Overview

overview

7

Static

static

3

torbrowser...LL.exe

windows10-1703-x64

7

torbrowser...LL.exe

windows7-x64

7

torbrowser...LL.exe

windows10-2004-x64

7

torbrowser...LL.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-06-2024 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    torbrowser-install-win64-12.5.2_ALL.exe

  • Size

    289.6MB

  • MD5

    43d370c16771d0f1ac2fc59c215e7354

  • SHA1

    a75b9cd40fa23327703fbb79f48f0a3dd4df969f

  • SHA256

    42042fec3226c309a89f3f3a499cf9427a60d68a59474a5549968da1e0bfc346

  • SHA512

    33ab2368f8ce000578a92cd5200623c98d35d47eeed401ea41f9b3e6beaf50e194d97be8896a0244656471e99ce7e6620c263532ef0d8079fd0b41046fb4fde5

  • SSDEEP

    6291456:VHPOAwPIY9Q6VbzoyOABSnazyBUJCbP795QHxYF:VHP6NQizVJCbR5kYF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\torbrowser-install-win64-12.5.2_ALL.exe
    "C:\Users\Admin\AppData\Local\Temp\torbrowser-install-win64-12.5.2_ALL.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Tor Browser\Tor Browser 13.0.14\install\Tor Browser.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\torbrowser-install-win64-12.5.2_ALL.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1719429560 "
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:2244
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C31E3D6D32AD3A8C8C0357DBEA5324BE C
      2⤵
      • Loads dropped DLL
      PID:2056
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C51E767FA41813AD92FAA661292DD82A C
      2⤵
      • Loads dropped DLL
      PID:924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI55E1.tmp
    Filesize

    587KB

    MD5

    c7fbd5ee98e32a77edf1156db3fca622

    SHA1

    3e534fc55882e9fb940c9ae81e6f8a92a07125a0

    SHA256

    e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6

    SHA512

    8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Tor Browser\Tor Browser 13.0.14\install\Tor Browser.msi
    Filesize

    1.9MB

    MD5

    dc6f1443f551689359252bd1f266ee5a

    SHA1

    064816d1c449b4e6785b9cc844754ae8f354fdcc

    SHA256

    0894b40a346dda6d94bfb845f98dde8cb5cf8ce4a984fe5ca6d3e16890ecf51e

    SHA512

    b65846847f113be5912ade6aa48acf04b745f4615e7b02e8312952717645ca86cb921488ea177795256ecc4b0198233e286be8bf64e129176939e39262fad767

    Download Submit