Overview
overview
7Static
static
7LVANLYS.DLL.4.dll
windows7-x64
1LVANLYS.DLL.4.dll
windows10-2004-x64
1LVZLIB.DLL.5.dll
windows7-x64
3LVZLIB.DLL.5.dll
windows10-2004-x64
3SMARTSOFTS....1.exe
windows7-x64
1SMARTSOFTS....1.exe
windows10-2004-x64
3smartsoft_...ll.msi
windows7-x64
7smartsoft_...ll.msi
windows10-2004-x64
7smartsoft_...se.rtf
windows7-x64
4smartsoft_...se.rtf
windows10-2004-x64
1smartsoft_...up.exe
windows7-x64
7smartsoft_...up.exe
windows10-2004-x64
7smartsoft_...09.dll
windows7-x64
1smartsoft_...09.dll
windows10-2004-x64
1merged.msi
windows7-x64
7merged.msi
windows10-2004-x64
7smartsoft_...ie.exe
windows7-x64
1smartsoft_...ie.exe
windows10-2004-x64
1Analysis
-
max time kernel
134s -
max time network
164s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
07/11/2023, 14:34
Behavioral task
behavioral1
Sample
LVANLYS.DLL.4.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
LVANLYS.DLL.4.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
LVZLIB.DLL.5.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral4
Sample
LVZLIB.DLL.5.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
SMARTSOFTSSI.EXE.1.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral6
Sample
SMARTSOFTSSI.EXE.1.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
smartsoft_4.1.7/bin/dp/install.msi
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral8
Sample
smartsoft_4.1.7/bin/dp/install.msi
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
smartsoft_4.1.7/license/SmartSoft SSI License.rtf
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral10
Sample
smartsoft_4.1.7/license/SmartSoft SSI License.rtf
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
smartsoft_4.1.7/setup.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral12
Sample
smartsoft_4.1.7/setup.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
smartsoft_4.1.7/supportfiles/customResource0009.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral14
Sample
smartsoft_4.1.7/supportfiles/customResource0009.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
merged.msi
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral16
Sample
merged.msi
Resource
win10v2004-20231023-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
smartsoft_4.1.7/supportfiles/niPie.exe
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral18
Sample
smartsoft_4.1.7/supportfiles/niPie.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
smartsoft_4.1.7/bin/dp/install.msi
-
Size
1.4MB
-
MD5
1df10caf520b9e9d56d8fb51d47ad764
-
SHA1
e376482a8db9d8cdb06658c100f5af9c88e38a7b
-
SHA256
2b2f61e87fa142cd877cc899bc93857fd8d80df84052074625c74dcf1acd43d0
-
SHA512
bd618fb6f1108bd9488f8afcdbeb975cd2a5095f534c34161d98fbdfe92309b8c9d338439c1d2a0dc306e3dca0ba9087f5c48654afc3c1716e5d2d77d8ad7489
-
SSDEEP
24576:TvJoj2nC9Ab7MX/Z9cSqGqIfo/2m3Db0nMKbVOIKRswRiXUiqGqIP:TvG1kwvk7bWOI3vXl
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 3044 MsiExec.exe 3044 MsiExec.exe 3044 MsiExec.exe 3044 MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\L: msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2636 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2636 msiexec.exe Token: SeIncreaseQuotaPrivilege 2636 msiexec.exe Token: SeRestorePrivilege 1676 msiexec.exe Token: SeTakeOwnershipPrivilege 1676 msiexec.exe Token: SeSecurityPrivilege 1676 msiexec.exe Token: SeCreateTokenPrivilege 2636 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2636 msiexec.exe Token: SeLockMemoryPrivilege 2636 msiexec.exe Token: SeIncreaseQuotaPrivilege 2636 msiexec.exe Token: SeMachineAccountPrivilege 2636 msiexec.exe Token: SeTcbPrivilege 2636 msiexec.exe Token: SeSecurityPrivilege 2636 msiexec.exe Token: SeTakeOwnershipPrivilege 2636 msiexec.exe Token: SeLoadDriverPrivilege 2636 msiexec.exe Token: SeSystemProfilePrivilege 2636 msiexec.exe Token: SeSystemtimePrivilege 2636 msiexec.exe Token: SeProfSingleProcessPrivilege 2636 msiexec.exe Token: SeIncBasePriorityPrivilege 2636 msiexec.exe Token: SeCreatePagefilePrivilege 2636 msiexec.exe Token: SeCreatePermanentPrivilege 2636 msiexec.exe Token: SeBackupPrivilege 2636 msiexec.exe Token: SeRestorePrivilege 2636 msiexec.exe Token: SeShutdownPrivilege 2636 msiexec.exe Token: SeDebugPrivilege 2636 msiexec.exe Token: SeAuditPrivilege 2636 msiexec.exe Token: SeSystemEnvironmentPrivilege 2636 msiexec.exe Token: SeChangeNotifyPrivilege 2636 msiexec.exe Token: SeRemoteShutdownPrivilege 2636 msiexec.exe Token: SeUndockPrivilege 2636 msiexec.exe Token: SeSyncAgentPrivilege 2636 msiexec.exe Token: SeEnableDelegationPrivilege 2636 msiexec.exe Token: SeManageVolumePrivilege 2636 msiexec.exe Token: SeImpersonatePrivilege 2636 msiexec.exe Token: SeCreateGlobalPrivilege 2636 msiexec.exe Token: SeCreateTokenPrivilege 2636 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2636 msiexec.exe Token: SeLockMemoryPrivilege 2636 msiexec.exe Token: SeIncreaseQuotaPrivilege 2636 msiexec.exe Token: SeMachineAccountPrivilege 2636 msiexec.exe Token: SeTcbPrivilege 2636 msiexec.exe Token: SeSecurityPrivilege 2636 msiexec.exe Token: SeTakeOwnershipPrivilege 2636 msiexec.exe Token: SeLoadDriverPrivilege 2636 msiexec.exe Token: SeSystemProfilePrivilege 2636 msiexec.exe Token: SeSystemtimePrivilege 2636 msiexec.exe Token: SeProfSingleProcessPrivilege 2636 msiexec.exe Token: SeIncBasePriorityPrivilege 2636 msiexec.exe Token: SeCreatePagefilePrivilege 2636 msiexec.exe Token: SeCreatePermanentPrivilege 2636 msiexec.exe Token: SeBackupPrivilege 2636 msiexec.exe Token: SeRestorePrivilege 2636 msiexec.exe Token: SeShutdownPrivilege 2636 msiexec.exe Token: SeDebugPrivilege 2636 msiexec.exe Token: SeAuditPrivilege 2636 msiexec.exe Token: SeSystemEnvironmentPrivilege 2636 msiexec.exe Token: SeChangeNotifyPrivilege 2636 msiexec.exe Token: SeRemoteShutdownPrivilege 2636 msiexec.exe Token: SeUndockPrivilege 2636 msiexec.exe Token: SeSyncAgentPrivilege 2636 msiexec.exe Token: SeEnableDelegationPrivilege 2636 msiexec.exe Token: SeManageVolumePrivilege 2636 msiexec.exe Token: SeImpersonatePrivilege 2636 msiexec.exe Token: SeCreateGlobalPrivilege 2636 msiexec.exe Token: SeCreateTokenPrivilege 2636 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2636 msiexec.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31 PID 1676 wrote to memory of 3044 1676 msiexec.exe 31
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\smartsoft_4.1.7\bin\dp\install.msi1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2636
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B1DD172451DBF1DC5C4703E9D7A4A1C9 C2⤵
- Loads dropped DLL
PID:3044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d
-
Filesize
590KB
MD57b2e16b40253b3664bd209416e40d832
SHA10b8f4c27d7c366e19ebdfa6dcc4540ef46f76f26
SHA2565479a842ede9595a950bbc70a1fa52622f64fc80971aef689c22701ffc506c9a
SHA512425d57105dc80008f06c96af06726b470d753f32f5159706a20579fbafa1465055c2605da754b51644e0171a6be1fe374c0003d507c8827515341c1628eea94d