Overview

overview

6

Static

static

1

playit-win...ed.msi

windows7-x64

6

playit-win...ed.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    3s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 07:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    playit-windows-x86_64-signed.msi

  • Size

    2.2MB

  • MD5

    1eef27492a56aa4d62bb6eaaf8a35eb3

  • SHA1

    3da59c0a173c3ebc586683a4be39a822883f5bc2

  • SHA256

    ce9b68d7d23a55a767cec828d4a16e8bf79a03e737c12560425d58fc81d55088

  • SHA512

    2d6979153a3560aa888e719a49f2e1087ca19fb08732a14ce7efb1d421f6bf558557454a941f4facab4db2c31fda86af2100be8133287a4dbed26219d044cd76

  • SSDEEP

    49152:G00ICMTgL7USpdbqwtwGI+Pj976TO0gzci2wy9SIT7ZGjYTytJPr+VuOSAE1Y:50qEnbaGVBWO0gzci2wy9SIT7ZGjYTyY

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\playit-windows-x86_64-signed.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1272
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
      PID:404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Cab8BA.tmp
      Filesize

      13KB

      MD5

      488e345972bf25018314d5c327805d72

      SHA1

      553a186e4a2ab290359b3ccf50d970a674902122

      SHA256

      e1a4aeb47d4ab55f53504840a4f7cb6d143d6f74cee4bdeea55f2e57d11756f7

      SHA512

      2361bc37c5e221a82b0d7e7397cd711d354ddc64c41ae7ad0f17b0dadf3463fdec858efa237d03756e306f3754ff4e289783f04da3906bf8bc376d7a4063ce7a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar16EF.tmp
      Filesize

      5KB

      MD5

      01659b34754c92057c767dfa7f7e4e05

      SHA1

      728401bd7026f3bacd82844787459c2e8e761b28

      SHA256

      453069e4101f3ccb1688a8d6de12d10367476433109c2fc23dd4f006ff185d74

      SHA512

      bea235b8fc7f09b4fa3554234f470ffb627a1ab9651640db53ce6993ca8d0848f78c467c915f993af6664d6651174a213e621e7f4950e299a67486e3de42e28a

      Download Submit