Overview

overview

7

Static

static

1

556b51b8c2...JC.msi

windows7-x64

7

556b51b8c2...JC.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    556b51b8c2e2516235372629d158d6a10e11e4fcbb8e4fa67a3f5a5a54846f08_JC.msi

  • Size

    1.5MB

  • MD5

    daba6863275095fb07eece679c8bf098

  • SHA1

    a5506ef0b0998abcb935633c8b1ebeddbc324769

  • SHA256

    556b51b8c2e2516235372629d158d6a10e11e4fcbb8e4fa67a3f5a5a54846f08

  • SHA512

    254e4f2c26893c9b8a97a29126c975c374380f4738605c8cebd8bb537a18a0f85ba871e650a33c54564154584a5ca1f18e708a9f7a9f6dd13c663990b136ff57

  • SSDEEP

    24576:QJcLlYOINVUuD6yS1wGbXpsHzCsalfLK/hVfAmDX8qrJrKPyVqmY1:vLlYO+UuD6ySaGbX+H9a9+hVfA4X84po

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\556b51b8c2e2516235372629d158d6a10e11e4fcbb8e4fa67a3f5a5a54846f08_JC.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1088
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1EF79364D31A42EBF58785AC16F989B3
      2⤵
      • Loads dropped DLL
      PID:4804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSI3E3D.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSI3E3D.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSIDF7F.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSIDF7F.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSIF2D9.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSIF2D9.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit

  • C:\Windows\Installer\MSIF2D9.tmp
    Filesize

    384KB

    MD5

    d23c9b725dc88a729250a65229e35b39

    SHA1

    112a859b1c905e6514e0f18a8a41ec6455ca617f

    SHA256

    284e1b5af1e6a57f776cd82093be19820ab3c90ca1c4639c4b11f7a00a3e6877

    SHA512

    e049af99a7d4a265eb8cd9a2e31c4d387b8a42683d4a80fe935ead8a95b1f456407129dad241aa956fc6ebc2b3b52886a5668499d7f256232c3c372c70a8f465

    Download Submit