Overview

overview

7

Static

static

1

a0133fc64c...cf.msi

windows7-x64

7

a0133fc64c...cf.msi

windows10-1703-x64

7

a0133fc64c...cf.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    160s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-02-2023 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0133fc64c0bb7215aaa57c142357070d2d2f782039c3b4191786ad3fbd224cf.msi

  • Size

    2.4MB

  • MD5

    48ac303566e6f8c8f56c9472fb14d9d1

  • SHA1

    e3d9786e86f26261beb2f98fc8f3e289f2f5286b

  • SHA256

    a0133fc64c0bb7215aaa57c142357070d2d2f782039c3b4191786ad3fbd224cf

  • SHA512

    88265ee72da76523617c23c232f4fc9d3a9a9425280193216487157b378837d5cc780157e30675d2b2ef5a442050b6288bc2a9db244e9557781b33d61d7385e3

  • SSDEEP

    49152:T0uYUMV3eVougTDAFPsJ6ma8zotlmfwrgxMy+y29IAan6DrH4vLNgmUESIEjPMNs:TYUMV39hAlAfwrty04veHjPMNaG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\a0133fc64c0bb7215aaa57c142357070d2d2f782039c3b4191786ad3fbd224cf.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2968
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 476669614D02F9DE18E74A7CBCE5055B C
      2⤵
      • Loads dropped DLL
      PID:4768
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3508

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\MSIA6D4.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIC45F.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIC8E4.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSICFEA.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSID0A7.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSID21F.tmp
      Filesize

      837KB

      MD5

      e76f80f8c9a51813813c351e35bf0755

      SHA1

      ec69253f3fd681d2829d60f3a14a48c779fabbb4

      SHA256

      87388281ef2eb907b4ad843c8bc0e3ec13dae903edfe53b29f78557588eb5161

      SHA512

      134a7be4012dc52763e5ac28eed7ce8e423a913f17449a672ce9f1192e69e5e00c62bce1f0374f76443832345eded1668f28fb9fbe7d287fc51dfdc199911dc5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSIA6D4.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSIC45F.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSIC8E4.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSICFEA.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSID0A7.tmp
      Filesize

      377KB

      MD5

      af61221c6f4e9ab3ac2440b25d751868

      SHA1

      094f68ff354ac4c8dbdfe4689cb821f8d25880b8

      SHA256

      1e587d8593152b2538da7bdcb13880c45d256e84baa7e94c00ec4de08ab018d8

      SHA512

      c695d101c761812c1805d8ee54b8fed73869d3680372368ec3de90dc25ab1c27aa08f771dc274854ba051e0afeb17827c01b17e2bed33cb87ff0bdc884f6b791

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSID21F.tmp
      Filesize

      837KB

      MD5

      e76f80f8c9a51813813c351e35bf0755

      SHA1

      ec69253f3fd681d2829d60f3a14a48c779fabbb4

      SHA256

      87388281ef2eb907b4ad843c8bc0e3ec13dae903edfe53b29f78557588eb5161

      SHA512

      134a7be4012dc52763e5ac28eed7ce8e423a913f17449a672ce9f1192e69e5e00c62bce1f0374f76443832345eded1668f28fb9fbe7d287fc51dfdc199911dc5

      Download Submit

    • memory/4768-157-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-164-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-133-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-134-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-135-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-136-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-137-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-138-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-139-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-140-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-141-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-142-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-143-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-144-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-146-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-147-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-145-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-148-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-149-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-150-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-151-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-152-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-154-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-153-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-155-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-156-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-131-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-158-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-159-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-160-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-161-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-162-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-163-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-132-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-166-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-167-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-168-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-165-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-171-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-172-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-173-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-174-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-175-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-177-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-176-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-179-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-180-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-178-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-181-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-182-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-184-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-183-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-185-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-186-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-189-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-190-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-191-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-129-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-128-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-126-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-125-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-124-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-123-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4768-192-0x0000000077220000-0x00000000773AE000-memory.dmp

      Filesize

      1.6MB

      Download