7c6e588ecef08afdc346bbc8cc2c0e143798e127fcdc4c41352858b2c614cf2a | Triage

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 17:25

Sharing

Report Analysis Logs

General

Target

Users///setup.msi
Size

3.1MB
MD5

406c23ce101efd2582df3e7642e8366a
SHA1

1246f899d64cf894739c89a73609f83d15f31c46
SHA256

a523df66f5072161ff822a197959e7175fd47e23db30f4dcc8e72c711c1be520
SHA512

1d5ba58b94983aa549243ce21cc4e6ffa3ac98d09c02c4e6b265cf393b9cc10e905e2443f8e62e27e34bd9106b4d7e490555ede961bdb6939be3872074cd2851
SSDEEP

98304:KddXq1DEEwN0ItLyrsewa++tkqe+9qQZiwh9n:Gq1DSJkkqe+QQZff

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4496	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4496	msiexec.exe
4496	msiexec.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Users\\\setup.msi
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads