Overview
overview
6Static
static
11b9922.msi
windows7-x64
61b9922.msi
windows10-2004-x64
61b9927.msi
windows7-x64
61b9927.msi
windows10-2004-x64
61cc2ce.msi
windows7-x64
61cc2ce.msi
windows10-2004-x64
62c7f8ce.msi
windows7-x64
62c7f8ce.msi
windows10-2004-x64
633710a8.msi
windows7-x64
633710a8.msi
windows10-2004-x64
637266.msi
windows7-x64
637266.msi
windows10-2004-x64
64514efe.msi
windows7-x64
64514efe.msi
windows10-2004-x64
65d068db.msi
windows7-x64
5d068db.msi
windows10-2004-x64
6747d8af.msi
windows7-x64
6747d8af.msi
windows10-2004-x64
6747d8b8.msi
windows7-x64
6747d8b8.msi
windows10-2004-x64
6802010b.msi
windows7-x64
6802010b.msi
windows10-2004-x64
696d2337.msi
windows7-x64
696d2337.msi
windows10-2004-x64
69c74ce.msi
windows7-x64
69c74ce.msi
windows10-2004-x64
69c74d2.msi
windows7-x64
69c74d2.msi
windows10-2004-x64
69c74d7.msi
windows7-x64
69c74d7.msi
windows10-2004-x64
69c74df.msi
windows7-x64
69c74df.msi
windows10-2004-x64
6Analysis
-
max time kernel
105s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 21:28
Static task
static1
Behavioral task
behavioral1
Sample
1b9922.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
1b9922.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
1b9927.msi
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
1b9927.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
1cc2ce.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
1cc2ce.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
2c7f8ce.msi
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
2c7f8ce.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
33710a8.msi
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
33710a8.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
37266.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
37266.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
4514efe.msi
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
4514efe.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
5d068db.msi
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
5d068db.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
747d8af.msi
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
747d8af.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
747d8b8.msi
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
747d8b8.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
802010b.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
802010b.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
96d2337.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
96d2337.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
9c74ce.msi
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
9c74ce.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
9c74d2.msi
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
9c74d2.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
9c74d7.msi
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
9c74d7.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
9c74df.msi
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral32
Sample
9c74df.msi
Resource
win10v2004-20240704-en
windows10-2004-x64
General
-
Target
4514efe.msi
-
Size
104.0MB
-
MD5
339876c7c3b2ea57c0be4bbf6de32155
-
SHA1
a8925dc792c038a1e3cff94122e3aaadc563f06f
-
SHA256
95b05230f761da90c64e88f6456000d331cf9591b546e5850e7f065a179dbbe6
-
SHA512
7d03ed9728e3aaa957455584480085acfa2953eb547670e85590569f2e009aba7bb552bad406336a6ee22c65acf52da632504ce716ced2bb8bb18fa1e03ae187
-
SSDEEP
3145728:4Tdp/Gww7IEwmuQYIuSwHn9B4mzL8M6Wfw:4Fw70RQYIfwM6Q7+w
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe -
Loads dropped DLL 5 IoCs
pid Process 4940 MsiExec.exe 4940 MsiExec.exe 4940 MsiExec.exe 4940 MsiExec.exe 4940 MsiExec.exe -
Event Triggered Execution: Installer Packages 1 TTPs 1 IoCs
pid Process 4384 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4384 msiexec.exe Token: SeIncreaseQuotaPrivilege 4384 msiexec.exe Token: SeSecurityPrivilege 4172 msiexec.exe Token: SeCreateTokenPrivilege 4384 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4384 msiexec.exe Token: SeLockMemoryPrivilege 4384 msiexec.exe Token: SeIncreaseQuotaPrivilege 4384 msiexec.exe Token: SeMachineAccountPrivilege 4384 msiexec.exe Token: SeTcbPrivilege 4384 msiexec.exe Token: SeSecurityPrivilege 4384 msiexec.exe Token: SeTakeOwnershipPrivilege 4384 msiexec.exe Token: SeLoadDriverPrivilege 4384 msiexec.exe Token: SeSystemProfilePrivilege 4384 msiexec.exe Token: SeSystemtimePrivilege 4384 msiexec.exe Token: SeProfSingleProcessPrivilege 4384 msiexec.exe Token: SeIncBasePriorityPrivilege 4384 msiexec.exe Token: SeCreatePagefilePrivilege 4384 msiexec.exe Token: SeCreatePermanentPrivilege 4384 msiexec.exe Token: SeBackupPrivilege 4384 msiexec.exe Token: SeRestorePrivilege 4384 msiexec.exe Token: SeShutdownPrivilege 4384 msiexec.exe Token: SeDebugPrivilege 4384 msiexec.exe Token: SeAuditPrivilege 4384 msiexec.exe Token: SeSystemEnvironmentPrivilege 4384 msiexec.exe Token: SeChangeNotifyPrivilege 4384 msiexec.exe Token: SeRemoteShutdownPrivilege 4384 msiexec.exe Token: SeUndockPrivilege 4384 msiexec.exe Token: SeSyncAgentPrivilege 4384 msiexec.exe Token: SeEnableDelegationPrivilege 4384 msiexec.exe Token: SeManageVolumePrivilege 4384 msiexec.exe Token: SeImpersonatePrivilege 4384 msiexec.exe Token: SeCreateGlobalPrivilege 4384 msiexec.exe Token: SeCreateTokenPrivilege 4384 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4384 msiexec.exe Token: SeLockMemoryPrivilege 4384 msiexec.exe Token: SeIncreaseQuotaPrivilege 4384 msiexec.exe Token: SeMachineAccountPrivilege 4384 msiexec.exe Token: SeTcbPrivilege 4384 msiexec.exe Token: SeSecurityPrivilege 4384 msiexec.exe Token: SeTakeOwnershipPrivilege 4384 msiexec.exe Token: SeLoadDriverPrivilege 4384 msiexec.exe Token: SeSystemProfilePrivilege 4384 msiexec.exe Token: SeSystemtimePrivilege 4384 msiexec.exe Token: SeProfSingleProcessPrivilege 4384 msiexec.exe Token: SeIncBasePriorityPrivilege 4384 msiexec.exe Token: SeCreatePagefilePrivilege 4384 msiexec.exe Token: SeCreatePermanentPrivilege 4384 msiexec.exe Token: SeBackupPrivilege 4384 msiexec.exe Token: SeRestorePrivilege 4384 msiexec.exe Token: SeShutdownPrivilege 4384 msiexec.exe Token: SeDebugPrivilege 4384 msiexec.exe Token: SeAuditPrivilege 4384 msiexec.exe Token: SeSystemEnvironmentPrivilege 4384 msiexec.exe Token: SeChangeNotifyPrivilege 4384 msiexec.exe Token: SeRemoteShutdownPrivilege 4384 msiexec.exe Token: SeUndockPrivilege 4384 msiexec.exe Token: SeSyncAgentPrivilege 4384 msiexec.exe Token: SeEnableDelegationPrivilege 4384 msiexec.exe Token: SeManageVolumePrivilege 4384 msiexec.exe Token: SeImpersonatePrivilege 4384 msiexec.exe Token: SeCreateGlobalPrivilege 4384 msiexec.exe Token: SeCreateTokenPrivilege 4384 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4384 msiexec.exe Token: SeLockMemoryPrivilege 4384 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4384 msiexec.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4172 wrote to memory of 4940 4172 msiexec.exe 86 PID 4172 wrote to memory of 4940 4172 msiexec.exe 86
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\4514efe.msi1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4384
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4172 -
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding EE6A4C41121B34F536771A34B0261C8F C2⤵
- Loads dropped DLL
PID:4940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
324KB
MD5d045098c42378ebe26f6da17977551ee
SHA180a93acee96419dd9c44d0d15d7518aea21f782a
SHA25692b89b56400e8d01a813513ef8af685fb23adcaba49d7775853e650266b2f63a
SHA5129e110110c6ec6aa43e64069744901c955ac90253a036b9837d2e0150c5da97cb8f927db4a36e9f289684c3b91724a4d93aa189a3fde9d06d07d62dd4b8c08a35