Overview

overview

7

Static

static

1

JULRDDYJVXCWSI.msi

windows7-x64

7

JULRDDYJVXCWSI.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2023, 11:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    JULRDDYJVXCWSI.msi

  • Size

    15.7MB

  • MD5

    cc1500fc9f497cfc47a35482bbda7f4b

  • SHA1

    2b170a77e3a4927a9180e8fb1b12af0c7cbec50f

  • SHA256

    027af12ab56369384794d451113a419d0ead090bb16c88ac3caa0eca33adf731

  • SHA512

    3f7379ada650cd6db2dc563a0b08fc40b86bbfbc644ebad555d93732be5826f52bf6c6b9aed8e45d71c627ec2605cdfeb3846e1bd21634854a090569dbe4d19b

  • SSDEEP

    393216:6hpKA95QS3UF688FWyhj9nEs0sCIeRREFjasK:yApFX80yhj9Es0sYEFS

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JULRDDYJVXCWSI.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4508
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D7E103D8C76C3DB965B9B7DE3300E1AA
      2⤵
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:960

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Installer\MSI6A38.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI6A38.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI7209.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI7209.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI72D5.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI72D5.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI72D5.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI7363.tmp
          Filesize

          861KB

          MD5

          eb4f68ad85e71020a403ba0e6ac4517d

          SHA1

          b853a3b6163a63956850b54c4c5ab9e96eafb29f

          SHA256

          e54f1d6ea1352d94a90b97762380de26806b93e2c434540e902e8054d62b8e8e

          SHA512

          4b1b456679d848fd601bbb4d895de31c6076981845840dc1aece63664d81b76d8788c78797a81f737c3402bb3c9ed01ebbf02eb56c39ba50625e7e90c5156c12

          Download Submit

        • C:\Windows\Installer\MSI7363.tmp
          Filesize

          861KB

          MD5

          eb4f68ad85e71020a403ba0e6ac4517d

          SHA1

          b853a3b6163a63956850b54c4c5ab9e96eafb29f

          SHA256

          e54f1d6ea1352d94a90b97762380de26806b93e2c434540e902e8054d62b8e8e

          SHA512

          4b1b456679d848fd601bbb4d895de31c6076981845840dc1aece63664d81b76d8788c78797a81f737c3402bb3c9ed01ebbf02eb56c39ba50625e7e90c5156c12

          Download Submit

        • C:\Windows\Installer\MSI75A6.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI75A6.tmp
          Filesize

          381KB

          MD5

          e2b1df34e19a3ce763747b12ab33fdd2

          SHA1

          e9cc67780be7e148950870ee4a812349b6255f39

          SHA256

          14daaf1090e11ab1abb01c0bd48d5435c617da9bb5a4dd019df8a5813ed3b3e8

          SHA512

          a0301667b341a5806f7a6eccde40c22f48749d7002ea9d6a656df36088a6c5398466c259a5d1e6a8457f1468f56a220b1490f34c25859172cf8cf5e0d263eff0

          Download Submit

        • C:\Windows\Installer\MSI7923.tmp
          Filesize

          11.5MB

          MD5

          89ea9a83ba22931be0e97494ad0763eb

          SHA1

          e488984ba6663b32f3543aab8c96f204dad57e61

          SHA256

          c0f3a78bb62a91f80dd2b9f0fe13260b572d6be9961aa29d85d20a094d65fccb

          SHA512

          5b036fa6371808201309408dbd06baa9ab22ef2ee855a67074e6d15f24f6b99c7719c8165760fe6deeef34d6063509f2966fa330b5053212617801973c91f85d

          Download Submit

        • C:\Windows\Installer\MSI7923.tmp
          Filesize

          11.5MB

          MD5

          89ea9a83ba22931be0e97494ad0763eb

          SHA1

          e488984ba6663b32f3543aab8c96f204dad57e61

          SHA256

          c0f3a78bb62a91f80dd2b9f0fe13260b572d6be9961aa29d85d20a094d65fccb

          SHA512

          5b036fa6371808201309408dbd06baa9ab22ef2ee855a67074e6d15f24f6b99c7719c8165760fe6deeef34d6063509f2966fa330b5053212617801973c91f85d

          Download Submit

        • C:\Windows\Installer\MSI7923.tmp
          Filesize

          11.5MB

          MD5

          89ea9a83ba22931be0e97494ad0763eb

          SHA1

          e488984ba6663b32f3543aab8c96f204dad57e61

          SHA256

          c0f3a78bb62a91f80dd2b9f0fe13260b572d6be9961aa29d85d20a094d65fccb

          SHA512

          5b036fa6371808201309408dbd06baa9ab22ef2ee855a67074e6d15f24f6b99c7719c8165760fe6deeef34d6063509f2966fa330b5053212617801973c91f85d

          Download Submit

        • memory/960-165-0x0000000003030000-0x0000000003031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-166-0x0000000003050000-0x0000000003051000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-167-0x0000000003060000-0x0000000003061000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-168-0x0000000004D10000-0x0000000004D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-169-0x0000000004D20000-0x0000000004D21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-170-0x0000000004D30000-0x0000000004D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-171-0x0000000004D40000-0x0000000004D41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-172-0x0000000004D50000-0x0000000004D51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-173-0x00000000031F0000-0x0000000004BFD000-memory.dmp

          Filesize

          26.1MB

          Download

        • memory/960-175-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/960-176-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

          Filesize

          4KB

          Download