Analysis

  • max time kernel
    96s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 01:32

General

  • Target

    23871a49bd776eead5bed3f3a64d0221c6f3706418316d9c784e5e470fb54749.exe

  • Size

    26.6MB

  • MD5

    a9859983334e3c91c73b06ac7ad5e7a3

  • SHA1

    a28b5a069eac3782442f5b965f5a42d2e9ebf3bd

  • SHA256

    23871a49bd776eead5bed3f3a64d0221c6f3706418316d9c784e5e470fb54749

  • SHA512

    b34b7afa81ca2cbf4b9747645cdaf7a3bc82990a743b61499984ae39870a02613d8c07aaf52d9819955aa4247c005790d176a837efc5af351b3e19377b0c1f24

  • SSDEEP

    393216:4AK/4px/6flaz074nYG4TYk+UswHk5HaPBVpQ5pRq/EnuA6N:C/bf+E0YGgYxUs2OgwI+dk

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23871a49bd776eead5bed3f3a64d0221c6f3706418316d9c784e5e470fb54749.exe
    "C:\Users\Admin\AppData\Local\Temp\23871a49bd776eead5bed3f3a64d0221c6f3706418316d9c784e5e470fb54749.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4732
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 2C5F9C426C9C428977CB559344CECF1B C
      2⤵
      • Loads dropped DLL
      PID:460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4732\PDFCompressorFM500x316.bmp

    Filesize

    336KB

    MD5

    70dbb7897525b3daa0e1991b41efada3

    SHA1

    47cc96e339f25da68f1b4af45e5af73114b5ca8a

    SHA256

    834acd9b40a1cfe144d39379b2aa4043546aebb5e217faf7ecd7b7fba8e13f5a

    SHA512

    b6a9c35f931380f6f7333a2508a36d78ede7d58305a1704309723f6eddb1d6a9f54c47cc6763f4123ffec63a40e680d49e398793eff3d4c2d154271b351b9b94

  • C:\Users\Admin\AppData\Local\Temp\MSI9F2F.tmp

    Filesize

    721KB

    MD5

    5a1f2196056c0a06b79a77ae981c7761

    SHA1

    a880ae54395658f129e24732800e207ecd0b5603

    SHA256

    52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e

    SHA512

    9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

  • C:\Users\Admin\AppData\Local\Temp\MSI9FDD.tmp

    Filesize

    699KB

    MD5

    1258761f4c142eeee03d76ca88c87f7b

    SHA1

    9c25500a2b8afbb4c99c0df0762b11f453920a96

    SHA256

    9e92bac5169febd2951fc7baabfd0101a48ccc4c5c56a08536504dc67ee29916

    SHA512

    b5de1909b21147a40cb49caadc69cefe961c6610886e09b2282f27933be44a834579311fb3f5a71d601689a8da27f50d67ca0a30ccd37f82f2280fc0ed013b48

  • C:\Users\Admin\AppData\Local\Temp\MSI9FDD.tmp

    Filesize

    509KB

    MD5

    76540160eeddb37f274219dfc791834e

    SHA1

    f4e699ec8450cd420376400612284a783cd47a6e

    SHA256

    bd466c16f8f878b90179d90ed8044e934f59e7690034495c530a0dc1452a4c89

    SHA512

    f11a34db97505ed505ab73d8533661f15dbbfcaa17726c1562a0c3c6365819bb82d0f1157852aa9055a336c3b0c0e0a0fb779bba38ec7c2daf530946ff396e5b

  • C:\Users\Admin\AppData\Local\Temp\MSI9FDD.tmp

    Filesize

    479KB

    MD5

    da5bde429c34debecffa9ea490985a75

    SHA1

    4d3e85c0d07960c0588b9d7277d816698591e617

    SHA256

    2dbb1c0f0bca959eeb3cc575a0393b25606536ad8f2b08a9bd0f2849c5a8628a

    SHA512

    1a4d44c69d399ff851da92f89a194bf4e960fa150a903bd936120deac005cb6ec9431eaceec0bb3b8c0af56a7db71b208f27418d932587929856008ba6836a1f

  • C:\Users\Admin\AppData\Local\Temp\MSI9FFD.tmp

    Filesize

    446KB

    MD5

    fcb69ecaad680b7d3f49c91c15e8879b

    SHA1

    a4765658cb555f94c6201bfc7db781ff6be70a7b

    SHA256

    a91e1f2ac5ad39cbdc990f79b2bb5f5fdcf019d7af05f52a415ac48bae0df127

    SHA512

    fa9d3ff5d471aa660dc9b55e7e92b03754e3fde309b480bfc0694692af2ccf56ebd1c2c545a2cae2b3b23e0524d1f24e26a96c636b8429a7470591f4a56c682b

  • C:\Users\Admin\AppData\Local\Temp\MSI9FFD.tmp

    Filesize

    408KB

    MD5

    206e94074fe4d452cc1da243f70c9926

    SHA1

    e38f64fb1fa1ce816425780417a5ff40d359164b

    SHA256

    950352084a54c965ee0d649575d53f9d963f35a80ed3ebb464d6d0eebbb79cb4

    SHA512

    41dbdbc0f6af6cdc13f57126dd70d6650b723b4fe81bac17f01c1ba485db79d2545d3170516987ccb8ccfc3f0278e99fd14bd9a61ff16ce07b9fb8dbff22627c

  • C:\Users\Admin\AppData\Local\Temp\MSIA03C.tmp

    Filesize

    516KB

    MD5

    27bd7faee1cc6ba244564e34626276a6

    SHA1

    88835d4c818b7d3be5e716d0e803ea64405eb705

    SHA256

    3441cbf92467affb0ccb049d48707a57458502e190a2dcf9252340f81a5462a6

    SHA512

    186159fa0fd9ea4e7c64ce5c517b62f727c93a86f1ed8cf411c3de7c8cf788b18f9812281d643b7b445f792ed7b01c5a6327f071274fb4a6dfac3380ee812a8b

  • C:\Users\Admin\AppData\Local\Temp\MSIA03C.tmp

    Filesize

    509KB

    MD5

    777859decdfdfdb318682903e283f778

    SHA1

    0095acb70820b768374a1774f97ed883efdc9c84

    SHA256

    7f551794357fa8dc4ff402b6feaba77110bbff489fddab278a0f2b1fa43cd1c4

    SHA512

    4d8ea16a0990718b87860e55f47facdeee4a9969878b32dba80de8740f4cc794eaebb18181ab531becd04a18ac6ba69e121d2734cd8513088f83738c86899d6c

  • C:\Users\Admin\AppData\Local\Temp\MSIA04D.tmp

    Filesize

    446KB

    MD5

    471588fa0dee7d356ddbdfdc772b499b

    SHA1

    2417795d688015fad6f98f00c7187db8c0179785

    SHA256

    36bf4465a0955c8ddccb6ad5648f9f4a2a1c9dc0ee6b7c8e55f137819f69f6e8

    SHA512

    1eecbdd2806c01c1d69cb9f02290164f2cce5640e6ab0d6c472822d4d461a0874a90353b578e0297edf6eeee8972f347f1ccee806c9343145046e67e4a47a860

  • C:\Users\Admin\AppData\Local\Temp\MSIA04D.tmp

    Filesize

    468KB

    MD5

    862d0442e5d4d5186fc7644b6e1af9b2

    SHA1

    4049e6d99448a77eb06a7d6a41dea6c1d70d7609

    SHA256

    2f668ac9c7bf53059197e9056f06cb2c3d238b6cf337f3cad8dc3630eacbb578

    SHA512

    2a1d61b0d89dcc30e2a9e29766138ce77c416c2cdf6f819c4d3f5cd10d9eadfd844c12451a79f94f8cfb4b505bdd3a2e04c0d1ac442077fa450caefaf924dbf2

  • C:\Users\Admin\AppData\Local\Temp\MSIA04E.tmp

    Filesize

    368KB

    MD5

    2df446e3f0e863836c6fb727154380f5

    SHA1

    15f8fd8dd41a1e4c26f63740c39fb40818b4b9d5

    SHA256

    82cbe726fd7367f66a20e822e798411aca04bffb1081f8e7debbecd6937a10c9

    SHA512

    09fd932c9eecefdf8679b026d6d2574fb9845d601fee19ba41ae14c88b49de8a659f987165228aac18b05e3f97e15087ef10bde282c4f097ba6b146e17b029bd

  • C:\Users\Admin\AppData\Local\Temp\MSIA04E.tmp

    Filesize

    437KB

    MD5

    a61fef6fff78482c0d7a64ad2f5421a1

    SHA1

    d59a01e0bef9c7ac965ade70457cc916d1ca3802

    SHA256

    07bfd703364d06298423b1b5bf141ec15793d1b83382e1021a5574863a6e5529

    SHA512

    c393f1ff434ad5d6d34dd90c6fc02a2dddf1f8a2954d8ca7999e477230c5ec1d1ec70a73a00cdc7d4a293c61c5bff423e0477cddd27e327d22a709f5e3aeea80

  • C:\Users\Admin\AppData\Local\Temp\MSIA07E.tmp

    Filesize

    622KB

    MD5

    917fc657639b9e17d76326f9b4a5cc51

    SHA1

    97204bb31a438b18ac9cb775ea553654a58b2069

    SHA256

    4afc0c97aa71bb613fd6dd1897c062cdbe3e2d416cf3934ae0f0951eea15988b

    SHA512

    8080bd6ee7dc952918631616f7c8aedad48c6e838c53b27ce8620cf4154d9932d95bbe68a8643cbadad257cd19adfb65a5c04e09d2d1eae3f9c5733584574781

  • C:\Users\Admin\AppData\Local\Temp\MSIA07E.tmp

    Filesize

    463KB

    MD5

    141083a454aac4c624f2a8dd935d9341

    SHA1

    74f483fed4d076556c0d45833b2f469b943e793b

    SHA256

    c9295fab85c3f3e33c14cc4147ad3aebc399eedc3fce0d7c25673ffe2fbd7932

    SHA512

    0c9fed8c947373128db2370d64a292efce060bd58216be6ce5c0e4f29182d0eac764adbdaed9d109b6540a0be3d8f970689f0c6b33b4f04807b523f14c3bdf51

  • C:\Users\Admin\AppData\Local\Temp\MSIA08F.tmp

    Filesize

    413KB

    MD5

    4ad9fbf41001e38eeed6b71ffda35a0a

    SHA1

    f6b7415813e33353d87ed97493d04413c4daddf0

    SHA256

    e9edcfb7f8a33b35efa525c3635452ec11aeb62d13523e58c25582bb017bc02d

    SHA512

    809325ab1e61a6f140cb28ada33b383c8e3b0def804c44a5ce71a0b35ff77378ac2e8f103b9ed151c76cfea9dc8dd5c73d231d1c007f0fe6c295a71842f42a9b

  • C:\Users\Admin\AppData\Local\Temp\MSIA08F.tmp

    Filesize

    426KB

    MD5

    00f097ebd43f400d789a1fbf28dd5167

    SHA1

    6b69455501e803c1c2b332813bd97ce4ca6bfb66

    SHA256

    ac7f64bdc03869d511b72808dea0af7b0005401414ae9a8c3fab218f7d75d5a3

    SHA512

    e27fab1a1d1f2fb884b55c38b7da7c80cfd91544331b6dd98a37c7263eb958a894e9d80099d9372eeb9889df937f5914efab1c25b360ba83ee0ad64aeeb14cdb

  • C:\Users\Admin\AppData\Local\Temp\MSIA0AF.tmp

    Filesize

    417KB

    MD5

    806ec8ac586a8b460b498db6bc13405c

    SHA1

    846db0915713d0fc98fe5522279e1740a24305b3

    SHA256

    f50ea4ba5ebb16a0c1258bdc8e11676d5fc45d1aff1d5768c6d14c1eacbaba4d

    SHA512

    9767db6b2f238acf63b55d83ab62baca6fee4a5fcfa034510274ee41a28ba51aafeb069051880822fc680791eeb0b1066180194d2fcf548e2ce4296af51a2b85

  • C:\Users\Admin\AppData\Local\Temp\MSIA0AF.tmp

    Filesize

    319KB

    MD5

    b07869dd4f2f3eaa29af8d501bd9a943

    SHA1

    d1931e32b415c958f642066ef373930f8962183d

    SHA256

    019480d33e3f9966726daf822f67140c8e87c60cad12ab2150b620c640e81ce5

    SHA512

    6385c66897e3bb128a67f604815fbb10ba115677a311ae0be7a4179d9199d96fff21705280a5993fabff4d3fc3f52d6c9cf14cfdc91ce0f969449d215bb36d0e

  • C:\Users\Admin\AppData\Local\Temp\MSIA0BF.tmp

    Filesize

    371KB

    MD5

    a756e403fe234d6be306dc90d7e5c297

    SHA1

    0efe3fdfbc2a400cd5b74637941be4c3464483e8

    SHA256

    7d2d69975cead539e44db593efcfada0eb208a976bb568d8f8bcecd8b8090b25

    SHA512

    e622d478af81d2ad799d353eb57c146e661383f087fd1c22150346e55dc1db2f3b301bea3edb11928d23880e5e0652a47aef50187534ffb4c5f9283685406e25

  • C:\Users\Admin\AppData\Local\Temp\MSIA0BF.tmp

    Filesize

    349KB

    MD5

    88fd4737497236c40297b8a585957d11

    SHA1

    93d180aa10ca6828dc5451cb6450a101bab0940b

    SHA256

    7ccf138750ab1a7441c6362b100ba21372c14e87c922eb3965eabc8d9783e09f

    SHA512

    4e0bfb968f0f04fbbca7634864633ead8be1a30e18a41207ec7539ff2567f36132aeb461396e0c074fd20f33051d8951c3eec57d7c5011f0205910a00fe65982

  • C:\Users\Admin\AppData\Local\Temp\MSIA237.tmp

    Filesize

    249KB

    MD5

    6329897d2567c97c99b764ed760c7e93

    SHA1

    a83698c260c0db370584bd08d2f1bf7dd923792b

    SHA256

    97cd6035d788febd61d3f9216ee4a11299b04c845d51dbdba6dc997072cb48e8

    SHA512

    07baa85160ec1dd44a35fb8acdf415a5a99d0ac014ca07c7ffa0a964540078c56b3dfa6fe1521455918c50711642b6a5ea5e36f043758c9235c4ce4ca0afd59e

  • C:\Users\Admin\AppData\Local\Temp\MSIA237.tmp

    Filesize

    301KB

    MD5

    2254d955b995d41e5605a6c9fcdca9dc

    SHA1

    b75a4cc5a6d9e38847c631942d9478c7f41a79a5

    SHA256

    1a3ddfd6b23df2d3eef14cee2dd2c21416e12288ea71186f4df6bb92d3c99e40

    SHA512

    edd150152d81f35f3a1725ded9a4bd11e89486eccb748edbaddfedecfc04ac324c126360416ed09263af5a12b0c9f188eabbb3f98aa64b341b096da03ca61ac5

  • C:\Users\Admin\AppData\Local\Temp\MSIA248.tmp

    Filesize

    405KB

    MD5

    fa405ed75d57224711725ecafe61ab0f

    SHA1

    3ca4c8654fa31e5d66197fc791956377f53cbf8c

    SHA256

    390c19d70b803cc2b5b692b8ad5371fe76cdf02a0b3a3bd5039f26043491e8ee

    SHA512

    2199b5a237e40e0ab216e20229f88cc24028daba455261ad1bd9152f96806711e472d81b55fa4533bed0bdce518a739d04c3af002467adc2364e0275db0de186

  • C:\Users\Admin\AppData\Local\Temp\MSIA248.tmp

    Filesize

    281KB

    MD5

    c15ec69411274b761d9ca0fc231a3586

    SHA1

    aa6e8939024078aff2e8ea66a83aad0817296133

    SHA256

    4b8b497e254ff484ab24042d69719dc2e7ef62606226514d42af638bf756e94d

    SHA512

    65bfd109247d58596a8ae9970a2f38a0d3f05684d03cebe9ed8e054cbad0d866292696e5ed2de642ad6fb8882ff7198da86e954a7300ae081c82264e8ac9770d

  • C:\Users\Admin\AppData\Roaming\PDFCompressor-FM 1.3.7\install\PDFCompressor-FM.x64.msi

    Filesize

    1.4MB

    MD5

    40d3179c69580f4a277085998f023b08

    SHA1

    94ccdb16722db38d5801fbf80e2502f966145fb5

    SHA256

    e99f52913bc946ee0a6a02406a4d0e506a62ead3a83257e9be9c50fb14e65c70

    SHA512

    a948c80d3fb42cbf6a258d91ca28bd36fa98e4395e313c49c4f6952e85aaa7e6c6191701857b7df88046380c4a02fb856cb66e41a5957f2f331ed5a44925b3b9