Overview

overview

6

Static

static

1

Fact.Natur...LF.msi

windows7-x64

6

Fact.Natur...LF.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 12:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Fact.NaturgyID300S220404024NOPA22442452256676545245PDR2PD04LF.msi

  • Size

    6.2MB

  • MD5

    11257af7afd167cfadffe0f3e986e4b9

  • SHA1

    00a4336ff9fef58f069790a58c6fff37c08f45be

  • SHA256

    fa9b8e9bcd992a27b3e86fd9dfc2635afffd54616e0cd5aacf4d17c9e86b258c

  • SHA512

    9bb4ca863e77963066b0a13f0edb024aa2d90f9737fd55686a7177a811d9ba7080beb7b6427cc5fcb6ddb58ec34174109694e658f34831a1591c2aa9d0ad7e0a

  • SSDEEP

    49152:Zg0aA2EXHmD2d22vY87zSZkCXyauPWLjR5pqtzzRs2oo+FrZb8LS6sZooF5eUhXq:32mG1CrAjRWRs2oo+h6gxTCtVo6

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Fact.NaturgyID300S220404024NOPA22442452256676545245PDR2PD04LF.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3704
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3108
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 11DAF2EE6EBDDE5215DDF8DF59A71119
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4908
      • C:\vhomenew\Kuimmp.exe
        "C:\vhomenew\Kuimmp.exe"
        3⤵
        • Adds Run key to start application
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:4416

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\e5738b6.rbs
          Filesize

          595B

          MD5

          72b11fce0cf2663b6bf2e78d3e241bf1

          SHA1

          8bd1e6ccff849d51ea313076aa48d852cb173eab

          SHA256

          30eba82539048445b582e85e0d822e7d6d160edae57837119cbb0eef14927aa3

          SHA512

          58b372a4dfb19e96c89f29aaf12e2582b60c914d6c180c9b1ef1cc564bc50e0992c918981bdfb777695679e3ccf143238eeb8fbe23fb8597f60e72655d7a97e0

          Download Submit

        • C:\Windows\Installer\MSI3911.tmp
          Filesize

          557KB

          MD5

          2c9c51ac508570303c6d46c0571ea3a1

          SHA1

          e3e0fe08fa11a43c8bca533f212bdf0704c726d5

          SHA256

          ff86c76a8d5846b3a1ad58ff2fd8e5a06a84eb5899cdee98e59c548d33335550

          SHA512

          df5f1def5aac44f39a2dfde9c6c73f15f83a7374b4ad42b67e425ccb7ac99a64c5701b676ae46d2f7167a04a955158031a839e7878d100aaf8fab0ce2059f127

          Download Submit

        • C:\Windows\Installer\MSI3B0A.tmp
          Filesize

          5.1MB

          MD5

          ba1f4d3b9d1650da9cceb5b4a2d6f744

          SHA1

          9ee6a5e70eb1740f56f350799d4466c7ec079313

          SHA256

          d3406e37f6df7dda66c6621cf67bfdd80590029263ef9220b533429478c405de

          SHA512

          f3cf4daf04000571bdbb3193b8a272d2fd800909452df53af6dd64d7958019c73b914ac06d9fcab89e05907f5b05ec3de58e5af3411877a7c29772ae7329cf5e

          Download Submit

        • C:\vhomenew\Kuimmp.exe
          Filesize

          280KB

          MD5

          84eeaf42db9fee1803147216b456d3f5

          SHA1

          52230ffe54e2d4dc3df717d0d1587263bf573ddc

          SHA256

          463f8fdf2d0c90cce1734b5e6d12d37d753f53a17e4fb9315ebaaee61ef1e8c4

          SHA512

          91a4dd13561aa90dcfbf8e5153ca02c233b1e8d5da13145c430715ab941017edce6cdcb37c23a209c97c87254b6663203d63586fa27409e36a95b90f89c86687

          Download Submit

        • C:\vhomenew\MediaBurn.log
          Filesize

          62B

          MD5

          4e4ded4e9c6cc9891b7a07ba769fbee2

          SHA1

          bca48d9d0d57bf8d7b0cc25717236069c7f50883

          SHA256

          363ae9d17cec2e355254cd48289584889333424c3332d791b8b004f5901d9c24

          SHA512

          2af20b5038782c2bcb9c8a5e412b97479f416258b34a590b027270977d9f76149d27c28139bcd2caa2de876088be70504e4e0773bca97bf30cc690a9a7e442dd

          Download Submit

        • C:\vhomenew\StarBurn.dll
          Filesize

          587KB

          MD5

          e76a62a26a171a1e11802df34c6c571e

          SHA1

          03bd5f19a16b1f34e843a11572875a83d2d93511

          SHA256

          57ff90c7fb09a8cebe4ace209bb1a8585d46bb3ea59ee91644323840c1b11a50

          SHA512

          b47dcaa55033fbd84a1599dc14f648211c0cd4c16764bfa093b515bb7304293712a5a8ebfe447cede43f034356cbbc04d134aef51f247bf7385dca4625a4fd2f

          Download Submit

        • C:\vhomenew\dvdau.dll
          Filesize

          100KB

          MD5

          ec13c0ca17ff65cf05c04b86a640072a

          SHA1

          faee721f08ce0b2c32b8b6f0b86fa7c1a70d64e6

          SHA256

          9f649c766b673ddee2edeadf171ef7afc87dfbae2ae1b2835b5af81ee389c707

          SHA512

          0b10073dfbe1a79aa0ea6a7d8b6415bcb363ce35574bafe1caf8679af084108eb1de9f3a913e870a82759ddd46ffca0cc6b2612ef4af0dd9a76eb09e543e7da5

          Download Submit

        • C:\vhomenew\trp.gif
          Filesize

          1.5MB

          MD5

          321b04a8e4ebfc40674f451f426a4da3

          SHA1

          a24219445a25f4dadad72658e63fd3ba026ebeac

          SHA256

          0628b2f4ecdb9b0c9425c2f2bc22e15bac3b12645a9e63c4f95e90e2d6e9c2f3

          SHA512

          2004b4485f2347036784df31b811f51924665898a9a5476d580b2478022956c5db9f1cdca81be9993469bba120d227616d364ec220e79f1b595703a1221dfbeb

          Download Submit

        • memory/4416-83-0x00000000008A0000-0x0000000000935000-memory.dmp

          Filesize

          596KB

          Download

        • memory/4416-85-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-98-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-99-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-100-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-101-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-104-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-105-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4416-107-0x0000000002F90000-0x0000000005536000-memory.dmp

          Filesize

          37.6MB

          Download

        • memory/4908-32-0x0000000074480000-0x00000000749B2000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/4908-65-0x0000000074480000-0x00000000749B2000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/4908-59-0x0000000074480000-0x00000000749B2000-memory.dmp

          Filesize

          5.2MB

          Download