Overview

overview

8

Static

static

1

HTTPDebuggerPro.msi

windows10-2004-x64

8

HTTPDebuggerPro.msi

windows11-21h2-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HTTPDebuggerPro.msi

  • Size

    10.4MB

  • MD5

    da7e08ef168ee4662ff1878202303a36

  • SHA1

    df3bc617162a0f5f5e854403f5dc1e00e093e498

  • SHA256

    ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69

  • SHA512

    bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974

  • SSDEEP

    196608:I0juQ6vXkAs3lJiZvWFsd0EMdPfR9kngqVepxvwyd+wNQ3jOPw8pJN6sR:I0jT6vXj2I+FifM5Bqcvvu3jgJN6sR

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 24 IoCs
  • Drops file in Windows directory 11 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 10 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 7 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\HTTPDebuggerPro.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4972
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1B3ADA72B0F2ABB1EA14E362137A2209 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5036
      • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
        "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:4344
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2800
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 976738C0F97CB47A2AE4EDF9AA788DAE
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1644
      • C:\Windows\syswow64\MsiExec.exe
        "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll"
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:848
      • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
        "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe" /install
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3676
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:3588
    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
      "C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe"
      1⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      PID:2328

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e58005a.rbs
      Filesize

      13KB

      MD5

      f30ce16f48d5b9812552d43cea594947

      SHA1

      e9d29aef1e41b9d1619b518a5bce6cf3ce167f79

      SHA256

      3bf52a4ac7e89d8cffaffade1f6d2674d9e3b257d71d5d0e3c40465b41ef90d3

      SHA512

      1c23bd6d180185f4c630e924494f50fe094b4895e7fc9302f783e46c4535e72761c7b38970de4ce9e3d3bddfd1e57af05fa75556dc198d9a6672668e5950e0b3

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerBrowser.dll
      Filesize

      575KB

      MD5

      4facbaab17f633d153a7b53fb483b22f

      SHA1

      9e0e7bfbe927b1a77133380a2f76531b9416962a

      SHA256

      c557b766a00fd4ba6950c08c6133c20e4dd800139a19d271d46d6feb31ebf870

      SHA512

      86cccef12998201c28c257204cdcfdd339ac5e65c5d6627ffa6e5d88f57bdd94812dd7f657bbd3b01b88679abe92343496be775f2d7ac1f3d59573a0b696d832

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerSvc.exe
      Filesize

      1.5MB

      MD5

      5b3c641fd1b48108810cc12b1971ffc2

      SHA1

      0d38bdd2d0654391b4737db591f2f1e19a9d8a3f

      SHA256

      f6c8009319b95d3d94c8858d831563b2568f98dda478b6a784ba5a828374e7fb

      SHA512

      4c2888ad3632bcb9efe06fc15c65c7a0ff9f5382e272ff7402f00a701a8aa3a4d9e467630085dc47fb9735ded898e995af1e6259472f0f4954d77b55f2f8944a

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe
      Filesize

      8.1MB

      MD5

      d6ab0e25b4f76ca11acb71eb290938d5

      SHA1

      0269f40ec4936edf9eed2b1065a631dd895776e4

      SHA256

      555b66eabf40ca228d6a285862e622b662a528ffb68aa01a3bb27b4132188de0

      SHA512

      5417a45ef64accfc7fc5b282c089b2046677f74249436ab4112ff5626cd6ffe5e9524012f093faf13eb108199a0c281ed5f5f7feef6a7db38ed1408d10e6039d

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\Styles\Office2016.dll
      Filesize

      3.9MB

      MD5

      591dde57b17d9fcbdbc892cf1a7d3610

      SHA1

      1c2c32d101010165c471c6d5b01ef67c3224f6ff

      SHA256

      7d7d55ab604078e69070e2d162d77ee286e2faf748a52401a64f79824cb3b59d

      SHA512

      fc4bb5858a2b568c344a9b419176ed6e239e468c4eec9e76eba5a35c8bc97b5947bf1f7055544c5fd5b4d67d11e1ade5496057168b0fcf53afffc4595fb67bc6

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\cximagecrt.dll
      Filesize

      1023KB

      MD5

      a2fe19b6b766a12017c8be442ad0cef2

      SHA1

      9e5bed747e57e7c7141fabe3d9cb12c863d4b2f5

      SHA256

      35b71d192854edc95248f77deb824f034e903447319459aaf454269650fd51d3

      SHA512

      9969acf85432029810cd1eb2f7a65a3bc19d603749ecdcd2301645ad342bfc29d977c067a081a395afea4f9a5d199c982c4374d2fe6a2cedd9ff659af2101c7e

      Download Submit

    • C:\Program Files (x86)\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sys
      Filesize

      97KB

      MD5

      947c624c4bd48f8c66fcd00fc0f947d4

      SHA1

      5266036308e0d0eb837cc3126dba5a0b6ec270fc

      SHA256

      2e89606775ed719b9d950ae9d37e819a2567426fbe5c3e0aad8d86fec693b67b

      SHA512

      2fd940253eb2c4f9da9ceb9516b811f28bd8187fb3d819a86f0ec37f98c30d0a9b510652b0f615fe15cdcec1bfeff435da7b42407bb29faf2b1d58ce13508fc6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
      Filesize

      765B

      MD5

      01065a09c71d25c6c7602f826b45f3da

      SHA1

      4fb03bf1ca148a3717c108f00b40a7a9456a0216

      SHA256

      ad27a1045d9cf5a5fbf5dd3257c22eba09b13acfe3e59e9785e76fac904bdbb5

      SHA512

      fe5ca37a416965b28573cf7cba1d37aabee715c8d0f00fe4345191471c27f7831134be20e5dfa662005e2ed53c69052cdba812a82752684fa1dbc8655564a384

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
      Filesize

      638B

      MD5

      8a024a9e772de6cd991ee0ec49f70d87

      SHA1

      bcafcecf42175dd2f70f89e68d8fb42f8da6b10e

      SHA256

      9291d3ed7d1436ced91df4373b9cc1accc02f869d1bed24780f0ff8e8017659a

      SHA512

      8a1a5bb139dd94280024ed32478049230c3d92a342c070985cbcf7c7a061d2c6491a01fc370f2a31367200f2bd3be1ca575fb5605cc06a3e3b6d6811c5655285

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
      Filesize

      1KB

      MD5

      c118ce3b46def8ae281049aa1bdce687

      SHA1

      03a2ddd41d9cf5637f388970d995eefaf6e2b2a2

      SHA256

      f480be175b0c2b894f609dbf9d4defc789dd56bb81673d7168bb97e91396cf71

      SHA512

      51279b72b2f38950239218972fdd7549e9bc66325bf0aebb85feec909a01dafa2cf9c5ce789eaa9fbaf979b5f4a77899d41eafe4cd7166ec8d05bbf5c4fe73d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
      Filesize

      484B

      MD5

      b8df3b68c2368160a6d98756a45775c4

      SHA1

      d30924c6baa4102ba96f9df997ab5830c3f0a23b

      SHA256

      136d73f5d3edc7429bc2de89e192b739260b50295ba5e0da137ed54f1c55c460

      SHA512

      c04d680107fd9e568d6015b6ee81141e01e37b1d4ac508e3ae8d98e71203d40f58a186c04fcc26380ac11618399cefb9331a1bb89c4817c3460770e93bb267cb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_76733C28E3E87E78CF09C0BB924E316A
      Filesize

      496B

      MD5

      036dce94ac1eb245161064951653d36e

      SHA1

      4dd9f0a63f8f091efd9badaac36de43c0fafae3d

      SHA256

      057cd42eeb080d0bf46aaf2a99c0c520ee04c54d2cbb208d7b2b39ee778ea9f7

      SHA512

      5cfdb5875f4817f84ab40182c33fd720abb8d0ca109c019a061cf30ec8a97b676c383ffc04cd73c5360cf99bca27d58a91359921064b069995be0cf8ae1cc18d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
      Filesize

      482B

      MD5

      680150beb318767ad29ace7e90151420

      SHA1

      4ef3ec526b0826f6f9e7b5ca33027dd18449deb3

      SHA256

      c23c37ade5e9037e2a5a64f6c59065d761806fd32b0dd8f91b017d05cd91e516

      SHA512

      8c2098e3d55019b26e5593bc7f7f1a99ff45ab98651ed03bf5550e7845a99598f651500f70a40d816a5098aee1f63bfc89c90ba599d247cd0c0d6540a126bf4b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIB2E5.tmp
      Filesize

      90KB

      MD5

      6a9c36332255fca66c688c75aa68e1de

      SHA1

      2a03e2a5e6a8d9e2b0cfb4e2cc1923d9c08578c1

      SHA256

      7b7ebada5da99a20c44eaf77e6d673985da42d9b7cb4f5e4235b7579581ae170

      SHA512

      a638c48026f2a0b565b34d7d0dfacfec4f582e698f88234521a6fcff1ed90c134f39aa3311cca2a67e401de01f81cac01d9f792f189127e0f87a345076827627

      Download Submit

    • C:\Windows\Installer\e580059.msi
      Filesize

      10.4MB

      MD5

      da7e08ef168ee4662ff1878202303a36

      SHA1

      df3bc617162a0f5f5e854403f5dc1e00e093e498

      SHA256

      ed9e8f5fda10a14fbce76252b111a031bc4f3351e9eb342ea4edf6b6d16add69

      SHA512

      bd248c68077a6aa1d6120cd3401770b09762cd75010a30b40cdd46196c726bce2fffa9036a2e3f47bbdbe4b935b9252c7ea38f4947d5ef187831d274a13b8974

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.7MB

      MD5

      dcd836181db85d5e1866d5c2d99422d2

      SHA1

      984f400b192da2ead032bb342fb3192a5b0d9ca2

      SHA256

      f791587508b1671d7a5aa44f2967d6bb21e2d6a25e897d193c7d0544046b45fd

      SHA512

      e80bb9865081215ffd33431893711b68ecb4672b85194a623cde89e02a665a9f2ed4b707ce161ae4ebed38331b7dcc01767eaebbc67c7c9a454a7760770473af

      Download Submit

    • \??\Volume{8484aac9-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6a514b93-a709-471b-92a0-5ef3c935e1a7}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      36fec38d9722e846e7175a1446017341

      SHA1

      e8212357c81edd82dee7726b9ed65d29c1aa05fa

      SHA256

      04f8bd6400a752b749ba85fa6bbf075ecbb15228d5faeefbd7de51ea75765173

      SHA512

      fc2066a293d22604e5ee90d44266e6edcd7866e7dece39d5cd4b3c8795574ce567950b33e284ccd762067249bdd1291c864b10274c894e288a3a8adad09471e9

      Download Submit