dd02e2a6f580af520625c84f08991d708c2614ee85184a5abdd86359a79cac1d | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:11

Sharing

Report Analysis Logs

General

Target

750f0c298d126fe41f6ea52ef84389bc.exe
Size

8KB
MD5

750f0c298d126fe41f6ea52ef84389bc
SHA1

9dff0d71cf3f2de7c78f17b9f3b01f75a64e3687
SHA256

dd02e2a6f580af520625c84f08991d708c2614ee85184a5abdd86359a79cac1d
SHA512

526f669871bbfa75a8c1380f8588eadf5dedb381dbf97a4bf13ed68bfecd26fb00748cd00cbb918ce0f62b96fc984d5b4018adbea8c351bbb5f88d9791d71781
SSDEEP

192:aVl/yowJL/aMjGwP7PMZvz+ebMeFMn0TP:u/YJLW/vlbgs

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

msiexec.exe

description pid process

Token: SeShutdownPrivilege 2448 msiexec.exe
Token: SeIncreaseQuotaPrivilege 2448 msiexec.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

2448 msiexec.exe
2448 msiexec.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

750f0c298d126fe41f6ea52ef84389bc.exe

description	pid	process	target process
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe
PID 2428 wrote to memory of 2448	2428	750f0c298d126fe41f6ea52ef84389bc.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe
"C:\Users\Admin\AppData\Local\Temp\750f0c298d126fe41f6ea52ef84389bc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428

C:\Windows\SysWOW64\msiexec.exe
msiexec /i 64.msi
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2448

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...