Overview

overview

6

Static

static

1

logioption...er.exe

windows10-1703-x64

6

Resubmissions

25-04-2024 07:19

240425-h5msvsgg8z 8

25-04-2024 07:13

240425-h18jrsgf89 6

Analysis

  • max time kernel
    566s
  • max time network
    875s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-04-2024 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    logioptionsplus_installer.exe

  • Size

    29.4MB

  • MD5

    1052827b60890d7cb9b45d4842c9efd2

  • SHA1

    06545f95abefd335810a6ee7784789de08350714

  • SHA256

    ea539312b9e016690fdf97b1fdd3b422dc88161977d5d008a60a75163c6737aa

  • SHA512

    4dfdf34dbdffa596e36d1cddfbc12c3b1406b8cce272078774bae6da0a788d8434c637b9ff8c827ddc1dcc1ac1f24a7df48cffee30250b9ad2a1cdf6773f86e8

  • SSDEEP

    393216:kdnsqS5Gwb6+lptVYmfr7yBG/4oyFN/YuuccKU9oxcS23oxN2bz5frx1CmDfa+U2:kdn+5GU6upttD7yBG/PcXU9g52iN2hv

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\logioptionsplus_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\logioptionsplus_installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Users\Admin\AppData\Local\Temp\logioptionsplus_setup.exe
      --install-event=512164dc-601f-40d9-9033-1a7c1f2078f3.optionsplus_install_finish_event
      2⤵
      • Enumerates connected drives
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1144
      • C:\ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\vc_redist.x64.exe
        "C:\ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\vc_redist.x64.exe" /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4996
        • C:\Windows\Temp\{675601FE-04B8-43FC-9916-6087A0DBAFFA}\.cr\vc_redist.x64.exe
          "C:\Windows\Temp\{675601FE-04B8-43FC-9916-6087A0DBAFFA}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\vc_redist.x64.exe" -burn.filehandle.attached=512 -burn.filehandle.self=532 /install /quiet /norestart
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\PageLegacyOptions.gif
    Filesize

    25KB

    MD5

    ab5a77084d242f395d18a9178f780d3e

    SHA1

    3808e300c9178fc372e08e14327060a550329d3f

    SHA256

    67f08d505222e99ec36c3d648f0733eb9e59b28823136b62f10599fa5d4b011a

    SHA512

    539bf77c03b647cde54912d346ff77c9e1d585b1e531ba73b6a57963e0e1b5cb247cd467e5b7a5b7e5753e135c9e777e123675786710ca54322341359c330c5f

    Download Submit
  • C:\ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\vc_redist.x64.exe
    Filesize

    14.4MB

    MD5

    be433764fa9bbe0f2f9c654f6512c9e0

    SHA1

    b87c38d093872d7be7e191f01107b39c87888a5a

    SHA256

    40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

    SHA512

    8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    f7ebfeac3b4666e1728ee51d27a454cf

    SHA1

    4400ca6a32cd8b1bbd1f3dffddb24ecf59af4bf6

    SHA256

    65b53a8c5c1fa90e2e5bf8179ae53062c032c0f8f8f0c183c4d1ca60231e93e5

    SHA512

    e01cf2f54746a342a042d995a9d0d97b55c89b4af557930690763fbbc601119661accc741193713a5154f42b2950b76ca7d3f8338234a55a56b04ad1ece6d259

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\logioptionsplus_setup.exe
    Filesize

    28.7MB

    MD5

    99e893ec0996372d1417aba564b54dd7

    SHA1

    8ddcaf1c55cf61db07a893853085938cb9ac7fbc

    SHA256

    4bd72d9024134a38dfe19cd34d4ec03a8394c358ceca29f207f26c5400b13e48

    SHA512

    f88b196516211ad1045d01636832519c39ce0497649ffae4a307b579f908604f8bd3f0e49a326845cda212b1c4b9a1cb1fe2c68a7dfef00bda35209ccb2a5c55

    Download Submit
  • C:\Windows\Temp\{675601FE-04B8-43FC-9916-6087A0DBAFFA}\.cr\vc_redist.x64.exe
    Filesize

    632KB

    MD5

    94970fc3a8ed7b9de44f4117419ce829

    SHA1

    aa1292f049c4173e2ab60b59b62f267fd884d21a

    SHA256

    de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

    SHA512

    b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

    Download Submit
  • C:\Windows\Temp\{6E44FB9E-6EF0-4968-A99C-1FFC9D85AF5B}\.ba\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit
  • \ProgramData\Logishrd\{412a60d8-d24a-45c7-944a-faa391cfea5b}_logioptionsplus_setup\logi_installer_shared_optionsplus.dll
    Filesize

    9.1MB

    MD5

    39d96e622ff2ef863ac822228fad9671

    SHA1

    83987dc44ca8b66f2bf642eea46c099273ffdce3

    SHA256

    9bf5842a87b4b95ae352197af2f8fa173b4b452fe13e195aa8f8effa18c9aa55

    SHA512

    f6510e4b8b4a310217a730f569609f8ec1f79baad344d2ec1c08e9978add1dba04af8925eb6bf2418ee7bb354c5f0b8cac1650ed598d4c27e669d91a5d556299

    Download Submit
  • \Windows\Temp\{6E44FB9E-6EF0-4968-A99C-1FFC9D85AF5B}\.ba\wixstdba.dll
    Filesize

    191KB

    MD5

    eab9caf4277829abdf6223ec1efa0edd

    SHA1

    74862ecf349a9bedd32699f2a7a4e00b4727543d

    SHA256

    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

    SHA512

    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

    Download Submit
  • memory/1144-111-0x000002105AD80000-0x000002105ADB8000-memory.dmp
    Filesize

    224KB

    Download
  • memory/1144-109-0x000002105AD00000-0x000002105AD08000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1144-110-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-6-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-116-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-5-0x000002103D9C0000-0x000002103F67A000-memory.dmp
    Filesize

    28.7MB

    Download
  • memory/1144-4-0x00007FFA64190000-0x00007FFA64B7C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1144-133-0x00007FFA64190000-0x00007FFA64B7C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1144-134-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-135-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-136-0x000002103FA30000-0x000002103FA40000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1144-151-0x00007FFA64190000-0x00007FFA64B7C000-memory.dmp
    Filesize

    9.9MB

    Download