Overview
overview
7Static
static
3InstMsiA.exe
windows7-x64
7InstMsiA.exe
windows10-2004-x64
7InstMsiW.exe
windows7-x64
7InstMsiW.exe
windows10-2004-x64
7MSIcn.msi
windows7-x64
6MSIcn.msi
windows10-2004-x64
6MSIen.msi
windows7-x64
6MSIen.msi
windows10-2004-x64
6MSIfr.msi
windows7-x64
6MSIfr.msi
windows10-2004-x64
6MSIge.msi
windows7-x64
6MSIge.msi
windows10-2004-x64
6MSIit.msi
windows7-x64
6MSIit.msi
windows10-2004-x64
6MSIjp.msi
windows7-x64
6MSIjp.msi
windows10-2004-x64
6MSIko.msi
windows7-x64
6MSIko.msi
windows10-2004-x64
6MSIsp.msi
windows7-x64
6MSIsp.msi
windows10-2004-x64
6MSItw.msi
windows7-x64
6MSItw.msi
windows10-2004-x64
6_0200BEB4E...2D.dll
windows7-x64
1_0200BEB4E...2D.dll
windows10-2004-x64
1_07F57D9CE...47.exe
windows7-x64
1_07F57D9CE...47.exe
windows10-2004-x64
1_1B4DC5A2E...9B.dll
windows7-x64
1_1B4DC5A2E...9B.dll
windows10-2004-x64
1_2797A4C85...0E.exe
windows7-x64
1_2797A4C85...0E.exe
windows10-2004-x64
1_29F1BB284...4.html
windows7-x64
1_29F1BB284...4.html
windows10-2004-x64
1Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 02:45
Static task
static1
Behavioral task
behavioral1
Sample
InstMsiA.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
InstMsiA.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
InstMsiW.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
InstMsiW.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
MSIcn.msi
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
MSIcn.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
MSIen.msi
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
MSIen.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
MSIfr.msi
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
MSIfr.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
MSIge.msi
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
MSIge.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MSIit.msi
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MSIit.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MSIjp.msi
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MSIjp.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
MSIko.msi
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
MSIko.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
MSIsp.msi
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
MSIsp.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
MSItw.msi
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
MSItw.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
_0200BEB4EFB34AC8AF68134E35F0622D.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
_0200BEB4EFB34AC8AF68134E35F0622D.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
_07F57D9CEFDA42F78AFA5E0E12E5A347.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
_07F57D9CEFDA42F78AFA5E0E12E5A347.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
_1B4DC5A2E06842A2AF67D90F083EA79B.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
_1B4DC5A2E06842A2AF67D90F083EA79B.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
_2797A4C85C6646FB9F5D7699281AD20E.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
_2797A4C85C6646FB9F5D7699281AD20E.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
_29F1BB2847B84F499F5F20825A00ABC4.html
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
_29F1BB2847B84F499F5F20825A00ABC4.html
Resource
win10v2004-20240226-en
General
-
Target
_07F57D9CEFDA42F78AFA5E0E12E5A347.exe
-
Size
408KB
-
MD5
faf9720d90c9fc464709fa65565e9337
-
SHA1
e9c48b22fbc797659e054f753462717a27449e47
-
SHA256
34157aea467281aaa834115dee2f0a8364f36dcebccf38b073ae140c701f3d5c
-
SHA512
ede6ba17f8cb42a5c250417d9555c9c717dc8369a95dff37cb6f0aef4fd0867c5618ef2942dc7ca109c8c2d026bb3dfaf2b6c87e499f22fa9a70f57f96e7a329
-
SSDEEP
6144:TV+owB4pCHkRedrhvbeAOuEGGjYaMjbo8L+ZSe1QJkGZyB2D1v2pTnh:5+o8g4v6AOuGj+/o8qZPUvuTh
Malware Config
Signatures
-
Modifies registry class 11 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.amv _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.amv\ = "amvfile" _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_07F57D9CEFDA42F78AFA5E0E12E5A347.exe,0" _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\Shell\Open\Command _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\Shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_07F57D9CEFDA42F78AFA5E0E12E5A347.exe %1" _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\ = "advance media video" _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\DefaultIcon _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\Shell _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\Shell\ = "Open" _07F57D9CEFDA42F78AFA5E0E12E5A347.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amvfile\Shell\Open _07F57D9CEFDA42F78AFA5E0E12E5A347.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4436 _07F57D9CEFDA42F78AFA5E0E12E5A347.exe 4436 _07F57D9CEFDA42F78AFA5E0E12E5A347.exe