Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 20:03

General

  • Target

    SurfsharkSetup.exe

  • Size

    67.7MB

  • MD5

    77b6871672fc1d2889727c59561929a5

  • SHA1

    3c7a82ead916320b9d9a811a42e1f351f23a0fab

  • SHA256

    6fd046161cbc348e88750cc1f896308b56015192870530add24be07ae5b180db

  • SHA512

    8e72cea21bd17882c33f3e96c972bbb3978ca175ac2335109294d136927e816671c9b6ac2f194734eebf70eb5b919292b64e26042a8fb00b51f5e33580e0588d

  • SSDEEP

    1572864:xnB8SZ7Acgu3ORmu7B2G/COpjXfxwQkR7JpE4kI3nUx+WPnvtv+:xnB7ZEueAW2KZpjXJwQkRJ+4n3nqHPZ+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:1616
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A617C9E4E41604531799341F06E7BC67 C
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\AdvinstAnalytics\6508281795075a1a7475f0d5\5.7.2999\tracking.ini

          Filesize

          84B

          MD5

          a8913da2999d8c3b30c9fa8be8f08e64

          SHA1

          2e75eb6b2396b7a5d170fcc3a7b812b1577774d4

          SHA256

          44f98ee45e358ad04874b6a7a48bfab0ad422264ffd8e117bd348c04f7b1196b

          SHA512

          5682f5f24c9f87157da4b2316cb6e1e8f88ebfa0a9c22591cf4c7c4334beb17a55bb54fed7c96c40558c8488eefe680d181e7717009d451d26f8296fa4b06e70

        • C:\Users\Admin\AppData\Local\AdvinstAnalytics\6508281795075a1a7475f0d5\5.7.2999\{B1386AD5-0324-4AF4-B04E-F3637A617FE4}.session

          Filesize

          13KB

          MD5

          00ee46820fd6967fe72ec84e185330da

          SHA1

          c91329c9bcc6e5ec32a117b951c200848fa8831d

          SHA256

          899d4bd5d6fa882c6636908373c86cd732b06bd60a96efa9369edbd88d9796a2

          SHA512

          541d3b0e256b7de46a9c6c4cda97befc1d2ccb8b95750cd598878f6988f77b9e03860312a96d1d876c0b8065ee8a4ba17839961b27a2d7c150fc2a4d3510537d

        • C:\Users\Admin\AppData\Local\Temp\INA47C8.tmp

          Filesize

          1.0MB

          MD5

          806e65956064190d6154d5de5cc96a5e

          SHA1

          f2fa1b10dec6f4166b79e710d81147c9028c4198

          SHA256

          17f79990c5455ac18abbca13fcd8f8584518881487f9fedcbd7cbbdbe003c6f8

          SHA512

          ae72ec2fe5895ca5e9e44b6c5e677356f9b7ba342d686a59be42b16027013d4b7c8c83ed0530705d792ac7b5881d10ec72dff546c2ee3c1452372d363501c62f

        • C:\Users\Admin\AppData\Local\Temp\MSI4837.tmp

          Filesize

          719KB

          MD5

          89f70b588a48793450dd603b6cd4096f

          SHA1

          9b6509c031856c715d62853c4e93efbdf48d5aeb

          SHA256

          066c52ed8ebf63a33ab8290b7c58d0c13f79c14faa8bf12b1b41f643d3ebe281

          SHA512

          fb04c530430eea6149fd7216f64751e641394a66c0cb222f70c29361baa621a78f906e0adff19bd4cbe5de69edcea7e40bff7c2e068fd4dbd057ca6494db861a

        • C:\Users\Admin\AppData\Local\Temp\MSI4962.tmp

          Filesize

          1.1MB

          MD5

          58c6476771f68f57661d0f6533cb70ef

          SHA1

          8080de39939f0a8f1e0c529cca30bf38b0e6abf2

          SHA256

          7eb240ef6e75de05b2a199bc55fdc8d13f467d5b4e58457011653312fffcc65f

          SHA512

          2b4b4e4466a7eea2d28631a80f257ced0a7263aa81c945105b793371534580dff1b66779bab36b9157b596c352c234a19c568e105faa1ba8681aa39feb5950c5

        • C:\Users\Admin\AppData\Local\Temp\MSI4B0A.tmp

          Filesize

          835KB

          MD5

          3fe648959c7496beb28a3638fcc2e944

          SHA1

          6c73ebcdf517e2b30ad90f046f50f9e64c7a636c

          SHA256

          e6d18685b2e231f9166909764c3b90bbc3c51f30736d18873166e5dc9133e290

          SHA512

          1be58c011987b67396e052d32b6b3576823d612e4e678a18641a55fb6159b32e106cadeeebc22f179aa07902e1bbf517cc10d1ebf7233bf68fe198de3f20bca2

        • C:\Users\Admin\AppData\Local\Temp\shi4E8F.tmp

          Filesize

          4.3MB

          MD5

          6c7cdd25c2cb0073306eb22aebfc663f

          SHA1

          a1eba8ab49272b9852fe6a543677e8af36271248

          SHA256

          58280e3572333f97a7cf9f33e8d31dc26a98b6535965ebd0bde82249fc9bf705

          SHA512

          17344e07b9e9b2cd6ae4237d7f310732462f9cbb8656883607d7a1a4090e869265f92a6da1718dee50b1375b91583de60c6bd9e7e8db6b6e45e33f4b894365d6

        • C:\Users\Admin\AppData\Local\Temp\shi4EAF.tmp

          Filesize

          81KB

          MD5

          125b0f6bf378358e4f9c837ff6682d94

          SHA1

          8715beb626e0f4bd79a14819cc0f90b81a2e58ad

          SHA256

          e99eab3c75989b519f7f828373042701329acbd8ceadf4f3ff390f346ac76193

          SHA512

          b63bb6bfda70d42472868b5a1d3951cf9b2e00a7fadb08c1f599151a1801a19f5a75cfc3ace94c952cfd284eb261c7d6f11be0ebbcaa701b75036d3a6b442db2

        • C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 5.7.2999\install\5A30A92\SurfsharkSetup.msi

          Filesize

          7.6MB

          MD5

          1b8da8cf30262aed2af0ef7ca16bf018

          SHA1

          90a97c363f4f19f2447d972b395afa4f45e4db53

          SHA256

          c2b72dd9c2048776f58d76a4358421c8749d29a50badc4246c93ba8c5f9be909

          SHA512

          6689a07724a930527ce9cf1daef31baeb1262ca7c0ddc2025538cfed3850faa177b953692bed82c84f70f32e034db55697642830fea29878ffacb798b7869ee9