Overview
overview
6Static
static
1Resanance.msi
windows7-x64
6Resanance.msi
windows10-2004-x64
6VBCable_Dr...el.exe
windows7-x64
1VBCable_Dr...el.exe
windows10-2004-x64
1VBCable_Dr...up.exe
windows7-x64
1VBCable_Dr...up.exe
windows10-2004-x64
1VBCable_Dr...64.exe
windows7-x64
1VBCable_Dr...64.exe
windows10-2004-x64
1VBCable_Dr...03.exe
windows7-x64
VBCable_Dr...03.exe
windows10-2004-x64
VBCable_Dr...ta.exe
windows7-x64
VBCable_Dr...ta.exe
windows10-2004-x64
VBCable_Dr...n7.exe
windows7-x64
VBCable_Dr...n7.exe
windows10-2004-x64
VBCable_Dr...03.exe
windows7-x64
VBCable_Dr...03.exe
windows10-2004-x64
VBCable_Dr...ta.exe
windows7-x64
VBCable_Dr...ta.exe
windows10-2004-x64
VBCable_Dr...n7.exe
windows7-x64
VBCable_Dr...n7.exe
windows10-2004-x64
VBCable_Dr...xp.exe
windows7-x64
VBCable_Dr...xp.exe
windows10-2004-x64
Analysis
-
max time kernel
134s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
14/05/2023, 01:50
Static task
static1
Behavioral task
behavioral1
Sample
Resanance.msi
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
Resanance.msi
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
VBCable_Driver_Pack43/VBCABLE_ControlPanel.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral4
Sample
VBCable_Driver_Pack43/VBCABLE_ControlPanel.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
VBCable_Driver_Pack43/VBCABLE_Setup.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral6
Sample
VBCable_Driver_Pack43/VBCABLE_Setup.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
VBCable_Driver_Pack43/VBCABLE_Setup_x64.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral8
Sample
VBCable_Driver_Pack43/VBCABLE_Setup_x64.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
VBCable_Driver_Pack43/vbaudio_cable64_2003.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral10
Sample
VBCable_Driver_Pack43/vbaudio_cable64_2003.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
VBCable_Driver_Pack43/vbaudio_cable64_vista.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral12
Sample
VBCable_Driver_Pack43/vbaudio_cable64_vista.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
VBCable_Driver_Pack43/vbaudio_cable64_win7.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral14
Sample
VBCable_Driver_Pack43/vbaudio_cable64_win7.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
VBCable_Driver_Pack43/vbaudio_cable_2003.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral16
Sample
VBCable_Driver_Pack43/vbaudio_cable_2003.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
VBCable_Driver_Pack43/vbaudio_cable_vista.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral18
Sample
VBCable_Driver_Pack43/vbaudio_cable_vista.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
VBCable_Driver_Pack43/vbaudio_cable_win7.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral20
Sample
VBCable_Driver_Pack43/vbaudio_cable_win7.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
VBCable_Driver_Pack43/vbaudio_cable_xp.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral22
Sample
VBCable_Driver_Pack43/vbaudio_cable_xp.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
Resanance.msi
-
Size
93.4MB
-
MD5
e39eaf13bf286d05580abc22071a2cab
-
SHA1
575e3441a2c0d841400107a49fbdc867831db6f3
-
SHA256
d1d2167fb741c96ba88b843647bd95ff36d28c5c5e15e3a5390f5583f742d9f2
-
SHA512
b54462340c6508912b5ee46f4cff39adf6066d2a0332a256f0f6497643f60cf3b052e56b2f083a31f9b93d6c68cc9db946daa5687aeed1183d4a0a8156ebd776
-
SSDEEP
1572864:BQbYdb6tvbSp0PORauFdIPuV6kRjHsW1pXg4OTEx/AORJb1d501oQiD8cpSH1Kqj:KbYN6tvbS22QuFRV6LWHQxQx/LRzj01T
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\X: msiexec.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
description pid Process Token: SeShutdownPrivilege 1728 msiexec.exe Token: SeIncreaseQuotaPrivilege 1728 msiexec.exe Token: SeSecurityPrivilege 2296 msiexec.exe Token: SeCreateTokenPrivilege 1728 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 1728 msiexec.exe Token: SeLockMemoryPrivilege 1728 msiexec.exe Token: SeIncreaseQuotaPrivilege 1728 msiexec.exe Token: SeMachineAccountPrivilege 1728 msiexec.exe Token: SeTcbPrivilege 1728 msiexec.exe Token: SeSecurityPrivilege 1728 msiexec.exe Token: SeTakeOwnershipPrivilege 1728 msiexec.exe Token: SeLoadDriverPrivilege 1728 msiexec.exe Token: SeSystemProfilePrivilege 1728 msiexec.exe Token: SeSystemtimePrivilege 1728 msiexec.exe Token: SeProfSingleProcessPrivilege 1728 msiexec.exe Token: SeIncBasePriorityPrivilege 1728 msiexec.exe Token: SeCreatePagefilePrivilege 1728 msiexec.exe Token: SeCreatePermanentPrivilege 1728 msiexec.exe Token: SeBackupPrivilege 1728 msiexec.exe Token: SeRestorePrivilege 1728 msiexec.exe Token: SeShutdownPrivilege 1728 msiexec.exe Token: SeDebugPrivilege 1728 msiexec.exe Token: SeAuditPrivilege 1728 msiexec.exe Token: SeSystemEnvironmentPrivilege 1728 msiexec.exe Token: SeChangeNotifyPrivilege 1728 msiexec.exe Token: SeRemoteShutdownPrivilege 1728 msiexec.exe Token: SeUndockPrivilege 1728 msiexec.exe Token: SeSyncAgentPrivilege 1728 msiexec.exe Token: SeEnableDelegationPrivilege 1728 msiexec.exe Token: SeManageVolumePrivilege 1728 msiexec.exe Token: SeImpersonatePrivilege 1728 msiexec.exe Token: SeCreateGlobalPrivilege 1728 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1728 msiexec.exe
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Resanance.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1728
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2296