Overview

overview

10

Static

static

Box-x64.msi

windows7-x64

8

Box-x64.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2022 07:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Box-x64.msi

  • Size

    39.5MB

  • MD5

    197f631b87b5f033e168db6f86991d8b

  • SHA1

    10bd609e5072458f57dca689bfbf34c1a5f29ca2

  • SHA256

    d1c544e1f137e4c985a470cd79450dc7a163cfa5dcda4b90960c2f5013c836d0

  • SHA512

    e7b473fb91dac4d2512a97a26555eca95780150dc03c982965e041c950d2bc49af44bd7f6b2d95bce7a08a3a1d20a59fce84f09d5618b9efa24c96e61ea731c8

  • SSDEEP

    786432:h35MzGfBrWnHB/AZMNC2IqdBN2AWd9TC8auNJv5bljJ/DsB8i52wGi+D+EtbPXPT:hSSAHB/ogC2/2hZCkJvnJbo308EtbfPs

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 8 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious use of AdjustPrivilegeToken 57 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Box-x64.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1060
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 32D95C8615426E538559A8E981310555
      2⤵
      • Loads dropped DLL
      PID:836
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:680
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002C8" "00000000000003D0"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    471B

    MD5

    da5a9f149955d936a31dc5e456666aac

    SHA1

    195238d41c1e13448f349f43bb295ef2d55cb47a

    SHA256

    79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

    SHA512

    60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_1087D831978A422F28E1D1E590C230EB
    Filesize

    727B

    MD5

    b1d53fde6c0504ef36a7dd1d1ac8d06d

    SHA1

    f909a4c4a10a87bd867755e2c9747885536269d1

    SHA256

    896cdfb02e73d12bb56df3b8919784f48f033aa7fb8553f6ab135df9c953d6ce

    SHA512

    d3d18f4595998acfb66d5cd3ed5d61af598499eef8b506705b9063f996841014d8d7a8bd989ee23c5bb6441689e6ce07706c14de7378851535f044b9e99411be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    727B

    MD5

    e16ae940b7bcfea2b04f09d179ae410d

    SHA1

    1e2bc3f93733aab8e3337adcff19036829b73bed

    SHA256

    52f32d49ac49db0b7d49020dfe463332e066efb83677c53d2643fda36e319d56

    SHA512

    3a788959faadba8f15808d599226e5011648c28d60db0538b20305fa212a354c987d60b2480954162130996c83ab86fc8076fcf492a96dc5aec0a1f173b7fb60

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
    Filesize

    430B

    MD5

    eb2a5c8c50ff35d775be67ed961f26e6

    SHA1

    98966454dfa3522216de4ab4e619c2e5d33203d3

    SHA256

    d9c374481480a2ed643b60b0afce4ed5b5da35b56a2b96d3f49d8e229f6cc276

    SHA512

    bdab8018f46be04bd262c5769df0d34b0e1508f499df87cef11da0b91c07ab4754418dc5130e362f9e0339248d1773b0efb619a4d753704583ae25c10e67576b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_1087D831978A422F28E1D1E590C230EB
    Filesize

    434B

    MD5

    3da1e40266e84c4a29cbf959878440a8

    SHA1

    1c42bfbf795a4ceaa2ae03dbacd21a4edf0e1080

    SHA256

    1b35814fadcb77bbdd1a8bb4d45ebcfdc8507bc7e70b5994b7adea14cf7bccde

    SHA512

    65480095a94dc70e10a3822cb64454aecf8f5660be459edb3d1fb0ddfbc66c1ed0f0f9e06a73393bf0ba697820f7ce27e041d1a072f6e8e2928d74ec69e9baba

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    4ec295fc859db75052bacf17110708c3

    SHA1

    ddf99679ef84c26298877040d9e7883b6e48291f

    SHA256

    4e3b1cf69cd42134640cb592df993d7b3fa2fee78f45933a75f6ecccd676e379

    SHA512

    370ec0bb863c5396e0db594a9d1b8944e5efa32dbf43a6f8a03caf344fd2dc665a38762d9c94b265d4ef4c084e4def1d0777bd66a8e1bd33cbcf1a6826e85cc5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
    Filesize

    442B

    MD5

    166cfe5a000447f15ac264963e23ca9e

    SHA1

    7cf0d910d9a48847885abfbd6168be7881023f66

    SHA256

    f8d9f17335d6baf758d361e2ff315d6c088a217f1357c8770dce709827576857

    SHA512

    8a6cb7b405e58d8f5166255ca1d30c8c76a7363d421527a7441d76b9c9b1dfdbcf01f6733a27d9a3dfa20a433df0df946c457692d974052c524fdefe70e64d50

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\MSIc0c32.LOG
    Filesize

    20KB

    MD5

    4b5759d536d50d4656d607ca0e1cb2b1

    SHA1

    f2644366124632af2a872755fece366e558a79d5

    SHA256

    a99a231092c9209fe098fbb9705459a1a4e4978a6164d4ca1704a915a1e4908f

    SHA512

    75fe3c79e74e77b54d82a018c6d5bfb1c0b1c98f0b696cd1afa8128c5c35469ae1ab966cca06b567165930dcb751a989b9967274bb04854b9008618513b981af

    Download Submit
  • C:\Windows\Installer\MSIA22C.tmp
    Filesize

    243KB

    MD5

    aaab8d3f7e9e8f143a17a0d15a1d1715

    SHA1

    8aca4e362e4cdc68c2f8f8f35f200126716f9c74

    SHA256

    fd3d6c50c3524063f7c28f815838e0fb06fd4ebff094e7b88902334abd463889

    SHA512

    1999224f57cd453d5d4d7d678144e0b719290ae925bb3574ce28ae787dc406a6b3df8e44475b12b9cdc0ff43d2979f626f08291304c66cdca536cd1897715c9a

    Download Submit
  • C:\Windows\Installer\MSIA4BC.tmp
    Filesize

    243KB

    MD5

    aaab8d3f7e9e8f143a17a0d15a1d1715

    SHA1

    8aca4e362e4cdc68c2f8f8f35f200126716f9c74

    SHA256

    fd3d6c50c3524063f7c28f815838e0fb06fd4ebff094e7b88902334abd463889

    SHA512

    1999224f57cd453d5d4d7d678144e0b719290ae925bb3574ce28ae787dc406a6b3df8e44475b12b9cdc0ff43d2979f626f08291304c66cdca536cd1897715c9a

    Download Submit
  • C:\Windows\Installer\MSIAB61.tmp
    Filesize

    380KB

    MD5

    3eb31b9a689d506f3b1d3738d28ab640

    SHA1

    1681fe3bbdcbe617a034b092ea77249dd4c3e986

    SHA256

    3a7d9cdd6be9ce0e4d01e9894242b497536336bf1850fb0a814a369c8a189c46

    SHA512

    2598e39f4fd139775bbb040218af802db722d4dca99a4230edfde282362b433c5e30c15d5385063aa76bff916031b0e43586ef05d2ada4edc3c1410371b98e09

    Download Submit
  • \Windows\Installer\MSIA22C.tmp
    Filesize

    243KB

    MD5

    aaab8d3f7e9e8f143a17a0d15a1d1715

    SHA1

    8aca4e362e4cdc68c2f8f8f35f200126716f9c74

    SHA256

    fd3d6c50c3524063f7c28f815838e0fb06fd4ebff094e7b88902334abd463889

    SHA512

    1999224f57cd453d5d4d7d678144e0b719290ae925bb3574ce28ae787dc406a6b3df8e44475b12b9cdc0ff43d2979f626f08291304c66cdca536cd1897715c9a

    Download Submit
  • \Windows\Installer\MSIA4BC.tmp
    Filesize

    243KB

    MD5

    aaab8d3f7e9e8f143a17a0d15a1d1715

    SHA1

    8aca4e362e4cdc68c2f8f8f35f200126716f9c74

    SHA256

    fd3d6c50c3524063f7c28f815838e0fb06fd4ebff094e7b88902334abd463889

    SHA512

    1999224f57cd453d5d4d7d678144e0b719290ae925bb3574ce28ae787dc406a6b3df8e44475b12b9cdc0ff43d2979f626f08291304c66cdca536cd1897715c9a

    Download Submit
  • \Windows\Installer\MSIAB61.tmp
    Filesize

    380KB

    MD5

    3eb31b9a689d506f3b1d3738d28ab640

    SHA1

    1681fe3bbdcbe617a034b092ea77249dd4c3e986

    SHA256

    3a7d9cdd6be9ce0e4d01e9894242b497536336bf1850fb0a814a369c8a189c46

    SHA512

    2598e39f4fd139775bbb040218af802db722d4dca99a4230edfde282362b433c5e30c15d5385063aa76bff916031b0e43586ef05d2ada4edc3c1410371b98e09

    Download Submit
  • memory/836-64-0x0000000000000000-mapping.dmp
    Download
  • memory/836-65-0x0000000075021000-0x0000000075023000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1060-54-0x000007FEFBDE1000-0x000007FEFBDE3000-memory.dmp
    Filesize

    8KB

    Download