6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LGS_9.04.49_x64_Logitech.exe
Size

120.0MB
MD5

87a1119a7108e33da161b24b6aa763ad
SHA1

3f32007e62f174b411f0c69be9779a6321363153
SHA256

6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0
SHA512

69d5d7808dae0d84fe588850b1cc0f749debdfed6646191c51bdb67ad99d683c4507a38d2c65e05571bdffb32914b656fb74a1d37d1f09b05370fed0d26cba0d
SSDEEP

3145728:NAhY0THiaUvrE7pisu8402Ujk45hAacfBQHHvh9l:NABksEj45hAacfunvh9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2312	Setup.exe
1196	MSetup.exe

Loads dropped DLL 8 IoCs

pid	Process
1972	LGS_9.04.49_x64_Logitech.exe
1972	LGS_9.04.49_x64_Logitech.exe
2312	Setup.exe
2312	Setup.exe
2312	Setup.exe
2312	Setup.exe
2312	Setup.exe
1196	MSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1196	MSetup.exe
1196	MSetup.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 1972 wrote to memory of 2312	1972	LGS_9.04.49_x64_Logitech.exe	28
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29
PID 2312 wrote to memory of 1196	2312	Setup.exe	29

C:\Users\Admin\AppData\Local\Temp\LGS_9.04.49_x64_Logitech.exe
"C:\Users\Admin\AppData\Local\Temp\LGS_9.04.49_x64_Logitech.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\Setup.exe expr=SetVar(level,"1")==SetVar(indent,"2")
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\MSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\MSetup.exe" expr=SetVar(level,"1")==SetVar(indent,"2")
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\1-LGS-x64\compcfg.ini

Filesize
590B

MD5
1e210469af26083b9c30852dcd8c2bdf

SHA1
5e56f537ad3c26971b925a3066a32595999a5655

SHA256
b5e41dfe8aba330fcdf3db493b6ffb9fe889f7eb1d0196e139345cd4a339821c

SHA512
54d047efa00948cb12158fba6b6c99138d9abae5b8a0db2121b48da3b374ea07f7db707113f6d3ff043e365fe81c867dd49fb46a99b762f41a2fe202d2428a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\1-LGS-x86\compcfg.ini

Filesize
590B

MD5
e66492db9c9f317af6bc05907765ae6e

SHA1
1138b1024f6a6e9bae2d5224041d3670c2f52893

SHA256
cc832367c57df6043c288524ac03d3249846256f27c7b3cd1207fea9a8abdf6e

SHA512
5d692bc415ee2ef1ef277755491547954d8dd158e4e391322efa457302ae64ed02e6759639b72bbe471a390005d3e18542352f29bc457996f94a40021540bda3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\MSetup.exe

Filesize
1.6MB

MD5
018b7319bc52fce2fefe2324ef2dcb15

SHA1
1816b27b9edd7aabed4930fa5b2c3740603e348e

SHA256
9f677ba5f0d63c79ab3e0b3850d651433dab0f0f087073711d954a8e40d0aac5

SHA512
baebc5ce488a2cc27d70abd9bc6a5f2545e0b807456044d4355e89cbfc277ec3aa77b05a8b06001c16d980073d3da4512bb1efb9d16bb086d1b8cb1ff27e5447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\lgs.ico

Filesize
85KB

MD5
fd919aeae1b80c98043d6f6217b1818a

SHA1
71c0cb2fb5b733f4bfa09f2175a3edfc7c224d4b

SHA256
30d4ace87d9b97ca2e77d1af7f3493fa1d42c0a2fb9ce12d77f0c04a746cca1b

SHA512
0550cd1c53226031148421abcd887ff667621ccfeabb0d12dd677d33c8d67ec8c43c9d86197be5b92b18c98235beabe962bfa050ab0de42300ea40f1fce4d787

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\setup.ini

Filesize
5KB

MD5
9d1d69694701e1b360484e5df9c5d915

SHA1
5696aa173bba489999d044daf1a023dfa5af45d8

SHA256
9920b2bd827e97a76410062ca607b6a654dad1f5b269ff3587157ffee4f45431

SHA512
71904680b3719857bd5fe487464138c7ab0a4baee6cedc3b2976b7204f5c9ba7d6f9dcfc6aecbc9eeaece9e505884f2d17730b6a694133fede3172047cfbcbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\ENU\CustomStrings.xml

Filesize
6KB

MD5
377d8d8f23fec61e527938e3e225cfbb

SHA1
2bee55d779b96bbee0639cef3c28a7f59ce703f9

SHA256
4ea72f78e855d7aca0e69b9757aa71991518ef1b48d9a88bb1bffa1a676d1143

SHA512
af5a6d54e7c53af6b4cbc57af59bc0a22a819f63fffc1c2c1f9541fd34938098d9e125ee4ba81d97c02c4ac1807cf19d8f2c7db6f3c5501266cefef86856abff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\ENU\StockStringsBase.xml

Filesize
14KB

MD5
062d6b96070bc2c1ed16eb60449247fb

SHA1
ff96f1b2efc587de3c3522b93eedb14147e8cb03

SHA256
7d0588c94a5efde2572f7b46500a4b0cfc5ead61950a8b35a48fe3584be5918c

SHA512
60b1ff57ef0ec2cb2bd7774c55453d68e2dfb521deef073eb762da60cb0f5b46eb88cd96f9e28824e64de89ae4db228e1ac4f7e51981fafad3f528da5087d4f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\ENU\StockStringsBranded.xml

Filesize
1KB

MD5
d2825927f9eb5d9b894cb923a27eb88e

SHA1
de34c1c3cbde4d2bf395969c062fadae7dd2ab24

SHA256
12782510ddda16605ae0daf3fe1678b4c218154999669954658c1d72e9efe2f6

SHA512
54b9f270fbddc770e38a372a969be041b74f7efb458141396ca18a289cba1e190473803ea323298540abbc5628cc11018c9ba02839e459f2b315fba0c5cdb783

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\StockLayout.xml

Filesize
4KB

MD5
aa90b05d71dfa3a3b0196ca1d45943a1

SHA1
3c595d9d2f82dd034efacbcb69917e2391450286

SHA256
0b7ba802683041273db33b0d9df7b9498adf3f14fdb8a86757a89e2b095a99c4

SHA512
8f9faa1c527d75da78ed4e39615ca586fe3de8494094c078f90e086997595e3e34373684b5fe9287557346221e75b08a9eb0dc5463e203e7a39ef7a17e6492d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\deu\wizpage.css

Filesize
15KB

MD5
581d93880badef39363971e4d23407c9

SHA1
b1adc0b8a6c1f84f8b304ce3a7d351570b5ad0ec

SHA256
ac1f708f484615863c193da4fdc880b25c93370cf8e59c904c1f131a2dbed1e6

SHA512
e9c0c077a8942737de8c3a4bf09dd06d06be0b25ccde636fda3c27200e173f18691016ae48d35525bff73db0e183d0713dd8357cb47a8c1412e1fbbb62011089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\enu\CustomLayout.xml

Filesize
5KB

MD5
11316c82034a1df4689d300f57644bc5

SHA1
1646b14b2cd6ff5c5999967840fbbfa2133d9609

SHA256
240c1c06f2cb7fe73418c41af491c9805aadd31bea8727fcb819d18750659610

SHA512
fb76525e70d8173908e29c8636bab505968066730c08930140419ebdb5537ba089e876a0ce243e5f4e7c8cd72230a4b940dff95561d3d4fb4e5557f1b6d593aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\html\FinishWithTasks_deu.html

Filesize
15KB

MD5
0d78b34a4463915850e7b3c1b03bb5d3

SHA1
a4b863df1f4e5d29071505c9192691ae1d6fe453

SHA256
2817278f716126ef3415fe1701871dba2fd6318f5deb99785d8fa72e137ac168

SHA512
f6b507caaaa22b637c66a033383039912aaeb47e00ed57cd2480927573670aff27c377e1784d76f619662b35d3f93d966902771423faddbd16d12c8adb4e4d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\ui\resource_ids.txt

Filesize
13KB

MD5
0746f1e5678a9d66d4ce329f09722d8d

SHA1
886362ee7ce32a3cffb2a574240213088d0ff688

SHA256
34c59c533feed348f8a0610b4ada28891781d94304b56132c6314f4917c31ba3

SHA512
38f3e1b81e440a555b322d7cd9465130f715a5411aa7c868b8b52dfc66a934f02f6999584f54e5588345cf0fe1c9b102a5da2e60545f0341e2468013e6e10312

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\Setup.exe

Filesize
294KB

MD5
2f08d63bd6a6b8ab242cf87c5fd310a0

SHA1
2373187db907db948705f4b78c280f1bc945ac40

SHA256
5d5ccf2a4184d5413ea4c00c64f03cfb3f0c9b8ccb9d308994088118c75497fc

SHA512
191437f8155cfebc465690f4763de5f4ade16fd9888683749eec6590fa4787a496895765e4ba1b4382c0d1169a7c67e34fccb8e8edc0a245e9042cf82f643460

Download Submit
\Users\Admin\AppData\Local\Temp\Logitech\Logitech_Gaming_Software_1\SetupDll.dll

Filesize
62KB

MD5
6716f4e5ee82ffef2991b925dec0c760

SHA1
b933f9530d2ad848d212fc1e7c785b520b87eaca

SHA256
daca629f2fc1c97340f4fe77cf25677952e58a369cfa8953f9f11d599924ed6d

SHA512
6cacc14831a442508294ef363a44ea7bda6f3383ac9616fdf778af2edca582874c061bb4c4ace064f3920684cab9878742c88fdfff15bbc11f162264712174a2

Download Submit
\Users\Admin\AppData\Local\Temp\nso1FE2.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit