Overview

overview

8

Static

static

1

Factura6397f.msi

windows10-1703-x64

8

Factura6397f.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    08/02/2023, 12:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Factura6397f.msi

  • Size

    5.7MB

  • MD5

    670ce706b13ae40fa69ec13a469fd073

  • SHA1

    13da05b382ca2c6363fbad6ab6b5866599c2d87e

  • SHA256

    1b03271fa38e387e660eba264e876fe66f37a66e379958af82ff66e2970f1208

  • SHA512

    5cb44791c62c480bfa87989c5236967f00ce9a5c88ababe9776e59ad2de10d11489a515a9397d9ee38f2c813bba4ad2d8b96d31dcf8e29acbb5dba596b7dc4b9

  • SSDEEP

    98304:8w1+jtNWmLBMaa7ALxAv0XbcgtcwR8w0KedLc4mVYZcRVM0nKFRUGpnYetMEAG:8O+/1aktAv0XggtcwR8wzedLToRRKlR

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 11 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Factura6397f.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2856
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D739F9BAEB74016411ECD9DACB783715
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:4768
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4956
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Factura6397f.msi"
      1⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4364

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Installer\MSI693E.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • C:\Windows\Installer\MSI81F7.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • C:\Windows\Installer\MSI864E.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • C:\Windows\Installer\MSI871A.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • C:\Windows\Installer\MSI893F.tmp
            Filesize

            5.2MB

            MD5

            917c0c031ba513bfb678899e212dfeb5

            SHA1

            afca8c7811c1236c0c83f34d67595c8c137db9d4

            SHA256

            3f6880569b3e0faf150701fbb30175a0af36d5c3d69ef5d8208caa9b9e26b5f8

            SHA512

            b0cc985b3b245110c04e3f015c7a0c522fd5d0921a33e69bb500f17704ca7bff6b23a191c72ebdd3e2d67dba88a1a6c69fa4428259615da7c9d72d64cfb48387

            Download Submit

          • \Windows\Installer\MSI693E.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • \Windows\Installer\MSI81F7.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • \Windows\Installer\MSI864E.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • \Windows\Installer\MSI871A.tmp
            Filesize

            376KB

            MD5

            e12c5bcc254c953b1a46d1434804f4d2

            SHA1

            99f67acf34af1294f3c6e5eb521c862e1c772397

            SHA256

            5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

            SHA512

            9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

            Download Submit

          • \Windows\Installer\MSI893F.tmp
            Filesize

            5.2MB

            MD5

            917c0c031ba513bfb678899e212dfeb5

            SHA1

            afca8c7811c1236c0c83f34d67595c8c137db9d4

            SHA256

            3f6880569b3e0faf150701fbb30175a0af36d5c3d69ef5d8208caa9b9e26b5f8

            SHA512

            b0cc985b3b245110c04e3f015c7a0c522fd5d0921a33e69bb500f17704ca7bff6b23a191c72ebdd3e2d67dba88a1a6c69fa4428259615da7c9d72d64cfb48387

            Download Submit

          • \Windows\Installer\MSI893F.tmp
            Filesize

            5.2MB

            MD5

            917c0c031ba513bfb678899e212dfeb5

            SHA1

            afca8c7811c1236c0c83f34d67595c8c137db9d4

            SHA256

            3f6880569b3e0faf150701fbb30175a0af36d5c3d69ef5d8208caa9b9e26b5f8

            SHA512

            b0cc985b3b245110c04e3f015c7a0c522fd5d0921a33e69bb500f17704ca7bff6b23a191c72ebdd3e2d67dba88a1a6c69fa4428259615da7c9d72d64cfb48387

            Download Submit

          • memory/4768-154-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-160-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-129-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-130-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-131-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-132-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-133-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-134-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-135-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-136-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-137-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-138-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-139-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-140-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-141-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-142-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-143-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-144-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-145-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-146-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-147-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-148-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-149-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-150-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-151-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-152-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-153-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-126-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-155-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-156-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-157-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-158-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-159-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-128-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-161-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-162-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-163-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-164-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-165-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-168-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-170-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-169-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-171-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-172-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-173-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-174-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-175-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-176-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-177-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-179-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-178-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-180-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-181-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-182-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-183-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-186-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-125-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-123-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-122-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-121-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-120-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-187-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-188-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-189-0x0000000076F80000-0x000000007710E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4768-253-0x0000000004DD0000-0x0000000005833000-memory.dmp

            Filesize

            10.4MB

            Download

          • memory/4768-287-0x0000000004DD0000-0x0000000005833000-memory.dmp

            Filesize

            10.4MB

            Download