Overview

overview

7

Static

static

1

LibreOffic...64.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 20:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LibreOffice_7.6.4_Win_x86-64.msi

  • Size

    344.9MB

  • MD5

    747ce5f0de21ce609313c32a9eee3cac

  • SHA1

    ee8112b9eea7c8b4e6ef9e38604ad92d7976196b

  • SHA256

    65678ac729cd0b545d14703879b601872d285c2934ae8d76452f7c2fb2c62d15

  • SHA512

    7ee1328576e880ef9c5e7f04f464efdcb12e4e5ff39b2a20c51e0f2aa9416c54f7e701bc4234ea9c51aca8f938467a6d433aca6d532fe0dac7cc6d1b35b52e66

  • SSDEEP

    6291456:dx8EWmJR6ljijlfKGV05RvLy/sY4Pu2G+ZVD8GFK+Nkp8ivDgMqWsdzwYUzHWSEv:d6E/zJfK00r2kP2MVD8Gqppg39zC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Blocklisted process makes network request 5 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Modifies registry class 52 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\LibreOffice_7.6.4_Win_x86-64.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5076
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding ACACAB2E55A05505D2501BDC48E82482 C
      2⤵
      • Loads dropped DLL
      PID:4308
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 43CCF8C9CF06F8B18A03711DBAF2FCCF
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:4672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30069012ED3CF5DB92F9F4FC78D55E2D_87238437CEFCADF00F1385E31A888EF4
    Filesize

    1KB

    MD5

    41697da5b24c3fcec08c8148ab3a5e31

    SHA1

    65b93e0eb11d1247a1c50485ff176aab096b8473

    SHA256

    4244db407318c60d92f132256bb4929f8db6b7a9617df52ed2bc6b444772e6af

    SHA512

    14d74b80c175f2ae2bab4c19b9871f16a6a66dd040edd77beca87e47a2c05abf63c5cab14190ec13242ca2f9af4531d03088726652461d2991e1b8b9e69e26cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4E4160FB650E5091C535216313A4ECD3_40694084BB8CC5E8867D98AD9507E63C
    Filesize

    2KB

    MD5

    5de01b5778c7477bcb07d9f931ef2236

    SHA1

    72481dbfeb5f01cf00d3f4dcfa3c4592fdc84c7c

    SHA256

    0de20e00988e015883d11d2794df00915eee1c918f6750efb3eea0906f4411a4

    SHA512

    e0fa01518031f5c1081413deee9f3b1ad3fd94c5c0b952216f251ab3cf07feb4c80a869e2f8369feca4641538a2ddce5517100ad20d3e47bbe95ff44df5df81f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_E5F521CA60C5ED8C2B4E2BF399FE2061
    Filesize

    1KB

    MD5

    7c38619eb4dc665171d68471a686f3de

    SHA1

    61049b791ee2f417f7dcfada6a5bb9a3d5eae1e6

    SHA256

    3a319752c8eb8d7594482f64c7996ec9a9b2e570c1db3a5e5139818c159bdcfc

    SHA512

    7933fa4c8981e9ffe6f01c1ff98753333f8bc4d8d1ba8a4dbe71a77343e1f76c29df8f91ef86990158d62c6cf8dfbc8e521d103993f4dfdccad74a4d709106f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\856FDBDDFEAC90A3D62D621EBF196637
    Filesize

    770B

    MD5

    f59fe5c24d1c274725775161394efd6b

    SHA1

    b76adc2f6815d26f69df4c4acedbe82496fe0597

    SHA256

    591ab31defc1de696497438637a0b6cf876a7235ecb44824228a6f07db7ff670

    SHA512

    da421a1b0a9893bf97a199aa5035a0e27f0442f57b0da611838b108361b85ff509230ef84749c46428d4e27bff7a4ad5a1cf2fb2965ea68526bfb7356e1e1134

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30069012ED3CF5DB92F9F4FC78D55E2D_87238437CEFCADF00F1385E31A888EF4
    Filesize

    412B

    MD5

    29d533c8b3fd459350458431a165f5b4

    SHA1

    27255784deaf39c132484d4e099eb6495c3bf671

    SHA256

    6e91062369fd121714847af9840676d71fe94c35771f4f79a16b650cfb18e8f1

    SHA512

    e4be2f448f26e943526c13e655eabb6d9775ba87e49811b4bee44f6dc6fd961f1c991211be79f1af1e03a0d3c33226e916adfef9543c9448296a48ac2104c835

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4E4160FB650E5091C535216313A4ECD3_40694084BB8CC5E8867D98AD9507E63C
    Filesize

    420B

    MD5

    21c414e81afb19e2c16b0cb7e351b34c

    SHA1

    dc32fad8c00a61bea35445eac2433a07d4273626

    SHA256

    c7899def46f8e8f55fb525190eefab08a3fc370f0b416a411d5913bcaefbd2ba

    SHA512

    ddb68a49cfc5b4e97dca5e1ae7a5176443da4dc5dd19a4bbe947851228d06bf4fef22cc1198eef4a234edb949db10ffee15a74d4f0ffd674874cf8b3c9fb47f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\68FAF71AF355126BCA00CE2E73CC7374_E5F521CA60C5ED8C2B4E2BF399FE2061
    Filesize

    412B

    MD5

    0956b8e760f96a838c86a9b1ba109aba

    SHA1

    89fbf2d2d587b9ae65a57f42875119d4956adbb5

    SHA256

    6565c0c202b1d235589af76b11742adafcecd2f586b6e9e221281682740a1217

    SHA512

    4d51b76810ccf0d475db5a85be772244947f26a1163ad2055c80f6ba8f275c6ce52d161807eb5c6a1ade33a5cf348be3afd48a54913531fbee3333e7296d1953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\856FDBDDFEAC90A3D62D621EBF196637
    Filesize

    178B

    MD5

    6d737c9f37922e562785a817b6444077

    SHA1

    f1668c00adede986515a3895d631e3865d2333f0

    SHA256

    74f88e6852f04d61f35d5e93287b4413e6946eaf7e9d22ad04f6d25b05111b59

    SHA512

    d10d1f0cc41d1ddeaca91549c3912eaabd6ac40bd4f31e1829d2e18d467aa2a5b036f2e968beefa90d5efc713cc3cb1cfa78ae0a47bf2911e396904db7fcddfe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3E4C.tmp
    Filesize

    75KB

    MD5

    18305c0559aafdc62f38719b4bf642fd

    SHA1

    c2b72b83c7c21c0c7c2246c36ac6f9b344fe542f

    SHA256

    9a33a0747b4cae82f22c75915073291e3acd1f86f23fbd7ea68af9762d559534

    SHA512

    902e05918db102fc52e8a241c42eef179fea551bf4733faab1db0486c58f13b9a4c34432c30174b5b65a2ce0b7a67fa22de2cea9c878ce1e3e904264f51b931f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3E4C.tmp
    Filesize

    195KB

    MD5

    51ea209908a8c5c95647882af90ff04d

    SHA1

    b06858eea03ac04af9b23c9aafeeba5730eeec7d

    SHA256

    be877822b4f25175dcd770e516ceb052b0005ac8e6d2e9f007f500538c296bcb

    SHA512

    9ced5ccb7d227435d4c60c5e1034cab34d5c2ef3eaa0d4d74158e7ee5cc63c42c0979f4c9715954a44eb6ecda0c1b7bc785bfdb5e027ca3ec63d78500847f655

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3E9B.tmp
    Filesize

    173KB

    MD5

    eb85453094799bc21ca5bd3c8d8dc433

    SHA1

    9ab9391793301cb987986165bd8a9f7d48096845

    SHA256

    335d8c7a8e1f34dc5ce383d0f1dc15905d12676444b566b5317794ea5f97d9e9

    SHA512

    9269149d4a4b0cfc6cf53ae2d309eca11318795b75f86ee540a3f61e3e8acd0b9856528d088720c0665081276ce3f161981313924c3263adc2fc24c9ddd02d88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3E9B.tmp
    Filesize

    119KB

    MD5

    b24585791582dcf23853d1bfefedd582

    SHA1

    49921a86f84c0b83676231a887ea328c4e1c3c7f

    SHA256

    0ad23d7e36203dcc69b7c59ad8c8bc6ad678beda1cb48d387f263fedc71bee63

    SHA512

    507a8b2b95f1c6adf07be9f1175d97b51afab8a412faf007a178581b7d2eb6269ebc252285f640fd4da409c3d1ddbba3c787a42cccbec2d675ea1e6dc599f55d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3EBC.tmp
    Filesize

    91KB

    MD5

    a9ee79f3d60059d707842ba3f48aaee9

    SHA1

    25dad39b3f51cd70544882d7a18b83847dfe47a6

    SHA256

    9df15c9d56b0809f3b7aa1d8621c3145614b9091aa9bb43704839d78fffc77a7

    SHA512

    6db135566fed650ddeda53979bac9f71995f089b44b66857f99d2bb78ad03dc56dd15487bfd5a0dee43d4cdf0410817b2a7e44274d260b8a6aa9a1f3d6ad181e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3EBC.tmp
    Filesize

    149KB

    MD5

    9e51affa89af6e3e1cba0b2992749d16

    SHA1

    e769cc5462b204839a85a87ea093dcf9fbae6f8e

    SHA256

    1a289879d2d69f29ccd55071b5c0681b9a88794f7af2fdf62919a8204b9822ad

    SHA512

    2e5226fe1bc020a55db68de8c35e588b08e0aa4795571bc165b87a3a927c6b12989f4353dafb77dce18645a83820985ab95cb84aba5df9b473776d0fb519ff56

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3ECC.tmp
    Filesize

    94KB

    MD5

    33aaadc4f911ceaa58005532932be57b

    SHA1

    b58f0441aca53c3d1cc7bbea693fc696e65215fe

    SHA256

    6bc312e2078f6e05b42a291cecbf8d69d3e132405ea815c75aae974dc91701e2

    SHA512

    704beeb54fe25269631f64ee73ae126ec71706c149809a05dfb84b333315b3572763fc8f16905e59af829e77ed2384c954121e07eb40674426ebf63389aff3d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3ECC.tmp
    Filesize

    147KB

    MD5

    0f45f9cd35e6e7202f1937b383a01f94

    SHA1

    994fb74fa16f0034121db9fe0a45f737dccc79e7

    SHA256

    30cc3018f564e6b2b62e3b3127e13c3096dd06b189f0da6cc786fa2ecaccb683

    SHA512

    a81cc593ca5ebbeb70b85f1d072e00afa3580f193d2ea3d0a5e51da29a6821e0da30cf1e85dabeb69ac6e61312e734fd5f7f018fcd2be610d91259cc8f7e480e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI3ECC.tmp
    Filesize

    70KB

    MD5

    7fd31649214dbcbf690f8a67b5b10918

    SHA1

    3614915c30e0046ce476bcf3b1c928dddde05498

    SHA256

    4593c3cf44815af6ff5b6974c4f04e409ba7324bee535fc75c675d6a3ba4dc4e

    SHA512

    443e1045e3c653ba20b52a5e1460b33d57e0f31a84370de3f0c7324ca40476241893dbecc20a28ae8e44c9260a89ec13eb8527e8e033ad287b396a17b52142e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI413E.tmp
    Filesize

    56KB

    MD5

    afd412aaa56c380216bfeac4fa81d90c

    SHA1

    e365c0a43d229b020b5f4e117e45d17afaea1787

    SHA256

    4c326650ffe2329face46d20a9ad100a7bdd5ad7c23a1740bae909259baf37e8

    SHA512

    5d3d09a3d9af073edc42b56200d5e19df007fc6912bf8bd635f27af631a408d7d58750711011060ac977319d744a14cf68d3340d0258bec92ebde11e758bbc96

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI413E.tmp
    Filesize

    89KB

    MD5

    76f8d4906850861c5faaea38114843ea

    SHA1

    f6c0bbf9e4db4612169c35aa9a9d121489139b99

    SHA256

    a9bc52f8f9b752407c636fbbb9bb52cdc878ae33462585ed4c69a8518c5155c3

    SHA512

    7612dadc0d0919387866dea51cddb05ec62e7993d95ce10fe677ea9eae5be32fea99a73f182723ac29903eaf2870139d18a3d4e9def9183ffb499f66aa727189

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI6DCD.tmp
    Filesize

    824KB

    MD5

    6a6869f613c9910e6fca985f5275a07d

    SHA1

    78357659d0ea8b228f1e5b935ee09096c44d29ed

    SHA256

    1b82dcad5eb0023c2cce92770db911d9595e7a5a9f057876aed8a6246070eb51

    SHA512

    f23c46c4fa1bbedbdea1bf0151004dd6598828e34e00c436f4ad54e883dec53b347bd3d0d65d08387bc09b3937f4e7cfd5d8cb16033921fb8e8b451e28e32076

    Download Submit

  • C:\Windows\Installer\MSI9007.tmp
    Filesize

    434KB

    MD5

    4f6168604ce91dfa60120f2ac78dddc3

    SHA1

    2526b850294f0227cdd6e33b8ca269e78381d062

    SHA256

    cd8f4e7d6955fe4ed167ef5d3a74a8bca05ead8233c1dffc19a424aeddffdf06

    SHA512

    34775aba019187b148cf17729bf35da1977ba851a83a3b50bdf9370373d2060dbf8d50b11107c13e11dfc79e32f7318e5205a698ea0ad5433cca943699addd24

    Download Submit

  • C:\Windows\Installer\MSI90E3.tmp
    Filesize

    442KB

    MD5

    d0899167e5d6db75d1e370cc37de88c2

    SHA1

    cbe274f67e7eab164e40139446c2761eed1a499a

    SHA256

    5b7bc92e72a7e369f3ea486afb2f45e9157dd3d2bb921a2088f2ad34dc82c54f

    SHA512

    848e2193c8a525b0f97b16dfa13cbc39fae60fdcedfe9a50c1e50e113300ca527d5c3485dd3afd25d918052531b5ea30e5584f1401cac5630714ea201cb095ec

    Download Submit

  • C:\Windows\Installer\MSI91AF.tmp
    Filesize

    856KB

    MD5

    74d6a0131536ada2bf058702229d2081

    SHA1

    0aff11b5c1b599ee01c7cdfd99ad21acc012da9a

    SHA256

    8822cacaa3f1b7532c193208d394e09d9884a5d10dc7509af24d445175f15632

    SHA512

    18a36201d6697ab69aebf8f92ae71fbe1ab225f071bc1c93ac5a1823b503573f1cc144a1c66459b81be8a0095940978b5c4eaa344cfda2535bdc68c71580ccda

    Download Submit