Overview

overview

6

Static

static

1

305e220e1f...a6.msi

windows7-x64

6

305e220e1f...a6.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    305e220e1f1cb506c32bb509f246515e3cba7ec1dabae95298f358d26654bfa6.msi

  • Size

    9.1MB

  • MD5

    09b3686d233d69ae96d460428c61b17d

  • SHA1

    fb32344292ab36080f2d040294f17d39f8b4f3a8

  • SHA256

    305e220e1f1cb506c32bb509f246515e3cba7ec1dabae95298f358d26654bfa6

  • SHA512

    0c6d7d492aa1bf64d9d685a14e7455880246c7d91532f6878d5568baa3ade9731dc085570af423373f812471024e88961b1f47ad840f4a6ade3812f3cc18cee0

  • SSDEEP

    98304:/2kPlxYg9ogVQZguVfJKwZgEGXMK0X2e0:/539YtyXGz

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\305e220e1f1cb506c32bb509f246515e3cba7ec1dabae95298f358d26654bfa6.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4808
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CA6D678DAE4DC302758EBC5889C1E262
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:5520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e573859.rbs
    Filesize

    618B

    MD5

    50ab127247559b74bdcb99a108ef6d94

    SHA1

    addbdcb59f1453e8f0c4ca76ab8d0245f8bb3ff5

    SHA256

    87c9d31396ed5d9dad99843de729bd0b22357b24273dbb87a8d4aa455229ed70

    SHA512

    7650bb78dc034ec0cc4b718883215dcfea2c2ea39155a36c84f8a8cd310ba06450cd8e169721937aa39cd44d24b395d6ea3102a3b7c5d351b9446ff993f6e489

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_035BCB7A9EDEBC9CAD440E0604297D12
    Filesize

    1KB

    MD5

    86164ddf8dfece172e4896fc361a72a5

    SHA1

    110a23c7457e53e794ef130db404cb1e62b8e164

    SHA256

    469bfa5368cbc0255aa4cd04228caf40938ef8af7958517b696c86f984c1a25e

    SHA512

    f8b8344af40f743082cd0133ed0102c9f565bf1ceb376bbc41ae1657296793324d9db6c4dd2ed498b6b5bdfed49af1cd77367f08c460ca93cf0b783fa5beac5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    1KB

    MD5

    15ec5be77f133bf7a2d3409adde690e5

    SHA1

    b46b1931087200dc3a5cc931ef9fb02127406365

    SHA256

    06e9a60020682c0361397f75e70ff7d9b34530e1d4e30793f6555433e901fdfc

    SHA512

    12108721a571a8db9979404eadd86bb05faef49e68192c3b297ab3549537e15d45e12cb3fb0e4e163c71df5942367e2a9dc9ea680aee8c12c53b4f2808d7bc38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_035BCB7A9EDEBC9CAD440E0604297D12
    Filesize

    536B

    MD5

    a6314316a07b4d35c3f1dd06971f279a

    SHA1

    0a7673dab4eff13a0018fc28ff515fef1a380548

    SHA256

    e0b50795681a7556a44e9ef11f7b508bad853296639825daa6c530d4de7eb55b

    SHA512

    fdcbb3fedeb557d5391b0f488159fb78e4f4c8fdc81f39589363b5f81d43bbf1be9fe2e76daeb01407e37516e985c584b90f9780a67ac780aba8a82ac852cb4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    536B

    MD5

    283411a16215b0cc29b97da02dc2f91c

    SHA1

    5797acd1194da2bcca439919e26c5a91e52e5fd0

    SHA256

    f629731d72fecdc7a4b542e508bb069b0ff486ebb57b57cc4a0cc6625c4bfbf6

    SHA512

    e11c1ab5df76f51a23ec880166eefb09fc2c78f764ebf8376742cef29aa65fe097209252a901e19fd1ff0d8ac9c6695557d084a536bf494234d5c6a50402e9f0

    Download Submit

  • C:\Windows\Installer\MSI38C3.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSI3ACC.tmp
    Filesize

    8.0MB

    MD5

    d545faab2c1caf15e74662a71ca4daa4

    SHA1

    016a8baeab442263be5a165470831dbc287575be

    SHA256

    e1583251193a3ef6723ca9c54bf6a84d68d56ce29abef57ca015aab6d545e305

    SHA512

    f7d2ceec826675b37da596892b07dccc9dfd97e94249ca6d9e4a8a369f2d999b7a6e83af1a75757a037a98cc3e009adf1f41d5c1d91f406001cefc917030d082

    Download Submit