Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

FACT63e38.msi

windows10-1703-x64

8

FACT63e38.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    959s
  • max time network
    962s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    08/02/2023, 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FACT63e38.msi

  • Size

    7.2MB

  • MD5

    d2257b6ad231fe4c31cae810117439df

  • SHA1

    9ab0e4e89c8d23821f23dba317d4fdd769a6c045

  • SHA256

    cc5960106ff148a98cb9bdfc8745a78e23f45b9718aced3ccc92b1666e1c2681

  • SHA512

    8a40eacd426eeb788b4202ecdf4471932af2ba7192b35f37d1f076c313413623ee079cb78cbd0630586c4c92b81d4e808cbb1fe95548096bd02cf9f45b17c643

  • SSDEEP

    98304:eYroXAWTb4fZxwIdtkO3TfZctulgj+jV4GPrNaVtETimSc53Q5aVkuCDioRA+Plv:NoFcx7DDetuLj55nTimSc534neo5l7

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\FACT63e38.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4880
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 446C575504F61B9D522C9A56A2A75606
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2464

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSI696D.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI696D.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6C2D.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6C2D.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6CCA.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6CCA.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6D48.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6D48.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit

  • C:\Windows\Installer\MSI6F0F.tmp
    Filesize

    6.6MB

    MD5

    bcad5eff498a55b71e4a171a3bc7fae3

    SHA1

    df0b5fa0baa2601393b8826a63483d45174524ba

    SHA256

    d6b729eb535624209387355cd8992c1deb90c56a15a52c4a8005071b3ed3c63f

    SHA512

    93a4cbc5d9101cc54ea9b45b0244b3ab6f0188f6987d52715e6b2a49bbae44f06a02a43e09725be5714747b7d2d339cb12641f98632899591c28cadc1e58b53a

    Download Submit

  • C:\Windows\Installer\MSI6F0F.tmp
    Filesize

    6.6MB

    MD5

    bcad5eff498a55b71e4a171a3bc7fae3

    SHA1

    df0b5fa0baa2601393b8826a63483d45174524ba

    SHA256

    d6b729eb535624209387355cd8992c1deb90c56a15a52c4a8005071b3ed3c63f

    SHA512

    93a4cbc5d9101cc54ea9b45b0244b3ab6f0188f6987d52715e6b2a49bbae44f06a02a43e09725be5714747b7d2d339cb12641f98632899591c28cadc1e58b53a

    Download Submit

  • C:\Windows\Installer\MSI6F0F.tmp
    Filesize

    6.6MB

    MD5

    bcad5eff498a55b71e4a171a3bc7fae3

    SHA1

    df0b5fa0baa2601393b8826a63483d45174524ba

    SHA256

    d6b729eb535624209387355cd8992c1deb90c56a15a52c4a8005071b3ed3c63f

    SHA512

    93a4cbc5d9101cc54ea9b45b0244b3ab6f0188f6987d52715e6b2a49bbae44f06a02a43e09725be5714747b7d2d339cb12641f98632899591c28cadc1e58b53a

    Download Submit

  • memory/2464-144-0x00000000029C0000-0x00000000039A4000-memory.dmp

    Filesize

    15.9MB

    Download

  • memory/2464-147-0x00000000029C0000-0x00000000039A4000-memory.dmp

    Filesize

    15.9MB

    Download