Overview

overview

6

Static

static

1

cmd_fw_ins...eb.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 21:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cmd_fw_installer_138430009_eb.exe

  • Size

    5.4MB

  • MD5

    b48216dca6f745a40645248384659fdd

  • SHA1

    3bc265e7282bfb5c63be6cc73a2b7aad9a060904

  • SHA256

    9b6394b0d1da147c5c718ebf3aba211ce2d4aefc63eb0dc80ed5cfc0db269bcd

  • SHA512

    488fbd2b606c4f829b0ec05217b7d9be687cb885b988bc7cdcf7e1d61da2ef06fc422646696e24c2a1c1a63d793bda2293204037bd5a0178a673c00e91b226ec

  • SSDEEP

    98304:n3oeoi7dSeyJ6A89FbeCD25kvriejkx9sZjMK6vx6IF/M8aWzBWcPNkNzt9e:n3oeoYSeyJ6vnKCD25kvmeh6vFF//aFU

Score
6/10

Malware Config

Signatures

  • Checks for any installed AV software in registry 1 TTPs 25 IoCs
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 14 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe
    "C:\Users\Admin\AppData\Local\Temp\cmd_fw_installer_138430009_eb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3764
    • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
      "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe" -log -setupname "cmd_fw_installer_138430009_eb.exe" -sfx "C:\Users\Admin\AppData\Local\Temp" -theme lycia -type web -mode cfwfree
      2⤵
      • Checks for any installed AV software in registry
      • Enumerates connected drives
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:908
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall_138430009_eb.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall_138430009_eb.exe" -log -theme "lycia" -setupname "cmd_fw_installer_138430009_eb.exe" -type "web" -mode "cfwfree" -sfx "C:\Users\Admin\AppData\Local\Temp" -logfile "C:\Users\Admin\AppData\Local\Temp\\cmdinstall.exe_24-02-12_21.55.47.log" -parent 908 "Admin" 1500
        3⤵
        • Checks for any installed AV software in registry
        • Enumerates connected drives
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies system certificate store
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Comodo Downloader\cis\download\installs\8050\installer_data\binaries\files_info.dat
          Filesize

          34KB

          MD5

          f42c56a1f750bdf43155a2aee0f1407c

          SHA1

          0929dd9594fccffe5e7e43ea33a5eb6467afab0b

          SHA256

          86e8a71d1327fe5f26901c8a7d10bac322dce1ff621e1339db9c7b6ab905244c

          SHA512

          31dc56d6455391a0075ab59d438335c9d38da43e1ef974bcdf14be059d63d48f8a8f7a1f6cd9eb5e790519a3824f59387abafef48417bbeb74e34b526646b8d9

          Download Submit

        • C:\ProgramData\Comodo Downloader\cis\download\installs\installer_data\installer_init.xml
          Filesize

          20KB

          MD5

          06c0057d77fc4789b1428dd6710cd5ab

          SHA1

          660445d67f92e84ee9aa96a7aa6cd50ba43148ca

          SHA256

          e3a998c06b37cec5570409e0714af72a1a936759b4420adf1b0dfaf43bb7218e

          SHA512

          497a86bd35149465ef3ce3d7b483a3d4950475963a9cc20075f4f92a54b05fbffa97b537b256c9bcc31a3a20f4229d33ceed45f6bd30fc9057cf879bbb368a91

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007
          Filesize

          766B

          MD5

          9c168f71c294fc5d5b420b51f3b8d34c

          SHA1

          fad2364acc1745ef28abc1f1f6e4059f3bd80232

          SHA256

          fecfd0410404a1af04bfb6a17e406213dd27a6532c2ea8c2d5668564d7bd5884

          SHA512

          1a1b2658c706634195611ded83c5d1ff92fca153d3c92dceac0f0233f07341a00ce5f62faceb298a2633a19959d8cc82e5ce95567dabfed5674d205019df1df7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
          Filesize

          509B

          MD5

          b830d60dc35f443ccf7df6915057dc94

          SHA1

          143d9a98aa590543446cec9408b8ba118e0f0470

          SHA256

          c65b33aff12801c35d52ab86e000414dec70f2d5c882ebdcf214ef3cd6c41302

          SHA512

          1839ae4c4ab53af3b3f0eb8948a33dc394b7d68556b3b2bbbc0029def1879def0384196ee0276997b4cb8337ef209981f27938e9d814c1345294cf4a8a1984e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F26A2159BA21EA573A1C5E3DE2CF211_7541962669C96CEAB06421EC12621007
          Filesize

          484B

          MD5

          174a4de1c007ea6144b50db0c7bdc1cc

          SHA1

          a6b3c91e652de6c4faed6bd001bf291f6bdfe9d5

          SHA256

          97b670c7d2895285869cd1c3747e4ace2aeb77f3fb2990d70fade20652e4117b

          SHA512

          6baeb687f7d43623d1dd00ee3f8813cb6541576763b8629c87c6030410bec24cf561588f4a3228fe56a2a9da99da7e2d0a96a7548cd040bca916440cf54447f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_941A5BE5FAF3230B9FC294754AF2A1C3
          Filesize

          490B

          MD5

          34dc6ba32f7b2b53c22f0648d75e933e

          SHA1

          e9dec4659e7dc5de22639146117a09a52ec09fcd

          SHA256

          3bc500bde031ff42e89de94ace41f6789a9fde64812542512bddf4a3e71d0a6f

          SHA512

          70179a78bd0ddee9f545c358a01825313cd023350a80e6eb04898a0dd45a36e1f910b97cceb3fe2d781d38986d68c276137b755df9e9adbc38cf2197537621a4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\7za.dll
          Filesize

          277KB

          MD5

          7baac18fb157c76574ca3d7a2f5eb193

          SHA1

          6460577ce621fa28133096073376f6a88f8acd61

          SHA256

          347144ae998d96c6b8664abf56f3ff8cfa4dcdfd6e13205d7e8ee2f3b77eefc2

          SHA512

          513cc213da81db470f8675c29162f4b724bb92a690edd451025eb68588971eebb937f88cc5a659222f2bbbd99440aa56800bf4167bb8912ea87a0b2648b002ea

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdhtml.dll
          Filesize

          4.2MB

          MD5

          6d9aa26bb18af69dc74ae8e822eb53dd

          SHA1

          6ef20da9b9e70afa742f047f1c6f9d3e58290450

          SHA256

          cf140523b8834de1c37efa29b02adcdc88babc0f8ee90ba93dd98c260d7036c3

          SHA512

          3a9e8f15d207e98bb182f8d1838e93dba9750e6cfc79b72aab0706f969866447e50b3ab28bc1768a7cac7e7733cde80085cabcefefae0d287f08374578935c36

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdinstall.exe
          Filesize

          5.7MB

          MD5

          74cf93a3d559a630911fc94568b99e1e

          SHA1

          a5f164154e164174c715e493f440b1935ec53af8

          SHA256

          fe82eb2103b177370e742aee40a2b840805516ff23867f6b9bd3655a401eb50b

          SHA512

          c000d512e270d7f89058fe52a3ecfac6f60462eed21b134ebb57640cc6425e7ece9b6ce683acc666d8358875c8d621497a8e3eb95b4ad72311efb9d12c03100a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\cmdres.dll
          Filesize

          367KB

          MD5

          a4b3e07a9d407bca7a0ed76ea7c4945f

          SHA1

          af16d87110e2f9e64d5c35a6d522151b69377bbc

          SHA256

          b115a17e7500dbc34cce1f8e84a59f072a26ad49be5dcde6ac5908e4d2ad3555

          SHA512

          77c6ba298f5bd4c04192660d365d2a45ecb23fa441818735bd01050677037e1976670dcb457b6684343fbccb02a6fcfd98f22ae9f2de263057157917ee28d981

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\installer_langdata.bin
          Filesize

          5KB

          MD5

          b80eda6258e28b537651f8e5ebd997ff

          SHA1

          826741e138e8342f4bc3303838e347a44bb93546

          SHA256

          6e960dfed451c2dfb99352d25d3df8dd46fe7d80c9af79805c0cfbd1a99a2709

          SHA512

          9fce1cb5fe8b6a2bc4d13c1ca3ec31c926c6dd33717f145da6952ae33144eb11a6ee9e751e1d3e2d5d6ce7768e9f9602773a917d9f5f8473670e6d631b932b74

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\themes\ilycia.set
          Filesize

          764KB

          MD5

          7b85f91536c8342ac64d3edece2af7fe

          SHA1

          1e28c62364f606f03078e985222a2e3400a483c6

          SHA256

          918e7aad857776a895ecdf850665c355026882bcf1e0eba279ff4f7aa4b6bbae

          SHA512

          42cbaca95018eba8b05d3d586dbe8537ec1130af9edd813c4e7affef88c804a4ae65d9a446a95326508cd21da03a7e6a7969f6de5a68e69ce86c827f4308ac5a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\cmdinstall.exe_24-02-12_21.55.47.log
          Filesize

          6KB

          MD5

          afc77b91f43a62e98ea826c4086e06a2

          SHA1

          6db7f495d135ef01c1638e03d4f51b03e8c1a347

          SHA256

          0f67c15df4c6aa0f0d7a3fcdd302ebe3a8d2112a1a37f9f167d86cac20b16e1e

          SHA512

          14ad8af889efa12fc89065b71c5693c5abb2e975e9ae64d2f8898ccd470678442820f35c07af318fb915db1e0b67e0f14f1bdd68feb0d4495a1b38751da70340

          Download Submit