Overview

overview

5

Static

static

1

windowsinstaller.exe

windows7-x64

4

windowsinstaller.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2023 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windowsinstaller.exe

  • Size

    13.1MB

  • MD5

    8608a5b84a36e7682bf779bcd0f61a8d

  • SHA1

    828665caa819e34815910efe2f81d6f74ae577c2

  • SHA256

    243ebcabe490740d6a757ab65397509ecfb639337afdffcf8b5a44d88efa0633

  • SHA512

    a4c4b96afec88a04fd58b1273b2780e0f47c406cc0ca3781ae6e2dff1f5f60c1186b679ecf7431f480e5dab59e31ee7075cecacaa32ffc67a73f604128600d5a

  • SSDEEP

    393216:kuFxqNc1fBCzbaxAfXvIUvn4/76kLZ98FFb8iA2Nx+3y09s9:vt1cb/IUvn4ek8FFbTNxuLs9

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\windowsinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\windowsinstaller.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe" --bts-container 2396 "C:\Users\Admin\AppData\Local\Temp\windowsinstaller.exe"
      2⤵
      • Executes dropped EXE
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab9D2B.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D5D.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe
    Filesize

    2.1MB

    MD5

    d308d19ac043585171f650e987510477

    SHA1

    a11cb94b96d742c21c8227118d42d29737fa6106

    SHA256

    02c58c3fb9533738c2c68d838f3c7991f9f9fccd773943ee750f1f2fd3b26fdd

    SHA512

    39c7a0fb917001539f1d82cd519b2ada8c24b0c806b046bb253aed341c0e36f0a484d78c33f81041feab940b1988505897314f99d0974959a68a01d6cf6a477b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe
    Filesize

    2.1MB

    MD5

    d308d19ac043585171f650e987510477

    SHA1

    a11cb94b96d742c21c8227118d42d29737fa6106

    SHA256

    02c58c3fb9533738c2c68d838f3c7991f9f9fccd773943ee750f1f2fd3b26fdd

    SHA512

    39c7a0fb917001539f1d82cd519b2ada8c24b0c806b046bb253aed341c0e36f0a484d78c33f81041feab940b1988505897314f99d0974959a68a01d6cf6a477b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe
    Filesize

    2.1MB

    MD5

    d308d19ac043585171f650e987510477

    SHA1

    a11cb94b96d742c21c8227118d42d29737fa6106

    SHA256

    02c58c3fb9533738c2c68d838f3c7991f9f9fccd773943ee750f1f2fd3b26fdd

    SHA512

    39c7a0fb917001539f1d82cd519b2ada8c24b0c806b046bb253aed341c0e36f0a484d78c33f81041feab940b1988505897314f99d0974959a68a01d6cf6a477b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\eset\bts.session\be2cc0d4-ecca-4ac2-804d-e443f5e85fae\windowsinstaller.exe
    Filesize

    2.1MB

    MD5

    d308d19ac043585171f650e987510477

    SHA1

    a11cb94b96d742c21c8227118d42d29737fa6106

    SHA256

    02c58c3fb9533738c2c68d838f3c7991f9f9fccd773943ee750f1f2fd3b26fdd

    SHA512

    39c7a0fb917001539f1d82cd519b2ada8c24b0c806b046bb253aed341c0e36f0a484d78c33f81041feab940b1988505897314f99d0974959a68a01d6cf6a477b

    Download Submit