Analysis
-
max time kernel
139s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
-
submitted
11-04-2024 00:38
General
-
Target
msodbcsql_3be4cf889ad6c6334b15ac136d57321cbca28026.exe
-
Size
4.1MB
-
MD5
ac85224e7442d03afab8e7e468d12b12
-
SHA1
3be4cf889ad6c6334b15ac136d57321cbca28026
-
SHA256
139bf4bc1e0b8b3832e82f23cef43ab0b66530caa0963e45950175df459b1458
-
SHA512
607405c83eeac87239e9906092732a808deb16d4620ac46708f0b0efe15e097a66869e97ac6d78bcbe0f48a9ec30cfaf4a44c74ab8c35e95dd75e09ba39140d7
-
SSDEEP
98304:tJxJzqAgBeiY7reD2RZDwEZbRmckDZVRss+C26lbZ8nHezBbH8YD:tJxwAn3e6RZhbUcif26sn+9bRD
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 8 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Drops file in Windows directory 29 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 26 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\msodbcsql_3be4cf889ad6c6334b15ac136d57321cbca28026.exe"C:\Users\Admin\AppData\Local\Temp\msodbcsql_3be4cf889ad6c6334b15ac136d57321cbca28026.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\msiexec.exemsiexec /quiet /passive /qn /i msodbcsql.msi IACCEPTMSODBCSQLLICENSETERMS=YES2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding D7600DD5F15342BBB42DDECEB012DA862⤵
- Loads dropped DLL
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2264,i,7994609493164365963,13212734413040148104,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc73c79758,0x7ffc73c79768,0x7ffc73c797782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3032 --field-trial-handle=1960,i,4768261196811016211,6102198405774452034,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e576f76.rbsFilesize
27KB
MD51f0fb1b4342131bbdd65169bec583132
SHA1313817d8f45dff5ea1432955a0a54061370afb02
SHA25640f29dbd1f5dd898a1b03bee7fe6dc34cd40c03c59757d2d2102d2c67226d91f
SHA512c2bf7f77269103e93021f26576235ce7e039db3738ea25d5499c1dc1d20c2ced429648f811d065a7c7a80cc0c619d1ed982c74e57e4277fc4c49485ad3928fa9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD53e3a2fef91cda823ee5be60e736e3c4e
SHA1b2d3479974b63fe767677a5cd6eeed2d1f747770
SHA2563c9cc741d1762ea631494a39630a78f5075d12abd018bcc78d9a362091dabd1c
SHA51230b379b407e6b35a72f99ada5518ab7383e69f3ef704cf1f5b040c9e1de11e5ca34738277c055d7a5290ccaf23bcc4392859d6391e3c641709823ff45a9cae77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5119fa240bcd017328a4024ee121149b4
SHA10cf07485ee3d08037b6b309f7f7c0cea48ac83fe
SHA256f43779d8f16463062570f0668ad227de7c5a031f034a828cca3bd7d8e1a3d9b2
SHA5120325e22ef733862ae8ed61bcc171a95a4e58bf35651e4910a15d8c2109ac721d963d1d5add275d40e114573b12cd8bf55164e7f5d1f1e728c74b939aa1337cd7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5bb787490c333f1218a5141c514cc2d3c
SHA14aaeb948311eb0561f79d0bb378e8e593dc282fb
SHA256990dbc7ecf6dbd54400c3f2401fcb1ea7ce191c52146d2f6dda36a8f5238b465
SHA5125fc53e0489f55163712588bcf9cd3d2a170889826bee04521b65a895436e8ebd93978a9d0782ff2167dadedafe30b8fcfb60edb1d484e468ddc7fa5964e78f57
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5b14f3cd905b62f690ec5d0452f7ab46f
SHA174aa51af3ba969ae256ba3008126c21e1774fc09
SHA25636f5cf3206cfa11e084f19230ed0320c5d08fe073710567e5dbb90497a581f96
SHA512d82bea4d4adac0f5b853b3d66974e6005750dd2f996c399e3ca7d4b1ddffd9ba8db540aadbb5bbfef3a65de85f5f3875d7609f4242ab8402b2c079ef5f3a0db7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD55e83cca46d61df21a4c83b44bff8cdab
SHA1656a0534f3770f569f224d88c27b73e6afef27b3
SHA256fbcae0f6a4a0ca97707110e39cae772d3940d429f2176422dcfe379a2953b91d
SHA512b7e07008679baaea202989d366d96752eaabd4694f3881ccce4c9f420b7883a9c0c5ecc24bb4169611d0ea6600fa982657115c7c93151c629731190d02494f8c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
539B
MD519b91ca8291462339fc2f128053b2231
SHA1aac3837c3d72a827a3b344ad2627c43b1053e4f4
SHA25652f103f2b9fa383de8752b1004f2845136ba42fc039bbad3dcd67dbd6600393a
SHA51258732ba0be99855e447ffaa6e89ee9011872d3096c3c3b20d18a08cfc1a3125a9b71d7e67143e563e746c9d653f4c35f9a6d6f2d6a72cc574f3cf2029303b652
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5b21e75e3c5afecbb9a53fe47f837dac6
SHA128e162bf9fd0e657c96b7aab492adaf0a95f1be2
SHA25614a43858ceecc7481aad32298c7de986188d7079bdfd5735a89077a811cd4545
SHA512eca84e92b0cc3642f4261455c5281d412078b9f1620d80a4e861ee88fe925c92b6c864ee73863335e89d495f3cb28038ff6c07bc98f0c9a3062ab8398ed77ba1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59ca4d5bb7b2966c5f9540a2eb2f3c122
SHA148a2a5f42ce50083ed9601c6bd0842b6ce21700e
SHA2569a4c119b88806ae2a44892b51e6a8985ea57b8d6b3c2dd1151127aa49ec22ed3
SHA512d67b83da924c927845914a405e52f0d6fb687cfcb1a158d3f394274b4392ce99de10a2ba2dec2e02a8789854e8a2b015a84019be708da5d36a3913516e527037
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5c1873ac98fe2ec0bfa3bfdfce75b4058
SHA18beb1a174f293e80f156613bcd936222cfdc80a1
SHA2560dd1efcc04cd9c4199c8c7e2fe9b263b1c7a119029582b0a38c48dc62f8a2492
SHA51203b763e29a1f588ccc6745a3b51cd2a027e643a896eaa627dad5d94eaa81f2b2670ee30ba6aa6d4d60b655bae6c07b1db560549f69d0819e8ce8f6d303c77a8f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD56c52e5c869f3fb71dea73cb8c8af8c26
SHA172330c5428d58826d4652124c734ef363f78a41d
SHA2565f8bc375eebd63944c1d879703e221fcc406c1f9a5d64734fa3998e7e90958bd
SHA512ff4ad48b7a8977ce410d7187b4f90550908b016daf8aff99f748f9a9da5b0407d01e3ba9b25f2522dc75e1838f1031045c17af28946b2c62b4772c656d6fc2ee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
269KB
MD5ea27215418a324f180a8247eba5270ac
SHA13a07f10d8c694d3a6f397f8db94e5dea5c2da9bf
SHA25608c706430b7d85db0aee016724bb4a2ff35b487265d447b831a71c8c3b152aff
SHA512c747646fda40fd3e2e8d778ca31b9c9722ac7f4c173e404c82f3b3c69da3ac0b0a6934a41177660ccd2b3b0165f701f596b9edad6ccd593dd4fdf2711e16d1a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
268KB
MD53350b53f8d88215cbd81df486c777f89
SHA15d16d8042a7d89104407061ce308fdb53071561c
SHA256c5e75f2c21b6a843a40573c0f550c5b82098e8842c2bc19dd55f904e3557eeb3
SHA5125a8a9724e3cc08d267cb1e7e9d9d99c97d8da9e2a990f3863190e18128f8e7885c36ec7ad631ad474ef92d2a1ecae494e321d31f369ec0abe2cd959831886b5f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD52e85b91add157ef79a8d89764c643c68
SHA12f2521ab04493c242c4ab01ea36dfd4cb9a620a7
SHA256e00f82771498bd2872b042e421ae1c9434f031c600a412160c850d71ecd1e8a5
SHA51285fdbc73751cc833bacde22929ccb65c021e16a66a3eb7eea5e3246919ac0f361a0fadb42568d0ba3bacd47964f615af24dd9045409f0acad17d5195c1245cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5206b0f688c1b1b5c7b54c1a25d805589
SHA1ef9d073735d57529b7b5cea8156e015acfb3b394
SHA2565f639b4735e6b38a73768c2a356353d7ba25d1e8cf5777351e8e9aa15e2fcc27
SHA512ebae6b690fc1c66711c5fb2ddd3fe85f58198c70a759e63dade7d053d1154e5ec200a2eed75571d383816cf765a9e1f1b15a49db6d0348d581fe07ae3b5a0e31
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
288KB
MD5be42b835e5014122b79916e622c79e3e
SHA16756f16582f0de8bbb0c94fa3ddf32977b5317a8
SHA256e6b9ef570bf11ee4cd898d346a9467af4684210b4873825ceafa59e6feae887a
SHA512759aa07b33f4ee534614f2990dd5a72c20d9080031a83e40b7ebf9368ea178e36ef66ea674479bb8ee37093ec792ad4950060a24dcd19666b4c6a1a518cc6780
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msodbcsql.msiFilesize
4.5MB
MD55dab1714ad4c7336de247e8a342a85f8
SHA13ae75e74fda38674144ac30a40d7f734dc849d7f
SHA2561b6e2fe09fb48bd0f4c78e092e441993718eb5515abf94552384e09a06afee58
SHA512b838ef39fa88f944d0f19f081dd528546d017bad3ba2b8da9e843a6aaed0e880a2a1b0841f3a2de7b4fc3ce9737ed294f4ae293d45081e8083734d34742cfa56
-
C:\Windows\Installer\MSI7733.tmpFilesize
29KB
MD5885c18679e8801363b0de671dc4fd88c
SHA1fa5d67d04d65502edc62b2967f4df28f78b7b879
SHA2568efa4c0c279df5db94a10e05390b539424293ab8dcb402c613ed74749737afb7
SHA5124cf10b350b841e24678f2b88aa7f11dc65ea5a4a1dad032540f1d11fe792d5517c8ba332017d716ad6f197814f7bf29e4852b235b9ca0e19d2d569d9431d1563