Overview

overview

6

Static

static

3

Metal_Installer.exe

windows10-2004-x64

6

Metal_Installer.exe

windows10-1703-x64

6

Resubmissions

01/07/2024, 14:45

240701-r4wtta1cjl 6

01/07/2024, 14:43

240701-r32cxa1bpq 3

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 14:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Metal_Installer.exe

  • Size

    18KB

  • MD5

    4be66daccc2136add7fbe249c22bbed2

  • SHA1

    1befb19046317ac6ab16ccd975cbf6d629226f88

  • SHA256

    c712c98bbf5a1a57ffc2e2a2292ea854afd574fdde028390a0d9554e508707de

  • SHA512

    8f47289256e6f16788ec0b4a14bae68f65e39c4c7448dbff8f275edd920cb79ab5b0f0667982ba6e35f3f71cc5b987fa6bf411b3aa9ef4aa131e6256b03134c9

  • SSDEEP

    384:sMVZy1rgPxLn2y+7E0mlw9rlrHSXCw8rhxEJF3a:sGM1Lml9r8da3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Metal_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Metal_Installer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 2772
      2⤵
      • Program crash
      PID:4840
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4512,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8
    1⤵
      PID:3912
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1992
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4872 -ip 4872
        1⤵
          PID:644
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4704

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\Default\Extension State\CURRENT
                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
                Filesize

                41B

                MD5

                5af87dfd673ba2115e2fcf5cfdb727ab

                SHA1

                d5b5bbf396dc291274584ef71f444f420b6056f1

                SHA256

                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                SHA512

                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
                Filesize

                24B

                MD5

                54cb446f628b2ea4a5bce5769910512e

                SHA1

                c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                SHA256

                fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                SHA512

                8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\GrShaderCache\f_000003
                Filesize

                16KB

                MD5

                d71f480fe9613e18cf6fc457afa8443c

                SHA1

                b508499f4b5e643f014901face9c51b70cea50fe

                SHA256

                606f1b5461bbfcf15c687d615a33c79c9bf7b409275d23358e4f56a75c1b43cb

                SHA512

                e229242a15c7fca3b133ee1d7c2a04f4fa42fb6aae0af557b114291b76fe3d5a09bf99a32bba8ef771d05d976367bb5415879e4b8d9e89bec7dbab75d12c5314

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
                Filesize

                8KB

                MD5

                cf89d16bb9107c631daabf0c0ee58efb

                SHA1

                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                SHA256

                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                SHA512

                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
                Filesize

                264KB

                MD5

                adb7563e1cd0843b09da4f8f7c6d822e

                SHA1

                0d47a7ae6c46aa7d6beecd064f10796853e7932d

                SHA256

                ee459ac7ee50e945149e47f0b9dd9fd8b5fd175d08087b428e514d82343f9927

                SHA512

                f97eb6ba3d8df15933fd8a731bbc9248b7ec2c9d34753130c525c74078f4f2b9eef433d84153ef169605259ad77a59569c220ddeb76766f130886c44544a5740

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
                Filesize

                8KB

                MD5

                0962291d6d367570bee5454721c17e11

                SHA1

                59d10a893ef321a706a9255176761366115bedcb

                SHA256

                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                SHA512

                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Metal_Launcher\Metal_Launcher\MetalB.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
                Filesize

                8KB

                MD5

                41876349cb12d6db992f1309f22df3f0

                SHA1

                5cf26b3420fc0302cd0a71e8d029739b8765be27

                SHA256

                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                SHA512

                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                Download Submit

              • memory/4704-786-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-788-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-792-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-793-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-796-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-797-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-798-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-794-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-795-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4704-787-0x000001ADEF940000-0x000001ADEF941000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4872-3-0x0000000009C90000-0x0000000009C98000-memory.dmp

                Filesize

                32KB

                Download

              • memory/4872-784-0x0000000074E30000-0x00000000755E0000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4872-785-0x0000000074E30000-0x00000000755E0000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4872-0-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4872-783-0x0000000074E30000-0x00000000755E0000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4872-782-0x0000000074E3E000-0x0000000074E3F000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4872-1-0x0000000000C10000-0x0000000000C1A000-memory.dmp

                Filesize

                40KB

                Download

              • memory/4872-2-0x0000000074E30000-0x00000000755E0000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4872-9-0x0000000009BB0000-0x0000000009BC2000-memory.dmp

                Filesize

                72KB

                Download

              • memory/4872-4-0x0000000074E30000-0x00000000755E0000-memory.dmp

                Filesize

                7.7MB

                Download

              • memory/4872-5-0x0000000009D10000-0x0000000009D48000-memory.dmp

                Filesize

                224KB

                Download

              • memory/4872-6-0x0000000009CF0000-0x0000000009CFE000-memory.dmp

                Filesize

                56KB

                Download

              • memory/4872-7-0x0000000005C30000-0x0000000005C3A000-memory.dmp

                Filesize

                40KB

                Download