Overview

overview

7

Static

static

1

NX2EE2T79J...K2.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    300s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2023 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NX2EE2T79JXBRT4DUK2.msi

  • Size

    125.2MB

  • MD5

    ae34f3c7b957c8d47dda9c9f2698b937

  • SHA1

    85783fe09491f7bb2a2cc1944abd1b53c53cfd17

  • SHA256

    d98713219919e401c4dd2c7dad96bc8a2c2a786f5725c0f609a2ad23a30b53fe

  • SHA512

    54f1d770a41079ad367775d2c5948b33daea5ecbba2921b1c17459266355399a572ce7b6e5f4178502161e1778c4bbc1ea837ff109b459906a74b20787560705

  • SSDEEP

    98304:a7mwfuKv9qCElx4lQd9yHSrE+/uFdOkXdcF3Q7OG/6PH85N:a7JAC/W97n14a

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NX2EE2T79JXBRT4DUK2.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4944
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F9483E92F9208031472FB8B3C79BC1FB
      2⤵
      • Loads dropped DLL
      PID:3300
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1896

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Installer\MSI81D7.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI81D7.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI8514.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI8514.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI864E.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI864E.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI864E.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI871A.tmp
      Filesize

      1.0MB

      MD5

      5566149fc623f29d55ca72018369c780

      SHA1

      8ae947ab0ae9182f1c09bd266ff360c0e8b88326

      SHA256

      a8c8ff2a0e754059b1f44ef69df492ef3cd582f3750f8c374037c9621069c608

      SHA512

      f9f49c930c3ead40f208482ab6f70a21a8495fd1c50b56a3f689eb53e8e7b8ca9a642bae2199fc80b6099bd3fdd3c4cfcd0d3a8cada47ebf23c7fcef87064cb5

      Download Submit

    • C:\Windows\Installer\MSI871A.tmp
      Filesize

      1.0MB

      MD5

      5566149fc623f29d55ca72018369c780

      SHA1

      8ae947ab0ae9182f1c09bd266ff360c0e8b88326

      SHA256

      a8c8ff2a0e754059b1f44ef69df492ef3cd582f3750f8c374037c9621069c608

      SHA512

      f9f49c930c3ead40f208482ab6f70a21a8495fd1c50b56a3f689eb53e8e7b8ca9a642bae2199fc80b6099bd3fdd3c4cfcd0d3a8cada47ebf23c7fcef87064cb5

      Download Submit

    • C:\Windows\Installer\MSI88A1.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI88A1.tmp
      Filesize

      557KB

      MD5

      e1423fc5ddaedc0152a09f4796243e31

      SHA1

      c92cec1fb6093d6922fe64719e583048fca12153

      SHA256

      3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

      SHA512

      fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

      Download Submit

    • C:\Windows\Installer\MSI90C1.tmp
      Filesize

      121.5MB

      MD5

      c6c9266224c4af19d91d3c50b9eef53c

      SHA1

      32cdef92b41fc5d0f3bd2f398897335e4cc89535

      SHA256

      1d473563b8811bda250b03faa09d10c1ef18003f82a6dbe04cb8306b22ecdbda

      SHA512

      1ef4cb46d50156bfbc5e263efcd1303b0c14e43b92a2b764186124f462d806ba84d7f42fb21d2d375d0af9edc87ac913a4b7ccd364b1db35704cbb02cac64dfa

      Download Submit

    • C:\Windows\Installer\MSI90C1.tmp
      Filesize

      121.5MB

      MD5

      c6c9266224c4af19d91d3c50b9eef53c

      SHA1

      32cdef92b41fc5d0f3bd2f398897335e4cc89535

      SHA256

      1d473563b8811bda250b03faa09d10c1ef18003f82a6dbe04cb8306b22ecdbda

      SHA512

      1ef4cb46d50156bfbc5e263efcd1303b0c14e43b92a2b764186124f462d806ba84d7f42fb21d2d375d0af9edc87ac913a4b7ccd364b1db35704cbb02cac64dfa

      Download Submit

    • C:\Windows\Installer\MSI90C1.tmp
      Filesize

      121.5MB

      MD5

      c6c9266224c4af19d91d3c50b9eef53c

      SHA1

      32cdef92b41fc5d0f3bd2f398897335e4cc89535

      SHA256

      1d473563b8811bda250b03faa09d10c1ef18003f82a6dbe04cb8306b22ecdbda

      SHA512

      1ef4cb46d50156bfbc5e263efcd1303b0c14e43b92a2b764186124f462d806ba84d7f42fb21d2d375d0af9edc87ac913a4b7ccd364b1db35704cbb02cac64dfa

      Download Submit

    • memory/3300-160-0x00000000033C0000-0x00000000043C0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/3300-161-0x00000000033C0000-0x00000000043C0000-memory.dmp

      Filesize

      16.0MB

      Download