfb626cd9972d6c9107987a05d5052b15

    Download Submit

  • C:\Windows\Installer\MSIE151.tmp
    Filesize

    5.0MB

    MD5

    e5d344a98d63159b4d44f21ef63a54ff

    SHA1

    51dc74864d97eecbde1a60fb1175013d6b812b37

    SHA256

    b8abe10e8bdb076d352b86b1cd0d8ff66c0d906ffdffff8c33ade778fc7063bd

    SHA512

    54814bd379282fa1cadc6e7eb3ff0a11f3ac6da6627847946429b468712da0cc8a47b0243ee07f08ec0c22892c14b33cfb626cd9972d6c9107987a05d5052b15

    Download Submit

  • memory/5012-132-0x0000000000000000-mapping.dmp

    Download

  • memory/5012-144-0x0000000002C20000-0x0000000003638000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/5012-146-0x0000000002C20000-0x0000000003638000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/5012-147-0x0000000002C20000-0x0000000003638000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/5012-148-0x0000000002C20000-0x0000000003638000-memory.dmp

    Filesize

    10.1MB

    Download