Resubmissions

16/06/2024, 18:03

240616-wm1tnavejl 6

16/06/2024, 18:01

240616-wlx2da1cqd 6

Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2024, 18:03

General

  • Target

    Unknown.msi

  • Size

    1.6MB

  • MD5

    28d28b44624c4e00fb5d3e96c9637c3d

  • SHA1

    806c432fc90b27fa99844747a8259e81fac68543

  • SHA256

    54da67354ca45596f98a3cea115bf32a8d2c252a0473080f25fe1d7bd9bfa153

  • SHA512

    08cbbcbb11dbf3aa663c1614f13ac2cfd846aaecd7a31c977a6f538efbaa4bec3e3d20383af68d723f81c892d6156ff91115d82b3e1d962af3767e6b9a0b9771

  • SSDEEP

    49152:CfeRc/f9r84jEHYDgS5u7v+ycFTzn795k0zjjZ:7VHYDgrSycl

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Unknown.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1932
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 99D051916E8524DB9F0F32240EB2E831
      2⤵
      • Loads dropped DLL
      PID:1772
    • C:\Windows\Installer\MSI18B2.tmp
      "C:\Windows\Installer\MSI18B2.tmp" https://telixsearch.com/tyy
      2⤵
      • Checks whether UAC is enabled
      • Executes dropped EXE
      PID:784
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\f761346.rbs

          Filesize

          10KB

          MD5

          d4bdfc4b8e114d8964ab0e03dd079f55

          SHA1

          08fa921f2df6408487118524e471d938e2c100ea

          SHA256

          31c8a99e1c3803d138d0f0cb3330d25377d05c8fad9e2cf5db4dcabfc63f1507

          SHA512

          49bcc66e7873af90a4d9e9af90a81ce62c72f01c8b35e4c19f6f46a80c8d1914fe9c2907c895250507a73584c7aa1110f0d6d17b8be3b11736ae56da199ea2a7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\538F535B7FBDE384E456CC9F5DA5FBAB

          Filesize

          1KB

          MD5

          6d469ed9256d08235b5e747d1e27dbf2

          SHA1

          d3dd483e2bbf4c05e8af10f5fa7626cfd3dc3092

          SHA256

          b676f2eddae8775cd36cb0f63cd1d4603961f49e6265ba013a2f0307b6d0b804

          SHA512

          04cbf2a5f740d030208136b0ee1db38299943c74efa55045f564268246a929018fcaf26aa02768bb20321aa3f70c4609c163c75a3929ef8da016de000566a74c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          b7315f20207f99a7ade4b8fe3faad383

          SHA1

          d762a449ed23fadea87e5da12dda25ea38e4ec93

          SHA256

          6bf9924d0a54f55d784801739cf92328fadfeb1c9efebbec8bdd9dcefde9c7e0

          SHA512

          0554ef134486b29e26d072a076b98e4e50fecfae5aec4f633366abaf4133fa5eec0630ab79ced3838df2d8f7c432d74726c61e763aeb4d116d8f44702e7b47a3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\538F535B7FBDE384E456CC9F5DA5FBAB

          Filesize

          194B

          MD5

          be8120f22c57b47a8c53ea4a581ce658

          SHA1

          d7165c1a95cf7c7fb52db7843598606ac4471ed1

          SHA256

          d744d524b564f63e6a5c42642e7c79d8a642c18064a2d78f691ee60ba9f61409

          SHA512

          2833e50302030461782f0731a06be5827b607d187dd5bb0f3d150c4ac001ffe56bdee239738e675a23b4187a4a722771efc72655b8aa56137d8ebbd1340bb5d8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          064df8287aeb8ded735800b329f9c9d1

          SHA1

          55381bef7986a4df27f2c76aab0d82b3a61233f1

          SHA256

          76b56f402cb1050c5f77431dd67f6c7f38d560df2dc961ddbfd1619ead01c452

          SHA512

          e11c7d81dc1be1c48a2bcd93e88c2da31f10e58d7253982ca2191b2b8d37917dbd1e619aa39e39eda87f14ddfd2443d1e1b5b1318d9ba794135de007662c9a40

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b99f17498ebc50478dcdfe350974ee7f

          SHA1

          6ecf5c0a5eeb4a874bf5d3cefe48fcb9fc3250cb

          SHA256

          6edaabf01f76ffe6a566e0b40db7394f5de5d4282d934bc7a9fcc9f7e268e1a7

          SHA512

          e864defa64706512206d67a84c6e6907b9e6d53ec94aa5ec5ecbc9e1302a9cb7f14daee2c39ca4442981773172e2de89ae056c65a55842e477194d35a3954e4c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7428cea7b7094482810f1e868484681f

          SHA1

          1a7f065c4df8933f9c1af2b017a54692b715d9bf

          SHA256

          73bd66b8deffd2f95c2379eb2b0355619390c8f67799d55224544de6bff70575

          SHA512

          0137446dd4c6646fd9522e5c7f93520d73c6215ce6dbc1d78db6a00baa3ce584752988c55fb49b429d09d93019303ed5ea58e39f6431ec8e4b5da8151821468d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3fbc75385557d6ad7938831179ccdd96

          SHA1

          42c36ab12884db7c33aaeb7c50be52975f366f1a

          SHA256

          fda2a17f61acf66724fbf9b4747472dfa5a31165d0d3bde337572485795cadcb

          SHA512

          e4933d5ac05f68e9754c44ffda7222b7247ccd26240afc93dc667e27eaef31fc7edf088472512114f9a9be6da42f2150cf20c2f0cc8b5e88a3e1e2f3f0aa457a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          065b9e469bae012b161d412325e43a3e

          SHA1

          e7698923c1cb924732f0178020420322cd0b9678

          SHA256

          6cbc17bde26dfda6f66683f1234b5dc0244d5b1186663a718440202445b7ba84

          SHA512

          04e39cc05ec90a0ef351e19a2168694beb9bcd7f282a836d03686abc25589f63c464f88630293f62e3364820a5082c37d34441c3e830d15fc49f33115d8e1f3e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5ca2a316bcb0774f84a69d7b624215f6

          SHA1

          72a6cd04e1ac786cc81943b9649ceb1f539a6083

          SHA256

          4ac05612c85f5ad74f74e58728f48f26a54e928f755b90b09c631ba69fae985e

          SHA512

          b57dc13f25c77d13db637fecc8fa6956e0bbd1d3529bbfbfc5c1ce4d409eab23d5c1827bd8758e95c5977820a16c9e26f852139a85ba87ad450390e016918763

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c8112f129a5f7ae3c481674b8af846ea

          SHA1

          89e98c8f91ce67742e1937c1c3e25e7cc12f8e68

          SHA256

          3f41483bdaeaec01f6a577aff6770edcd26aba25e87b4d379b566e0fa427f73c

          SHA512

          ea893149f923fe5b97b2eb890541f2f014baf906abdbd88cd3c1fb5bbed7203201596bd729338e456e3457e5fee61740c9a7a4ac3ea4da63b93787bc37eacec0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f468d882e55e4aa1ff8c907416f62c85

          SHA1

          4c378b23313a3ea463e7a7a52278c281bdddea44

          SHA256

          695171d3d1d3cd21835a44598e661b10ca022110aa41ba111d431f4f3269723d

          SHA512

          020d7edc45ab88b74161bf457ae749e8a2f3351beb2ab6ae2fc2a45560a61a344e6d6e15efbc878063b25644d8c479d65bfc39f41d48727edb81c3b1ea5aa55a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          45f54ab505f03327c6c4ed11390265c9

          SHA1

          9f19a8635b2adb8842853e9d6c251c5a054ebded

          SHA256

          b538cd129cc02bc13145550699560134fc68edf846769514afcce522576ef670

          SHA512

          98be16742190541bec1a721b7e67d25c7fcbbe04c55a5c541bc920c9db0dd57cf4055dfe4b82a8b03b329dd215fa19f20c7dfbfa59bd0525d47a5b4ff8c53463

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          180b027716fa82598ce06e2496cefd5b

          SHA1

          428cb849a148b1e4d9ff563ec26ce2abf80b30b2

          SHA256

          3ea1081056128555f216b2e1a782fee4972bb3c307c4ab8ad8d946e0e2a955b1

          SHA512

          05ee9691508e235f967c25f5570bf10add9c52147f378bca3c4360d686fdb7bfd873242aa9a8e0ffe9ee290d837857c1d784e6689e0fbfa836746d33ef87eccb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          51798cb17db95cdb75d7ef75ebbd419e

          SHA1

          36dc634a7b55ec7d3e1f8bdd3dc52ac5550fb3f3

          SHA256

          0676091dddfa15ad2d2d9f440d9b2e46239cf58e351cc8ecffc8f614f597e80f

          SHA512

          f99117aa35297d5290ed6f03e477f20b709423cdc01969eaae0ac415c105972a53c31451f4b6127d67e87aec901e52797ed2dada376ccb5bd8f5d2156d0271b7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5619f6f191971ad742f3b5cd6d5e551b

          SHA1

          95d8fbad7c84a5fdae1dcebb772f0cdc55dd40ad

          SHA256

          3d7ae1d88d021650febfdbef368a2f75193b39bb60cb00f9f3061044f7352190

          SHA512

          c4373a257c4eb4cb09c4cd412dd0436fb5fcb41cbb48a76b5b9bb31910e2ec026e145ad8ab5c1911f4ad39eca5b9607c2dee6333b621cf596cf7786c1684b93b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          100dee1fea7627303b2da430328eada3

          SHA1

          1d9e89bc5b4e35bb8d6abd1c992efdc92a9caa0c

          SHA256

          7cc6302a5bba94770315947c96d26cf48c2a1a909c8cdf3536200085ae6c5595

          SHA512

          c60079ca87b9e6a854e22ab83c44bacdc6393d88d3603a0cf59b0ff55f99ce8fbc98a73ab9395a2146297aa1c4814c812074fe85cd2c4563a7f6d9e25ad39fae

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          ae0756a6b4baff92f75cca43c8d3c073

          SHA1

          5955182d5ff2de49ff557254ee0c3b82c508d08c

          SHA256

          029df3e8c89016d1ee1a3b387d7cef367772abe1402108b16d565a954e88548e

          SHA512

          245f7b34d3943aa939fa3a0704e7ed7c482ac732752d0ed0dde9362ecefc308de046c8440074b79cb91913e30b8e43266290727a9667eb3e7cdb0ce016b94d50

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

        • C:\Users\Admin\AppData\Local\Temp\Tar122F.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\URL18BE.url

          Filesize

          53B

          MD5

          f55413e1ba8c031cc52db905951a37d2

          SHA1

          62f6ef8f268fd5a7951980e2b20445b6a23b000c

          SHA256

          a2342cbf200f262c6b3a36da301d8ea540edd9f2627492032501679e54d01c55

          SHA512

          a18f615f8d2dab277ece0a85826168d8405e18f5f1aed725be77c847fbab9c40faed1cad9fdec8af6288d1fda15e51cb6bc9dd33648714cd51d1023d389757da

        • C:\Windows\Installer\MSI1570.tmp

          Filesize

          738KB

          MD5

          8d84543f774c6b280b32b24265e272e8

          SHA1

          cd3a0dbc06b9b4945f3a5d3b40972a0b5f66044b

          SHA256

          32b60176177d943df28f931828717f4b52b1434b8c0cd3ca8cc8a424b016b092

          SHA512

          247c5c3c4765e61b4d4b7514886e9eccb45746593b21a8dc8f718a224a1a0bc813fe227030738c3035cb9a9017ba53d7feff07cccb11407e9b22678af0c42056

        • C:\Windows\Installer\MSI18B2.tmp

          Filesize

          416KB

          MD5

          4f5c40ec5d343ed9f185fbd1d6123d0b

          SHA1

          3b7569cbe35834c21493385329e43a73ef66413f

          SHA256

          0272659c6402b95da6c59cbfe4e3e60a361c50bebf536dd0b4c7b914e05cf175

          SHA512

          64d5476938997a4478744c1185e73391047a1f198d57dc91cc49b9229f144086cae831af828600d979f02c1739065e252fc54e1491354438d875785ba9d8efac

        • memory/784-181-0x0000000000DF0000-0x0000000000DF2000-memory.dmp

          Filesize

          8KB