Overview

overview

8

Static

static

3

inst.exe

windows7-x64

3

inst.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2023, 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    inst.exe

  • Size

    3.9MB

  • MD5

    e8d5411085e74a0f1833d47d4a9909ff

  • SHA1

    786e91d9e68a47122f9fe19cb809801dd642bb36

  • SHA256

    92f993005c8095c12d1a29c586197d72d5ed39dd27c5577ceb1f3c1e2a08bec3

  • SHA512

    306370b1adc39cbe496e02e25ef3555cd3ffe928c07a04de930ac64e68bf24800d514c4b5bebc2167e45ce6f8e165b59cc09fbf677828a38bdfe5ec99654e8f5

  • SSDEEP

    98304:HrB3FDqtQKGXW87SltqjM4FzT6n4KQwZF:HrB3FDqtkFSltqriZF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\inst.exe
    "C:\Users\Admin\AppData\Local\Temp\inst.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2464-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2464-11-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download