Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2024 10:50

General

  • Target

    954b3293316a106631a71f73ff652d45282cfbd5ad4986ed6e8be0e201c584ca.exe

  • Size

    5.6MB

  • MD5

    aca988c85ad99e04a19d22dbe2d656c0

  • SHA1

    cbde122beac4511f498da602d7639043e17d9a1b

  • SHA256

    954b3293316a106631a71f73ff652d45282cfbd5ad4986ed6e8be0e201c584ca

  • SHA512

    7c0bde6fa75cec75a06812c185aff74403d169f72557ea95293a58626a2c05763ffbecfd68a0f30b52950cdf00379fdcc4c8f057889f9bbf9b9dfce06d833ccb

  • SSDEEP

    98304:jImZBk8XXSSRr2aVFuHIxrNMV37rq+T8yA9Y+ENNaDfOMKfx3:j/Z0YrYrwY+z9Kf1

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\954b3293316a106631a71f73ff652d45282cfbd5ad4986ed6e8be0e201c584ca.exe
    "C:\Users\Admin\AppData\Local\Temp\954b3293316a106631a71f73ff652d45282cfbd5ad4986ed6e8be0e201c584ca.exe"
    1⤵
    • Enumerates connected drives
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2432
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A7C924FC9FD781D024DCBA6E18468C5E C
      2⤵
      • Loads dropped DLL
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\PrepareDlgProgress.gif_1

    Filesize

    889B

    MD5

    e14d2cc6c1ebcab8952e2768e9bd9859

    SHA1

    cce93d98149155d5568fcabe7652efaeebe0fd74

    SHA256

    e90f72001588feed45717da6d4c6d0c9367ad151d635af7f1d0da10eede642cf

    SHA512

    fef085cbb131c1f898258c24da4c7a4c4baafd797a5bd9d28b2986137248c2dd7f0c19aaa06b3e15b29e684d0815cece30403e70b9855a75cd44179eb6222c7c

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\Xsens_Logo_Coral_Blue.jpg

    Filesize

    19KB

    MD5

    ca67b0328517b019f15d1a4ea4facfd5

    SHA1

    3f4dbe7542fb24947b1992bb09b946bc6d43d8f5

    SHA256

    87fc50657f21c99ca8e4a6023148a1d710d6de5bfe96ad26de65867126a78e4e

    SHA512

    188004f42f5612e604dbfbed8927d449e69e8316b338166263af43fc4a4bf788b7723f749287c7c61de46bf08a7fe545b64587ef843906110d573123878258bf

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\backbutton.png

    Filesize

    391B

    MD5

    9f61b086ae93580bce1b68026e470d00

    SHA1

    9bf4d1885fa192c411edb76d60fcd237f8480ee5

    SHA256

    3c2f67e3a08cbcf11bc76aac5f08ded5d62bdd63e5d10df9e20c6c465bb73e99

    SHA512

    85b12f0c8bb1b9b7a455f9b85489d808b0e4c8465b70d667187bad8db4cf494482786dd3878a7d418b570eac07ad1b85195a2cf953c1bad729ae0ec4ecdc0821

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\backgroundprepare

    Filesize

    154B

    MD5

    8fd875cdc559ad66e0a94c64fdb762c3

    SHA1

    79111743f1ef8da31688f1644f9568a42fbd3ed5

    SHA256

    fe7c2d4c244139591b0b716a410a1d8af38084cdc560a2beb265bdb8578e4eb3

    SHA512

    0985a7456bd94e21d62428368c8e52ef7021fe78966dd967b96ecbbf05542abba4f8c85ef3d56bc0f5f9500e0d0828d4b54feaeef9768f85ff754ca8a1b5af3b

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\browsebutton.png

    Filesize

    258B

    MD5

    5ebdf501735de47292e2496400b237ad

    SHA1

    44e150c13c7e0c26c17d6513b8e32351f6f9e813

    SHA256

    1eebb2bc8591a8d9387328fe6bcb2a191d1fb009967261f15f6a81bd0a76e674

    SHA512

    0a3adfbb96eb608d084aef45eff0542c56a5f886204cabfadab333aee9e0fbd939a6f1227b50e0637c4b5636c4001d47b5a00b16339fa67bcab350a860f34447

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\checkbox.png

    Filesize

    788B

    MD5

    f629b0ad1e3ff50a742569db0ce4c961

    SHA1

    ee1d0f4a2ea6a55b635815d64b2131bce9cecf44

    SHA256

    cca2e4ac112b43db989c865c2adb9e11833528c9d3e740fc584c425448e6e70c

    SHA512

    e64894b41546c5b628024d8ba5223d6aea870ba0f0809f3dc0a5909d32e248e24a067ba72b803671505c73e74833fa0a9ca662821b7fc537c27cb5d530a2e496

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_bottom_left.bmp_1

    Filesize

    66B

    MD5

    1fb3755fe9676fca35b8d3c6a8e80b45

    SHA1

    7c60375472c2757650afbe045c1c97059ca66884

    SHA256

    384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21

    SHA512

    dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_bottom_mid.bmp_1

    Filesize

    66B

    MD5

    71fa2730c42ae45c8b373053cc504731

    SHA1

    ef523fc56f6566fbc41c7d51d29943e6be976d5e

    SHA256

    205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd

    SHA512

    ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_left.bmp

    Filesize

    66B

    MD5

    0e1ab770f8d8f8768b66e7de087087c9

    SHA1

    36ad69f719f035d0c040db6d611611552a387b41

    SHA256

    3e57878d7e1c0d2fe4db1dd47b803a363188114520ff5d7a4f50fab47c0ee992

    SHA512

    2c5a627fba9ce1b35397d1dc4ae7b6954bd7b39a402689f3c12f2dc314ca5133f553da0411cad0a6d556f1787f2b2fce585f76d4b73bb2cff98732aaf808fdc1

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_left.bmp_1

    Filesize

    66B

    MD5

    30384472ae83ff8a7336b987292d8349

    SHA1

    85d3e6cffe47f5a0a4e1a87ac9da729537783cd0

    SHA256

    f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a

    SHA512

    7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_left_inactive.bmp_1

    Filesize

    66B

    MD5

    4b84f29fbce81aab5af97a311d0e51e2

    SHA1

    60723cf4b91c139661db5ecb0964deca1fc196ea

    SHA256

    c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55

    SHA512

    775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_top_left.bmp_1

    Filesize

    154B

    MD5

    1966f4308086a013b8837dddf88f67ad

    SHA1

    1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190

    SHA256

    17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741

    SHA512

    ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\frame_top_mid.bmp_1

    Filesize

    66B

    MD5

    4e0ac65606b6aacd85e11c470ceb4e54

    SHA1

    3f321e3bbde641b7733b806b9ef262243fb8af3b

    SHA256

    1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee

    SHA512

    7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\metroinstallbutton.png

    Filesize

    541B

    MD5

    76c1a5be2d21e77597d35d7c3a73c59e

    SHA1

    5bc6aa58563e536a757743460fc3f41b88287375

    SHA256

    45d4e2389c122dc27be4fc2d89ebb6ff192f40ba897afa71526553e1b265b06a

    SHA512

    221742f6204fba77d2b1ac4ce36f5179d54b416ff942de73c92ae4c988fcb291f54beaf6e2ef5ede69ce6f48b7b5dee397965bf2014f4a3988bc2f14b8d9b29c

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\nextcancelbuttons.png

    Filesize

    391B

    MD5

    cfa8cf18fefccac32046d7cfb2f63170

    SHA1

    f52da2c3d60fe1447256fb35d95f045ba3ddd0fe

    SHA256

    312d3a70c69ffea1adb00a5fbf27f5b3fe715c5b49e30ef38f933968c2525637

    SHA512

    c54018ceefd1c75f2f6e5589b896eb84ae464dc1320c2cbdeec4acc5e6bcf6d60cea1431ac391b1027c566b892fb2e63d5bb49f12e945a8d65ab24f505625597

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2432\sys_close_normal.png

    Filesize

    225B

    MD5

    8ba33e929eb0c016036968b6f137c5fa

    SHA1

    b563d786bddd6f1c30924da25b71891696346e15

    SHA256

    bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5

    SHA512

    ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e

  • C:\Users\Admin\AppData\Local\Temp\MSIA4D.tmp

    Filesize

    377KB

    MD5

    8b03c31b6d87a2103405ea8c5f337799

    SHA1

    5cc2be39a0f1f4bb3cfb561c77f5ae7e96eca6fa

    SHA256

    75741fff4c3726689be3329dfc16d45becbd6937d3e5b8211fc7997d8d4695ec

    SHA512

    c38226b1c86eb9c661204b94e2455c608749f2a4d80686c18681a2577446afff9edd6aeaf85ef253ffe509a2a5cfa715bd2ada573d44d4e31271868707ede143

  • C:\Users\Admin\AppData\Roaming\Xsens Technologies B.V\Xsens MVN Developer Toolkit 1.2.0 1.2.0\install\xsens_mvn_developer_toolkit1.2.0_setup.msi

    Filesize

    2.0MB

    MD5

    13dc292f4d62105792704b69f1b77b03

    SHA1

    ab9dd5d09c9b899451a7384898cade5c17960d73

    SHA256

    9b60959b2b89eedf51995e9f653f8c07911ccae6b202e19020a4770c679ddd37

    SHA512

    8fe60ed0c3cc80646b93a070b7cddc6c65dec5e2bc2c10bd407eca813ec1b242adebbf31c20df600008f793c9f671a89bbddf2696412c4332c4098064bab643f

  • memory/2432-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

  • memory/2432-272-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB