Overview

overview

6

Static

static

1

Safe_Exam_Browser.zip

windows11-21h2-x64

1

Safe_Exam_...dme.md

windows11-21h2-x64

3

Safe_Exam_...AC.dmg

windows11-21h2-x64

3

SafeExamBr...fo.xml

windows11-21h2-x64

1

SafeExamBr...kgInfo

windows11-21h2-x64

1

SafeExamBr...B.tiff

windows11-21h2-x64

1

SafeExamBr...n.icns

windows11-21h2-x64

3

SafeExamBr...e.icns

windows11-21h2-x64

3

SafeExamBr...n.tiff

windows11-21h2-x64

1

SafeExamBr...nu.nib

windows11-21h2-x64

3

SafeExamBr...ce.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...er.nib

windows11-21h2-x64

3

SafeExamBr...le.nib

windows11-21h2-x64

3

SafeExamBr...ds.nib

windows11-21h2-x64

3

SafeExamBr...am.nib

windows11-21h2-x64

3

SafeExamBr...al.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...ty.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...ow.nib

windows11-21h2-x64

3

SafeExamBr...er.nib

windows11-21h2-x64

3

SafeExamBr...n.tiff

windows11-21h2-x64

1

SafeExamBr...ges.js

windows11-21h2-x64

3

Safe_Exam_...11.exe

windows11-21h2-x64

4

Safe_Exam_...up.msi

windows11-21h2-x64

6

Safe_Exam_...er.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    104s
  • max time network
    135s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Safe_Exam_Browser/Safe Exam Browser for Windows user/SEB_3.6.0.633_x64_Setup.msi

  • Size

    135.7MB

  • MD5

    799b5b024ecde3e8eff6e2cf289bb1ab

  • SHA1

    2c80a3cee3163c0db022ae9cb2860cfbab96f20f

  • SHA256

    5ba5cb49b1fe880829bb31f34a23cca18c03fcbd33899a8f9bc3c5ec1204cf24

  • SHA512

    3cbb54123dbc14659845a04e8642868ed74ad0b71b3c2921db898e6a671643868426c2f6b2124b2a272b25d0a4aaf64b6d8fc5f470da56cdfa8c8d13befd3523

  • SSDEEP

    3145728:NuYDxgorov+CvQStNBIlc7L3Ai35xb2i4EzDTbzts+mi10Lbt:Nb1UvrvXzIlYAipV2inDTGKgt

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Safe_Exam_Browser\Safe Exam Browser for Windows user\SEB_3.6.0.633_x64_Setup.msi"
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4564
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2424

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads