Overview

overview

1

Static

static

1

evidentpw_1.msi

windows7-x64

1

evidentpw_1.msi

windows10-2004-x64

1

Analysis

  • max time kernel
    1378s
  • max time network
    1174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    evidentpw_1.msi

  • Size

    24.0MB

  • MD5

    f6d754310f11b3c721c698bd35831d3e

  • SHA1

    b58d44b5c57258b024a9f21a351b04ed30a101d5

  • SHA256

    e06ffeb6e894f79232b657ace05d337f9d64efc313698985f7c467af6ee0887c

  • SHA512

    1dacd44fa2612f6b9b38eebf249215f4bc940bdbcb0b99cec2f5eeff7a3d91acb00aae195e1e7ca35f289ad43bf18853119ba25dff9237778bbab75ea04caeac

  • SSDEEP

    393216:Uzl3Dv2c4lJYu2ktpr+4mW8G/EbtQs8SkV5rt+yduERkGt50MkhFegBzD9/iD8jb:Uh37xsj3yGcZQ5++u7GkMkhFegFx08jb

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\evidentpw_1.msi
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads