Overview

overview

6

Static

static

1

2.msi

windows7-x64

6

Analysis

  • max time kernel
    64s
  • max time network
    70s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 16:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2.msi

  • Size

    204.4MB

  • MD5

    d56f8564ede70a17c9517289b17951fc

  • SHA1

    6d2a4ed0ddb7502dd566a8882fdd7229e11dfadd

  • SHA256

    a99a13eb3ba9308003959f910d7ffc9bc8c983af5ce207d091a6910a85e58df5

  • SHA512

    24a45a4e888d9324b31295d3a6d421d14d5acf465f9e7a9f63c14775ff0745901816df6089888128d496f8ddcfecc147bb30eb68b42c529b83a212674049714b

  • SSDEEP

    6291456:tM47s7DTdQh1lChUN87ILKGvGDUdjykq5S:tn4Sh/CON87gn5

Score
6/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 3 IoCs
  • Event Triggered Execution: Installer Packages 1 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\2.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1740
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\system32\MsiExec.exe
      C:\Windows\system32\MsiExec.exe -Embedding 1CDB8699BB32C246C049F105275376DF C
      2⤵
      • Loads dropped DLL
      PID:1596
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 8551AACFE118D37DF9A151D04776A820 C
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://support.passware.com/home
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2084

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_5AF4A202BBC43FDC0CCC038EAC137D1A
          Filesize

          471B

          MD5

          01204278f2d1464876ffdf60684b7878

          SHA1

          f266b174c0df98b1115334f9805fa9a0ee276682

          SHA256

          7663590875282b57f989e9f524581f567869c02010f1ad8f9b2869ce260efd60

          SHA512

          64b8acf2a6cc8893a0bbd34fa4c6a8ff2e657c5ce09fba40039638a41d9499e247a2b90e7a3f6c6759543ca83f0d221ce51ce5892ef296a9537772d1771404bf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
          Filesize

          192B

          MD5

          79fa0ac35e08c0dfab9a04c780cb6541

          SHA1

          8b91ec0bfdf9e8d288386dfb498c072f5777c2c9

          SHA256

          ccbddeed3c03f43aa55b8f007a8bc4b556ab781d7b4ef2b5d5d0b9c1a7700dda

          SHA512

          03d4778e948425e05a1437204aefd21fb0cf54db714845878643e78eb0fad547770e9406c995aa561205c56f1816b8fd911f3db7723dd528002336addb99cc7d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          76353e0dd3d58e7e4785be8f9d97872a

          SHA1

          03d6155f66155c69bef7eae235ad28ee6e7284d2

          SHA256

          62fa1aa3a60a445e071bff45360dd4f80e548b383ac3815995f4582cf795e824

          SHA512

          56399c7430fcc4660aef2432f536c1316aa1f8893d85bff5d51f1f56bd34feaeac24e2a2aff62720990e6b868fa13bf9b4127bec02a7dfa78248c9462acd9c18

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa8c81abf91cd52ea7e70fcf1926b12b

          SHA1

          353f139d9abb87d63408343df3def42fc27587ae

          SHA256

          b0a9d55f943328c2d544a58522a2671c15f2ee91057c7860df5d4d995fe5a25c

          SHA512

          ce2b868112a88a50cea0e017025f9206cf4981e34b207a2fd2d1346cfdd6d6b13d72ffe15e3b1e7981e8be98dbccc90ad47ea1a78b6de8f7fd5f6f012a247486

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8d50d9dd1b03f3946856cfdfcf0633db

          SHA1

          8a49328941ed5265cc57aaaba606eee4566180c3

          SHA256

          8dbd17c00b0bb6bdc568f62d0415c40e4a68caa03f3c0e9a44e4d6bacfc58267

          SHA512

          6525b1273fde9d553e5d146472651c6493257baa363fd04912dad930881d9b3a9fd068a17609be1e69110d6a86527c822506dadff0ddfbee163615db8f27f59e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          93425c7bad6ce3a380acb1f3d3834f29

          SHA1

          897f11fbac352356b4c6058e6abd26d4ea63a2dd

          SHA256

          bdd35b3d64a4ac6ab500e2eaee9c170d366a9cc1e3e6869b9a11b55565b00acd

          SHA512

          cc15311883907ded7042ee3b5a3bffd4969bcd4a0f86074979ba361f4d24c65d02b2ace07699acae7216ed6da7a597a8f9d74fe9caffda7eb2cd6e3d425d73b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f66d561dcf5d8cbe5dfcbbd78a99d43c

          SHA1

          1262666982adbe136f14a9be8070cfe1f80da59e

          SHA256

          8715eedb7ca98e45acbeffa29d0d0fe22172bec22354236908c5301e28c6e3fa

          SHA512

          a16fdd144c809ffcebea711a43b337b665cff77eb4b3232c49debfe2720a02d45b6652905def34299d8bb2dd8d1b344bb1e9ecfe3ee169cb7017beed2a7456b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5e452c94e587ac3c3c54c74e20cca057

          SHA1

          d3bfab4a2a2db59f9c560298412c765feb354529

          SHA256

          06e1aa6cc584906d107f716a8dd89239a9bd3c4fbf42fefdae2d9a99e4273723

          SHA512

          ebb6ff67915c7b838f81fb5c57ea60236d47f8e485a4949317929d7c71e2044f3e5629810c77c73406593945e6aa29bd6697bc52d11a07640a5b2d271a05dd8d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f6005a6fbf3965423554218b5813f36

          SHA1

          ac58240d0db173997d5a26c18dcec22e9c2bacdd

          SHA256

          bc980372b2f7f8fdc0ffd6f2d17771c6b223f660458a8f06230babd47c61c772

          SHA512

          9d76704b1134610aef9a9af20616771b0233dbbe0e9fb2682f3dc499bb25ede07271b11559db32f247897005391081ee7c589eb8355bf00b4ac4a1f1decb5336

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          038a24382e900fbf0e49b467e9099852

          SHA1

          0f4a1e536716fe803365b85ebd9488caa3eb9041

          SHA256

          c6f5db2f78da06648ef909e6c6117cbf552d3bf4802e5ef588432c941ba70788

          SHA512

          07479007529fb33fc53f7ec1ea91ef25ade7a5c35506165e01839f58e7078bc733270e4e8623b97a6a4af95143be5f8af9c573e0e21b88ec925e711c9fb0114a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7bbf7317c8a6832b21ea6de7e09f3fd6

          SHA1

          d07e5b4b9db7c3debf001e29c6552bbe6732e471

          SHA256

          bf5fb690009dd1eaaa9a0470f502d848b19a217d669d5e439e611b34ea91157f

          SHA512

          c0ff7e6a4f1ea5cada680675052cd1de287e4cc7dac286347033a60d3fa19036bad9543caed3649033166112c51ea2afda9d4c888af712415a1fd4cf7be3bf88

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f36df742789dbaeb4f08ea04043ab23f

          SHA1

          173245e4d50d128419e3971b209ddd0c20b6154a

          SHA256

          dd661c0b214f0aba255f9b0d5b19ff34a43ff0f0157251ff921935e22b9c018b

          SHA512

          334c42f41fcd4ee2e8cc7f13e35df963ee14d46a634ff341a63c0ae1a741dcaeac61a08ce997aea6f802b615d42ff585b0b1242a4ebeca654d4fd3316db454cb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          89b0f9a7854f2f808f6b6792f1381835

          SHA1

          da921042b9a1c13cc15fdd89dcc8dfea3c3ec7af

          SHA256

          01876093f02292cab7bc95eb83f4de8f720fcb21555a55663628a2400c35c19b

          SHA512

          3d1a336f171fd742f0904e3ea1147e61de831e6b7c22012f75556ced10e5c636dcffc6c020915c626a7decd1ea9489fd8d630309ea62530b4dff93c52ee1b06b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          781b0d617ee10fee11b941749eb4ad1d

          SHA1

          2ae65f0d53658afb0b1e78d43b4cc08cee68823e

          SHA256

          dcaf69e891a83c761f4f0dc7b6bdc0611f4be0298f8da02754809348466171dd

          SHA512

          1cced6d567cf0c960c3ad19c28102c2b5078a2b51160e0147b3356b3ad86d7e4293782bfcd256347381bad491adc2afd67a58ec4f3cb50ea0c3fc124db55fc76

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c276d3ae66caeb3763644e95e21b4a6d

          SHA1

          6b6b9560eb291cfeff9f200bebee764b658df0e1

          SHA256

          f68a597c77a11bd5e25ca31bc7061d79ee7b6ccb44695aecd47eb13d48c71a29

          SHA512

          dc518bc64c0de28745fc17fbebabb8839d349a35398096cbd12cec1527c472794734ebc9dd6bcb7344cdd06eec7c47dce57076d7468633523dfba24776a53f6a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1784a87d48bca8283950e2f1a01f0807

          SHA1

          ad9eb853e3d80f7653648a6d035ce6124a7fefe8

          SHA256

          08abe5ac1de24d27200d3623ab3c6784baf59ee41a50b077c33e7f5b4855ad38

          SHA512

          b018183ddce9a66bd68c5025c2952964523248a05af59ea30e12502153d7624baa3f14129b76170c4d410cfac65830e020d536e0de6ec2fdfd987aabbec7a4d2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          250b2d64655559e2113ba3a30cde8b13

          SHA1

          f1671864cadc42c292c22e23d69625ad76f14223

          SHA256

          c27604486a59e94dbb623c43596c1faa62edd6248a5b8bb5a130ec2db7c51a2f

          SHA512

          95f349820aea6de28055822297e63769d841631abedbd21242bff0c3996892afd5fa182911842da7aa47171743444373081873a0131cca32a22b970ad45e0120

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29768c96e29d8057e3f66605f99997b9

          SHA1

          9f4c177e133dcd9a918843ccfb4f1abb03137211

          SHA256

          3483fd89db66227c365c38577ef526048bb5971f34e70c49819d73f56efd3ec4

          SHA512

          fee5392182c65cf4ca14ca41d28d908c2005046d1d8ff8d599a2a34d93a8e207095e8e445308ff4716714525fed19f42e48678d16f5191b98fe332171213c237

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
          Filesize

          34KB

          MD5

          7e768a0242bbce9240982d96da27b36e

          SHA1

          9577a3acfc6988a00441289e12c187f4f78ed633

          SHA256

          7e475ca15116ff670bd62ce6d06fe42f27d1d492d3dc54df24ef6a478dabc865

          SHA512

          a029698a65f82dc3a28b3557570dcede21389b327f8e35c2094bf4ec54a47538ce7b586072fb1a9129ee71ed75ade8876d0c027834e05095758ffb8a1e540711

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\eaaa6e06dadbb7026608a21a96dbc116a9af3d32[1].ico
          Filesize

          33KB

          MD5

          1b54da4943ff387f6cd0e571daa48e46

          SHA1

          eaaa6e06dadbb7026608a21a96dbc116a9af3d32

          SHA256

          bb408248a433f53717312bf19302f2a44f61ccfcbd3f5447d099c550f1ad6798

          SHA512

          53a1c2277548a5aaddf2443a3f084e90101a325571aa7da0742753ff11bdda03b472423fa2aa96050823cc849d574aba56146e9cc06fed40d840cc0a786c0644

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab196C.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MSI1C69.tmp
          Filesize

          1.1MB

          MD5

          91c75932ff725a052a423dc3d5f9fcbf

          SHA1

          4852946d78981553d3a065f2927d6e901ff4366b

          SHA256

          85f8019871b17726abf81ec2dfe520868cef499d1aca853e956209e34865941f

          SHA512

          81d5eedba1e49ee4328e71d0e96ea279a33295ab58e8d30146c4013d56ce4a308cd6de26d36b757a446cec943bf952a1cbefd2c79a97a245999f7b659dbcbd22

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\MSIB81D.tmp
          Filesize

          148KB

          MD5

          14c01c848d8452005734858a64b6784b

          SHA1

          d3d81fcd1267095880218ef09b92220248905ea8

          SHA256

          fa9b83479f1b955790325dc557624185a8c72df3e31870dae075437146858185

          SHA512

          8334c467c470c13b0245425d3bc1ba9676a04e1e015bec56122504d622e7e3858d5ad7950d09c155f3666a90b7d3c7b40f324d0786553d6e81711b7f38cf1d57

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar198E.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit