Overview

overview

8

Static

static

1

ChatGPT4 V2.msi

windows7-x64

8

ChatGPT4 V2.msi

windows10-2004-x64

8

Resubmissions

13/07/2023, 06:18

230713-g23jgafe73 8

24/06/2023, 01:22

230624-bq8nfshe97 8

Analysis

  • max time kernel
    71s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChatGPT4 V2.msi

  • Size

    1.3MB

  • MD5

    0f77fb52cbe9489be260f739f4cbfce0

  • SHA1

    28236b7b22ad00cfb14b7c04940a1dcb75262538

  • SHA256

    5396c6c41584959beea2b5058c5e90d776d2908fbdfaeb08cda924c00b9bd9db

  • SHA512

    d1debb3fb41df91b1e2173a6784b6be527713c2ca9228f0b22b07e2f4dbf95824652463d2ca767bd5f4d183667925aceabcbcaa5e048162fe60b7c2b33063b71

  • SSDEEP

    24576:CHCSlEKSDB8pDESD30TidMgWZ5H1Wruyi4QX851wfM/3F:CHCZDB8pDESD30TimgS5VWha851wfM/1

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 12 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\ChatGPT4 V2.msi"
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2532
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 99537101B429E120CEFC009F03DFC0A4 C
      2⤵
      • Loads dropped DLL
      PID:3068
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AD814ECF5F5218B6A1FC27AADCDDA759
      2⤵
      • Loads dropped DLL
      PID:2436
    • C:\Windows\Installer\MSI607F.tmp
      "C:\Windows\Installer\MSI607F.tmp" "C:\Program Files (x86)\Open Ai\ChatGPT4 V2\setup.bat"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2416
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:3048
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000032C" "000000000000055C"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:1828
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Program Files (x86)\Open Ai\ChatGPT4 V2\setup.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1680
      • C:\Windows\system32\taskkill.exe
        taskkill /F /IM chrome.exe
        2⤵
        • Kills process with taskkill
        PID:1092
      • C:\Windows\system32\timeout.exe
        timeout /t 1
        2⤵
        • Delays execution with timeout.exe
        PID:2440

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\f77584f.rbs
      Filesize

      434KB

      MD5

      06bca07547665f9ad4169ad8122b5b1a

      SHA1

      99007b1d44fa4f80baefdfb17897ae8f6adde560

      SHA256

      71a6374ecb59de4a38143e76d52f6f56a107fc68e76763d8fcdf595bf1dab2d2

      SHA512

      ab9ca6c3a17655031a6e0f83bee8fa142a03c6540d714e49d08fa1f97cefd6bf84bd64914eefccfe559d51c6b8e23f23458eb9c51e4e95b5fb6db8567515ad6b

      Download Submit

    • C:\Program Files (x86)\Open Ai\ChatGPT4 V2\setup.bat
      Filesize

      147B

      MD5

      22e11974dc91658dd48aed713dda5e4d

      SHA1

      7df4fd1039b112ec1e1af0a2cb814bb1664b437f

      SHA256

      dc34a35e5d0a47ab2735990842d248687881a0e72a48cfa38633ad4121ae6841

      SHA512

      d696eb075bac6f7d41e6b66e3fef94f78b5be8c793e41ce6fb8bb60fd26bf3de4cbb03bae1f6c492620ac7747b9e21787eb467b86c28cdfbb531066125b1dd29

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2071e44cc599bde28f502ed788b7c196

      SHA1

      6b77d6078acbf4c3b05bae6f7dfd1c16790c33b2

      SHA256

      09f2a32f133df766aa64233bd438e6b38291a34168425b12291673e2dbb1aeee

      SHA512

      21b75d907cb19161e3593d098a26aedb0e3e45209c3084ae3bc3d9ace647be18ef62c69720eb9b654ba669324d77c11061cafce9fab6ab93e1d58d1817269b5a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7F30.tmp
      Filesize

      62KB

      MD5

      3ac860860707baaf32469fa7cc7c0192

      SHA1

      c33c2acdaba0e6fa41fd2f00f186804722477639

      SHA256

      d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

      SHA512

      d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8311.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI84B7.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8545.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8545.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI864F.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI86EC.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7F81.tmp
      Filesize

      164KB

      MD5

      4ff65ad929cd9a367680e0e5b1c08166

      SHA1

      c0af0d4396bd1f15c45f39d3b849ba444233b3a2

      SHA256

      c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

      SHA512

      f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

      Download Submit

    • C:\Windows\Installer\MSI5A64.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • C:\Windows\Installer\MSI607F.tmp
      Filesize

      426KB

      MD5

      535e793419b64095926beb728f4dea71

      SHA1

      b5d357c2ae4bb8cf1fca80f6a44ad3bbe5b31c49

      SHA256

      268fece297ae16ec1706ba1ab8ffdce8e9db4ee8d73b7728a0df97cecd26930f

      SHA512

      8facff499bfeeaa85884e1169ffdd0059d0c2bf1edcd17c4b118d3de3eeae79267451cee9d3bb2d8a5478d414e6d831d8f9f9e602a9452f3df4505dcc8b2cbe4

      Download Submit

    • C:\Windows\Installer\f77584d.msi
      Filesize

      1.3MB

      MD5

      0f77fb52cbe9489be260f739f4cbfce0

      SHA1

      28236b7b22ad00cfb14b7c04940a1dcb75262538

      SHA256

      5396c6c41584959beea2b5058c5e90d776d2908fbdfaeb08cda924c00b9bd9db

      SHA512

      d1debb3fb41df91b1e2173a6784b6be527713c2ca9228f0b22b07e2f4dbf95824652463d2ca767bd5f4d183667925aceabcbcaa5e048162fe60b7c2b33063b71

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI8311.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI84B7.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI8545.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI864F.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI86EC.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • \Windows\Installer\MSI5A64.tmp
      Filesize

      587KB

      MD5

      c7fbd5ee98e32a77edf1156db3fca622

      SHA1

      3e534fc55882e9fb940c9ae81e6f8a92a07125a0

      SHA256

      e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

      SHA512

      8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

      Download Submit

    • memory/2416-162-0x0000000000160000-0x0000000000162000-memory.dmp

      Filesize

      8KB

      Download