Overview

overview

7

Static

static

1

AlteryxPat...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    441s
  • max time network
    447s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2023 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AlteryxPatchInstall_2023.1.1.1.200.exe

  • Size

    52.1MB

  • MD5

    6150916d6bb4f8394f24fab305c65223

  • SHA1

    bd7482cf1c0f3030583de3f429e287a8673bb4a7

  • SHA256

    e0af09fd610b941a27fdaf3d08eb6ba185e7ee211cf4d2b435f96671bd2799d1

  • SHA512

    41cef2ccc1cd238f2eb40fa71f845ab04acbe282cb03240745dac011fa7859acda43efe0dee93afbd6dbc2684da3cd2c8dee02261ecb188acc98a190ebd2144d

  • SSDEEP

    786432:G2pyY34Mr8qJFLVLKGDg9j99HbHfUGIJ8HMwtM7syKsisogAQdgonkL7e+ioIIiu:G/MwqtLjoDZCWs7o3QdgonkL7O7u

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AlteryxPatchInstall_2023.1.1.1.200.exe
    "C:\Users\Admin\AppData\Local\Temp\AlteryxPatchInstall_2023.1.1.1.200.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /p C:\Users\Admin\AppData\Local\Temp\AlteryxInstallation_722\AlteryxPatch.msp /norestart INSTALLED_PATCH="0" SEVENZIP_PATH="C:\Users\Admin\AppData\Local\Temp\AlteryxInstallation_722\7za.exe" UNINSTALL_EXE_PATH="C:\Users\Admin\AppData\Local\Temp\AlteryxInstallation_722\UninstallAYX.exe"
      2⤵
        PID:5032

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\AlteryxInstallation_722\96fc1a6a0e36b096.tmp
      Filesize

      866KB

      MD5

      ad2b9dfd8742ea03dfb3b6bb8650a593

      SHA1

      a5bc50581f57e1681e8943b923d1e00834a06aed

      SHA256

      268e0411dc3adb8bf78c148c4923e29ecb5d165024de62eb75faa285a3759833

      SHA512

      cb390aa71b44caa6cdb7aa23d9bc5753168c6c6c0c227eed73c8778c72ea68e5cec0bc62e7d5fecbc42e15c565a08885a9776c37451224536d310630b0361dca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AlteryxInstallation_722\AlteryxPatch.msp
      Filesize

      49.4MB

      MD5

      c2dec528c6dc6e66598d94f20dbf8b36

      SHA1

      31998f3531de83ea5ead79f49c7f250366abf1fb

      SHA256

      7e078092cba43cebad89ab4adcc0c45e926f39c55f5b10a021ef92d080f1f63d

      SHA512

      cc4ec36e3813d60f289330958fda5c9e2dcffdfc689092660317ac68e6eb6fddf6df11e451e26d673a85c3c193f87036c007e14436ecb719de6cbceb843d6be8

      Download Submit