5396c6c41584959beea2b5058c5e90d776d2908fbdfaeb08cda924c00b9bd9db

Resubmissions

13/07/2023, 06:18

230713-g23jgafe73 8

24/06/2023, 01:22

230624-bq8nfshe97 8

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2023, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChatGPT4 V2.msi
Size

1.3MB
MD5

0f77fb52cbe9489be260f739f4cbfce0
SHA1

28236b7b22ad00cfb14b7c04940a1dcb75262538
SHA256

5396c6c41584959beea2b5058c5e90d776d2908fbdfaeb08cda924c00b9bd9db
SHA512

d1debb3fb41df91b1e2173a6784b6be527713c2ca9228f0b22b07e2f4dbf95824652463d2ca767bd5f4d183667925aceabcbcaa5e048162fe60b7c2b33063b71
SSDEEP

24576:CHCSlEKSDB8pDESD30TidMgWZ5H1Wruyi4QX851wfM/3F:CHCZDB8pDESD30TimgS5VWha851wfM/1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2292	MsiExec.exe
2292	MsiExec.exe
2292	MsiExec.exe
2292	MsiExec.exe
2292	MsiExec.exe
2292	MsiExec.exe
2292	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1764	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1764	msiexec.exe
Token: SeSecurityPrivilege	5076	msiexec.exe
Token: SeCreateTokenPrivilege	1764	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1764	msiexec.exe
Token: SeLockMemoryPrivilege	1764	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1764	msiexec.exe
Token: SeMachineAccountPrivilege	1764	msiexec.exe
Token: SeTcbPrivilege	1764	msiexec.exe
Token: SeSecurityPrivilege	1764	msiexec.exe
Token: SeTakeOwnershipPrivilege	1764	msiexec.exe
Token: SeLoadDriverPrivilege	1764	msiexec.exe
Token: SeSystemProfilePrivilege	1764	msiexec.exe
Token: SeSystemtimePrivilege	1764	msiexec.exe
Token: SeProfSingleProcessPrivilege	1764	msiexec.exe
Token: SeIncBasePriorityPrivilege	1764	msiexec.exe
Token: SeCreatePagefilePrivilege	1764	msiexec.exe
Token: SeCreatePermanentPrivilege	1764	msiexec.exe
Token: SeBackupPrivilege	1764	msiexec.exe
Token: SeRestorePrivilege	1764	msiexec.exe
Token: SeShutdownPrivilege	1764	msiexec.exe
Token: SeDebugPrivilege	1764	msiexec.exe
Token: SeAuditPrivilege	1764	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1764	msiexec.exe
Token: SeChangeNotifyPrivilege	1764	msiexec.exe
Token: SeRemoteShutdownPrivilege	1764	msiexec.exe
Token: SeUndockPrivilege	1764	msiexec.exe
Token: SeSyncAgentPrivilege	1764	msiexec.exe
Token: SeEnableDelegationPrivilege	1764	msiexec.exe
Token: SeManageVolumePrivilege	1764	msiexec.exe
Token: SeImpersonatePrivilege	1764	msiexec.exe
Token: SeCreateGlobalPrivilege	1764	msiexec.exe
Token: SeCreateTokenPrivilege	1764	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1764	msiexec.exe
Token: SeLockMemoryPrivilege	1764	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1764	msiexec.exe
Token: SeMachineAccountPrivilege	1764	msiexec.exe
Token: SeTcbPrivilege	1764	msiexec.exe
Token: SeSecurityPrivilege	1764	msiexec.exe
Token: SeTakeOwnershipPrivilege	1764	msiexec.exe
Token: SeLoadDriverPrivilege	1764	msiexec.exe
Token: SeSystemProfilePrivilege	1764	msiexec.exe
Token: SeSystemtimePrivilege	1764	msiexec.exe
Token: SeProfSingleProcessPrivilege	1764	msiexec.exe
Token: SeIncBasePriorityPrivilege	1764	msiexec.exe
Token: SeCreatePagefilePrivilege	1764	msiexec.exe
Token: SeCreatePermanentPrivilege	1764	msiexec.exe
Token: SeBackupPrivilege	1764	msiexec.exe
Token: SeRestorePrivilege	1764	msiexec.exe
Token: SeShutdownPrivilege	1764	msiexec.exe
Token: SeDebugPrivilege	1764	msiexec.exe
Token: SeAuditPrivilege	1764	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1764	msiexec.exe
Token: SeChangeNotifyPrivilege	1764	msiexec.exe
Token: SeRemoteShutdownPrivilege	1764	msiexec.exe
Token: SeUndockPrivilege	1764	msiexec.exe
Token: SeSyncAgentPrivilege	1764	msiexec.exe
Token: SeEnableDelegationPrivilege	1764	msiexec.exe
Token: SeManageVolumePrivilege	1764	msiexec.exe
Token: SeImpersonatePrivilege	1764	msiexec.exe
Token: SeCreateGlobalPrivilege	1764	msiexec.exe
Token: SeCreateTokenPrivilege	1764	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1764	msiexec.exe
Token: SeLockMemoryPrivilege	1764	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1764	msiexec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 2292	5076	msiexec.exe	83
PID 5076 wrote to memory of 2292	5076	msiexec.exe	83
PID 5076 wrote to memory of 2292	5076	msiexec.exe	83

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\ChatGPT4 V2.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1764

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 21768CA4B32D46757AD22968761FB8F6 C
  2⤵
  - Loads dropped DLL
  PID:2292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MSI7DD0.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI7DD0.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI811C.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI811C.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8266.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8266.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8266.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8322.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8322.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI83B0.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI83B0.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI85C4.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI85C4.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8603.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8603.tmp

Filesize
587KB

MD5
c7fbd5ee98e32a77edf1156db3fca622

SHA1
3e534fc55882e9fb940c9ae81e6f8a92a07125a0

SHA256
e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

SHA512
8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

Download Submit