Overview

overview

7

Static

static

1

ACTU4GBJ4DAXWGSB7.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    43s
  • max time network
    58s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    08-11-2023 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ACTU4GBJ4DAXWGSB7.msi

  • Size

    5.9MB

  • MD5

    9dbfb65e2d34af208ca5d1b8db1fdaa6

  • SHA1

    f9153d65196fa951337662606f796d9a752abca0

  • SHA256

    88512a879e350ef8f908800464f9208bf4e96c9b9ff3678398d0e0d61c25e5e4

  • SHA512

    c6ccb91943beb4cded8a20ae57f950468d0f58bc5af2c2af5143e6b2fc2bf814d3b19e358f109ab51d530661326b2cf1edc121177edb75590c9b2be9d9e7b962

  • SSDEEP

    98304:ZgxJju1fuu8KmLl90bm/d4zHmPuolXxqcCLXo0:Z0uZuu8KhEqH4oLo

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ACTU4GBJ4DAXWGSB7.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3616
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3412
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 82181D2BB8A23B102D8F0F600EA12542
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      PID:456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Installer\MSIDD40.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIDD40.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE427.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE427.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE59F.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE59F.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE59F.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE5DF.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIE5DF.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSIEA84.tmp
    Filesize

    4.9MB

    MD5

    8d8b1be00036ee3a03840af5c93c291e

    SHA1

    622961073dc3f0403efcd9d6a98421ee8756c4f4

    SHA256

    fb7e646a59603380ead52a3b9b899f241e6c03cebccd3d800ddc3099c9a1e74e

    SHA512

    68a785e4d16d02a54c2a03c25180880b561da32251c0062506bfcdb541d593849957b89ed2c80e38ecb9677ae9e1b4aed759b4fe16501b0a281884538105afd1

    Download Submit

  • C:\Windows\Installer\MSIEA84.tmp
    Filesize

    4.9MB

    MD5

    8d8b1be00036ee3a03840af5c93c291e

    SHA1

    622961073dc3f0403efcd9d6a98421ee8756c4f4

    SHA256

    fb7e646a59603380ead52a3b9b899f241e6c03cebccd3d800ddc3099c9a1e74e

    SHA512

    68a785e4d16d02a54c2a03c25180880b561da32251c0062506bfcdb541d593849957b89ed2c80e38ecb9677ae9e1b4aed759b4fe16501b0a281884538105afd1

    Download Submit

  • memory/456-26-0x0000000073D50000-0x000000007423F000-memory.dmp

    Filesize

    4.9MB

    Download