Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 05:07

General

  • Target

    pingplotter_install.exe

  • Size

    21.4MB

  • MD5

    ae2015bc36bb8a0b872d049430c622c2

  • SHA1

    c11db0f26d3554dea55b601eecdc50f90eae785d

  • SHA256

    3586e0620442b8dfe2ae80f14dd389c224a7b9db7e6b9b29779a5b3d28e4a47f

  • SHA512

    85c3b9380c2a803bb2f3f64a667bc062f0ee786f9bc5d50f6ce5157055eae20c76f6c6ae3d0ead0a89f011925dd7bb8097d5c6014c2fb5b077cf5ff734cceaf0

  • SSDEEP

    393216:SeHSB8FeRF1NDgVEoZM9m5boLMMzgO+8+X7gj/pIBibcqBKOCCtbP:YzXay9UoL5+RgjLRgEP

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pingplotter_install.exe
    "C:\Users\Admin\AppData\Local\Temp\pingplotter_install.exe"
    1⤵
    • Enumerates connected drives
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3868
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5433BB223DBE34F3BCF9867FA22E4F0B C
      2⤵
      • Loads dropped DLL
      PID:2356
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1468

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\MSI3391.tmp

            Filesize

            364KB

            MD5

            ca95f207ec70ba34b46c785f7bcb5570

            SHA1

            25c0d45cb9f94892e2877033d06fe8909e5b9972

            SHA256

            8ac4b42fb36d10194a14c32f6f499a6ac6acb79adbec858647495ba64f6dd2bb

            SHA512

            c7003a2159f5adab0a3b4a4f3c0dd494d916062a57e84a23ccc18410fa394438d49208769027c641569b3025616e99ca1730a540846aaf1c5d91338b90008831

          • C:\Users\Admin\AppData\Local\Temp\MSI39EF.tmp

            Filesize

            561KB

            MD5

            5576bf4d22dc695564e49a68cbc98bc2

            SHA1

            80e0e045162a65d84939e22a821ecbbbde3f31d6

            SHA256

            20f76ffd846155a41633d75cb2e784e54f6ec77ca9ca9d52d9510c3e2e918801

            SHA512

            4b952ce6ef08c86d8594fadd1069c3af39c3465314716dc7e7d9937befab8f4db5e4920a901920af4f937e5bb80ca02c33406d54cc766920b8ebba3855500972

          • C:\Users\Admin\AppData\Local\Temp\nsm16A2.tmp\DotNetChecker.dll

            Filesize

            84KB

            MD5

            f18364fa5084add86c6e73e457404f18

            SHA1

            6d87c4b9dbf78af88fddf0d4d5febe845c8e4e6a

            SHA256

            39c43d67f546fc898f7406d213b73dcb1bc30fc811ddfa3a02b6b50c29d11f91

            SHA512

            716892492390fe4314f3289286f733d07b8b84de1f5af0676b26e68c0be01808682d35ad2bb9e9491247b7bb5a0ea297a6850e26de9baf88621c789206107db3

          • C:\Users\Admin\AppData\Local\Temp\nsm16A2.tmp\System.dll

            Filesize

            11KB

            MD5

            ca332bb753b0775d5e806e236ddcec55

            SHA1

            f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

            SHA256

            df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

            SHA512

            2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00