Overview

overview

6

Static

static

1

4mdm17e4-y...h1.msi

windows7-x64

6

4mdm17e4-y...h1.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4mdm17e4-yc6x-rmh1.msi

  • Size

    576KB

  • MD5

    762a9122604efe12866415dd4a8c1d50

  • SHA1

    0abf71df96f7fc03e51932fd0b8a51156482f8c4

  • SHA256

    d92958f2ad51b7d36251e2183b372f2f86ae3146f7ff289285b1283a24b7ddbf

  • SHA512

    130a0a877da93aaa92ffe0d328044002b85f4298e65e0f49315ec161f6a78c13e145e3046b9f6182fb1d66def35739fd7cfbd22b9eef70ebd3e7d65461ec1168

  • SSDEEP

    12288:cMzFfY6owv43bqKlRH1Vq9iyXvAVSY7DvN:cWhY6owvitjVqoAvA

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 9 IoCs
  • Loads dropped DLL 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\4mdm17e4-yc6x-rmh1.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1904
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 57D0F1DFC1E9763842DCBB8C86A75C51
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://registradores.onr.org.br/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    501ce689036cd298304c894e6c940388

    SHA1

    b9cabc49fd6eab5b2dd7eed7a2161bd1c695989e

    SHA256

    1d0d5a9306dd0bdbe4a66f5cd480f794749a3f4b34443059323d835232faf8a9

    SHA512

    a85b04a2da27347ca9269f546f242ed312c051b2a1e43932e0a254404feba340530d4d37f459be8c39084ce993abf8158c117ad4cbe1b2ac43256009c8d583ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e420b26e77659e2d281e0e13bd44dbc8

    SHA1

    60453eabbeb2514b023389665851c2f95e70dd9d

    SHA256

    2d1d761aff3954f8056e00605f7d68f24b828370ff757b203a69c6ef33f8ca5d

    SHA512

    77171159a378efcd43703f815507d5d10b0270080ce63dfa4accd071499b012a7db177d77eb0cdff3fc48095f03e24a0912470d1699b1dc9b38c0ca623ebabf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    527b30f780ae5726e4c9c8c2c05c03fe

    SHA1

    976879434934e12484da15a6ea52c2762f751112

    SHA256

    23bf1b7c8331f80c908d851f53cdbe7402a4e1449e2b99f8377dc20ef60f0df3

    SHA512

    dcfdcdcfd5c2e31c1daa68bc2822c225a85d6b0b91948bdce5823d03b7791984ac6aacd448e964a79690379adf6e46d93639d628e0546b8a0229356a64c81741

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    70d991dfb458367c71750ef41cde0c13

    SHA1

    7927f6c871c59077e658a66fb42197e71353d6da

    SHA256

    4e7f51cab53e7e46402ceb5b13781ec9fa8d9fd4c97d6d4028bf207af15d1fc7

    SHA512

    8275632bde7cce1ed25e49ddfa10737fe04c9191a13e126d94c6dbcd9080fb20629b975a18b7138e1e05c33c2b1e7712e36037d41c0c7cdaac35c54e54712af7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f33635c07996fbaad67face7ac84558c

    SHA1

    6de31bcd3df09e573e6c6cb3f689affde3c71875

    SHA256

    2c35bbb0ce6aa5da805405a6e7ca4f3fd8127432bfb4466b0dddd1f4e22e5caa

    SHA512

    b999c108beb074573ca9278873cef438edb7256de4466fe03346303dd64e129d377e1762d05420c146c17f3ebce06f1e3c569048f9a9e6395e912164a64e46de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dc41b3e63bba58f15e91d3b5d928be2

    SHA1

    7f67dd746f090140ca0bf64b3be61713607c1343

    SHA256

    d690d6b421b58c803e8c7872972ebcf359d4e3396ae327eff5fe90f9cf4d54ac

    SHA512

    193fd96e7d0bd821472258ad3e88257a714da65fb4bfbb94688c23c82cecb6e22f606f3c5798ba7569b43ba4cfe220c35b1d984d2a183eb37427028fad396534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d62bdf27e2f4060e9bd22bc7e55e8ffc

    SHA1

    82cc3c5d6922942f0313d54c2dc017aaac8b1e57

    SHA256

    4c5fa9002e4c367b7f41d11a841b2796018a17d2f08f57038d8d2a768f0bea7f

    SHA512

    8ac0ab72b01d10ff53d11a669b2759f9b66b8a6145c0fea02705769caa0fb1e53c9a47f492d92ad04e91f9b54208ee1752395514d6f22be1f6a101ca2dc5d074

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35ead2013743f7faccb8d8a9461c1abd

    SHA1

    7d3ea68d67ed26b863b11df7c57bf26146306c36

    SHA256

    6246a7a75785147718107c4daf4a1774410ed295905f28b82ff54cd26eb7b3df

    SHA512

    394c2627b00a074d7b9cc73098aadc429ad7caa42881df06d63bfcb32230e91c7d0f326c9654399992b022121e510eca4f62fa3285d660a6c855b1c017f96248

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5705db0dba95fda32289b8b718995e8b

    SHA1

    05103c2f40ea5be6f7c0944d32736c2349b53c43

    SHA256

    d8637d9a9e211cdd905eaf3bc91738776b47b3245ffea539086de50dcf8388f3

    SHA512

    88e513cc6c54ba2c42ee23bf27c2d7c8dfe4da47737c156f5d8ce1d6d3b516c69249b35dcff30bbc82f03462b6a3f3c4ec30ed5fa40f327db8d1f6dca4d99c2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c42e90000f40386608fb59e4fda53a82

    SHA1

    23ceb95056c92deb46c6fda0087cf23a3228831c

    SHA256

    8a4ef104903a5b5f77ea377a7b91b9217847ee25110a8711b24e59807121cc50

    SHA512

    a8aa23a3d887c4bc8958f4427d97bd2a9abe5a0aa5e044b577734c549ee3d0e166a3f4fc5ca4904b63174f68ff7eca88eaac277c0478f77c49c5ce7fd14be761

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16bd2d85a34f7a2e0b448872936843e9

    SHA1

    3c5ad408f44cdc6ad0c6ce4d8e53b6cadeae515b

    SHA256

    d5c933e0aef6116b479eb23dd45c5118dd6c25dda9dd087550017b1c4f946594

    SHA512

    d19fba57c5292ce4ac95ea6079c072a5cb773ac0935140bbd554c8d36f6093ff2679f3df3197ad901a5b14f5d79d48c9d922c8cf9729d679d518596362eab997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa11514ca766ae322f0cb9fbac3eb56e

    SHA1

    a821f4e48ceabad1b76d8691575bfeead8ca08d7

    SHA256

    9b71480a5879d5da1c08900ad26e3577b91434cabed8eec9d29a9720cda5662d

    SHA512

    f00e6203750bb3f070ba3861c474002d8f4b14eeafde1ee7b5ce5134f297a0285296c705238171db27dcafb59df6970510655b79c5aa8f108fa2234edabbdbe3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    368a073b9e5baa4ada042ecdede4115d

    SHA1

    e004048eaa2f7cac99e3d1eedcae83d076989175

    SHA256

    14d763e0d85c8c758626f8a9d417c717c9a16a682ee8d369198d36ba583e503d

    SHA512

    96f75a2052af403a7b86b1248612cbf9375acb0ca7f7e84cfbfe64404ff32ccbbaa6cdd80f2197471266b46ce9400dd990459ec3f37ac14026466b6555ee4c17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c63e8552c565185b6722ee003d46fa3a

    SHA1

    1803f0b83c77027bdaa617fdeb1e381af98e62c1

    SHA256

    999936ac74adb421a74832b24fa092d9aadf049186718b9922e293956315aa26

    SHA512

    4886627d00729800a5f255cf5e653c6d0ee90e85c0656181a94bdce322e9081734b5d902e44d6b9a0f5b4a27027c0bd90fe448c7278d20d536cfbfa3bde9c46e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c12c0a2e6e54b8fe02de49b64b5454c

    SHA1

    45ffd318e1d470dad77e51b049c45cdcf9dea8b0

    SHA256

    af53cfc026656b82e3e005c6f3ef3e20b89404c5e3df61e6853cf732c773f036

    SHA512

    025b9001e0b201ec8d53c5d6d3e8fd7268d4d5ae9fcb12209c97d9d2f17f535fe8518821e3297e1426202b6451f436d546cf692162c978739a180c8e12a70a59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6352bb05499ceeb9e620948c821bf336

    SHA1

    2e68207b0700e08877e899d4a734d5b360a5ba40

    SHA256

    5bb7c5ce59da84e2ce04f228c7e3abb8337225aaef13a688b1a03127bbbb08d5

    SHA512

    bfcaa04c6f2a7209b4190d051227a7ce56b81c4a3ad34ab4da3dd7e63791e15ef6e5d1b8b36786c7b33364f5357a9d333a3acd012568ac306ccd9bf5aad8640f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be6f69142678bb746ac4f97ac1995070

    SHA1

    5230da8ab606dc5871736788555cce3bb705279c

    SHA256

    f066eb8f037081489b7ce20f66eab8466909f58559ad4af91493a93e2edfbdef

    SHA512

    fd5e12a361f9f9d4bfef99bfd77d8b6350ad4c4b401d6d0ea458457f2ff565b12b1ddd0bf293694834f28cc9ec9aca7095cf17ec23f4438c403ff8754ca895fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    adf6c51d984e31c151e92bb1194ce8f3

    SHA1

    32f5b42f41836bbc81ecf3885a484dcddb9aca49

    SHA256

    184529ed0007adbd75602b2407d47ff2860ebe5370d7955436270b8fca8aced7

    SHA512

    3279a0afe2ae0f12622ba0c35c79f3f5a6c699a62faa0958158279219fede099bdbefb953097bc976869308364d896a5770547e081723f9829c222eadf463839

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab4805ee3745390a80d8115eb5ae7849

    SHA1

    0ba1f866777112e77a324e12d70e74bc56ca2a5f

    SHA256

    c743f69f590a400ba8c4022adf41322eef6e839042bdd6e3ce91a8aa6bf50bf5

    SHA512

    2820ad34fd15487a17c590a8923c42fb803b4f52861a401952cc199ef2340ef9cf071e3bdcf4b393bb5413326436c6345d237397e86b32d9fa13632e5d960307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f97e2319dd80ee1634da11f8ade26567

    SHA1

    73dd0e7e4e4fbd965d926e10d886a5d2956a61a1

    SHA256

    b68e55fb70fff6818de5cafcaf6cd3a898685d113704acc20f458b646c7f7241

    SHA512

    3f0003a32033521464bb886cfa9d28b897d04565965ef70fcf324fa26c8d24e914b8a0648f6939bde0536d55ec1262bd8647734228ad12c01e1931573b7419f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58511424c869fb47444f2fd71746cd97

    SHA1

    811baf9f0d45f5169e60ab38134eaec6a03120de

    SHA256

    c0021b98287fc7e71e198e02e6051961d575578925f18d41e39ce6c61cc29d22

    SHA512

    3ec8c6b27a133d68f956cdd68fcb2b6a97934856282da976c88a5fcacc0f3d14ff1daa7a7570713d36f939feb05205c579af40db3fbb094171638666b2bd2b2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6956fa4a869bf7b0b0ff479778522d85

    SHA1

    76e63412ff036e13a38c5b7dca2588c8567cc636

    SHA256

    eaa77d2ea9efa31a5df49c12b7e793e8cdf2c92f87c6116934c9c47a4ded2c44

    SHA512

    8645bae6a8a5c5fd965ebb66a5916ec3b940924d73ab952b6bf7eb57df750bc277aee8d158ff7ad9d91c0bcb5937d7fbd97a9e6c467f438d568dbfc5c74cc6bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C48.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3C49.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Windows\Installer\MSI1DEC.tmp
    Filesize

    376KB

    MD5

    e12c5bcc254c953b1a46d1434804f4d2

    SHA1

    99f67acf34af1294f3c6e5eb521c862e1c772397

    SHA256

    5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

    SHA512

    9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

    Download Submit