Overview

overview

10

Static

static

10

D23593D7.msi

windows7-x64

7

D23593D7.msi

windows10-2004-x64

7

Resubmissions

31/08/2023, 02:23

230831-cvdvbacd33 10

31/08/2023, 02:12

230831-cmtwkacc96 10

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/08/2023, 02:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    D23593D7.msi

  • Size

    1.4MB

  • MD5

    e7c7a8a1ba187b67be9bdb024813a0df

  • SHA1

    521ed1044d36304ae2257260ef6169cced71d5a9

  • SHA256

    72601209c92391bd76101e3fb8c96414db8850ca4979379527a979b8ad097589

  • SHA512

    bec24b7ed0648f228e10c9f52ed22138649659bdf9e1c96833f49808056200e416130a894e49889b2e0a73268a864b5938745a7c1e7307e46b38b99332048257

  • SSDEEP

    24576:csuDXXva104BMeRocDP1NhhQEJBDYkaT64Mcctdrbf6zncNynD6BRMhUT:cVX//i5oojQc0HdmdruzcNynD6q4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 14 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\D23593D7.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3972
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3430EFF2C0424CDE69C1A945F281815D
      2⤵
      • Loads dropped DLL
      PID:3644
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 460 -p 4548 -ip 4548
    1⤵
      PID:3520
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4548 -s 848
      1⤵
      • Program crash
      PID:1112

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Installer\MSI2AB.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI2AB.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI5D8.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI5D8.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI6C3.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI6C3.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI6C3.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI722.tmp
            Filesize

            118KB

            MD5

            4b49c57cbefa1d2773da1f95338e294d

            SHA1

            108ea90d8a42cf31f7d8d7710b5fd713ca048ef9

            SHA256

            68c66657b569cad9cc6e1f5adf0795b5df444ec9945c0d86c62c5abc8aaddc08

            SHA512

            42c61f24196c2682343309cbcdcea185a4100603c649e053c11e2efadef8983c411ef4c61ca71025460baf3d4155157242b2f4ce02a88b6ca2d1922651036165

            Download Submit

          • C:\Windows\Installer\MSI722.tmp
            Filesize

            118KB

            MD5

            4b49c57cbefa1d2773da1f95338e294d

            SHA1

            108ea90d8a42cf31f7d8d7710b5fd713ca048ef9

            SHA256

            68c66657b569cad9cc6e1f5adf0795b5df444ec9945c0d86c62c5abc8aaddc08

            SHA512

            42c61f24196c2682343309cbcdcea185a4100603c649e053c11e2efadef8983c411ef4c61ca71025460baf3d4155157242b2f4ce02a88b6ca2d1922651036165

            Download Submit

          • C:\Windows\Installer\MSI7A0.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • C:\Windows\Installer\MSI7A0.tmp
            Filesize

            141KB

            MD5

            4ba8ef50ce73395ad623c770c10e35a7

            SHA1

            63600584c296c0cbe1775a759c34ab384e1bbf76

            SHA256

            6094c813ca4bd0c647b950ba286bd338ef3623fa953b3bcf1a359b88f7296e55

            SHA512

            0730585476d8ded7b363afa486733c6c234704de5cf65f1171ec727f1b826c8a228c0ff5f6f6c219a220ea1794c4c462ab1d45ca48cb62e5eea94dd850ae4206

            Download Submit

          • memory/3644-23-0x0000000074760000-0x00000000747B0000-memory.dmp

            Filesize

            320KB

            Download

          • memory/3644-33-0x0000000002C30000-0x0000000002C33000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-18-0x0000000002C30000-0x0000000002C33000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-12-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-7-0x0000000002AD0000-0x0000000002AD3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-6-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-28-0x0000000002C40000-0x0000000002C43000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-31-0x0000000002AD0000-0x0000000002AD3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-32-0x0000000002AD0000-0x0000000002AD3000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-17-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-34-0x0000000002C30000-0x0000000002C33000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-35-0x0000000002C40000-0x0000000002C43000-memory.dmp

            Filesize

            12KB

            Download

          • memory/3644-38-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-39-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-40-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download

          • memory/3644-41-0x0000000074760000-0x00000000747B0000-memory.dmp

            Filesize

            320KB

            Download

          • memory/3644-42-0x0000000074740000-0x00000000747A5000-memory.dmp

            Filesize

            404KB

            Download