Overview

overview

7

Static

static

7z2201_setup.msi

windows10-1703-x64

7

7z2201_setup.msi

windows10-2004-x64

7

Resubmissions

27-01-2023 00:15

230127-ajw6eafh72 7

26-01-2023 13:57

230126-q9r75sdh44 7

Analysis

  • max time kernel
    50s
  • max time network
    70s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-01-2023 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7z2201_setup.msi

  • Size

    2.4MB

  • MD5

    48ac303566e6f8c8f56c9472fb14d9d1

  • SHA1

    e3d9786e86f26261beb2f98fc8f3e289f2f5286b

  • SHA256

    a0133fc64c0bb7215aaa57c142357070d2d2f782039c3b4191786ad3fbd224cf

  • SHA512

    88265ee72da76523617c23c232f4fc9d3a9a9425280193216487157b378837d5cc780157e30675d2b2ef5a442050b6288bc2a9db244e9557781b33d61d7385e3

  • SSDEEP

    49152:T0uYUMV3eVougTDAFPsJ6ma8zotlmfwrgxMy+y29IAan6DrH4vLNgmUESIEjPMNs:TYUMV39hAlAfwrty04veHjPMNaG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\7z2201_setup.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1768
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D461C245162D0C8C8F744D1A2DB631F1 C
      2⤵
      • Loads dropped DLL
      PID:4872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI8C28.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIA994.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIABF6.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIAD3F.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIAE3A.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIAFD2.tmp
    Filesize

    837KB

    MD5

    e76f80f8c9a51813813c351e35bf0755

    SHA1

    ec69253f3fd681d2829d60f3a14a48c779fabbb4

    SHA256

    87388281ef2eb907b4ad843c8bc0e3ec13dae903edfe53b29f78557588eb5161

    SHA512

    134a7be4012dc52763e5ac28eed7ce8e423a913f17449a672ce9f1192e69e5e00c62bce1f0374f76443832345eded1668f28fb9fbe7d287fc51dfdc199911dc5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSI8C28.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIA994.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIABF6.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIAD3F.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIAE3A.tmp
    Filesize

    377KB

    MD5

    af61221c6f4e9ab3ac2440b25d751868

    SHA1

    094f68ff354ac4c8dbdfe4689cb821f8d25880b8

    SHA256

    1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

    SHA512

    c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

    Download Submit

  • \Users\Admin\AppData\Local\Temp\MSIAFD2.tmp
    Filesize

    837KB

    MD5

    e76f80f8c9a51813813c351e35bf0755

    SHA1

    ec69253f3fd681d2829d60f3a14a48c779fabbb4

    SHA256

    87388281ef2eb907b4ad843c8bc0e3ec13dae903edfe53b29f78557588eb5161

    SHA512

    134a7be4012dc52763e5ac28eed7ce8e423a913f17449a672ce9f1192e69e5e00c62bce1f0374f76443832345eded1668f28fb9fbe7d287fc51dfdc199911dc5

    Download Submit

  • memory/4872-160-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-166-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-135-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-136-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-137-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-138-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-139-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-140-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-141-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-142-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-143-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-144-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-145-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-146-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-147-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-148-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-149-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-150-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-151-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-152-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-154-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-155-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-156-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-157-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-158-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-159-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-133-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-161-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-153-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-162-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-163-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-164-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-165-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-134-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-167-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-168-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-169-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-170-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-173-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-174-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-175-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-177-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-176-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-179-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-180-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-178-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-181-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-183-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-182-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-185-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-186-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-187-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-188-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-184-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-191-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-192-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-131-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-130-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-128-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-127-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-126-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-125-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-193-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4872-194-0x0000000076F50000-0x00000000770DE000-memory.dmp

    Filesize

    1.6MB

    Download