Overview

overview

6

Static

static

1

谷歌官�...��.msi

windows7-x64

6

谷歌官�...��.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    95s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    谷歌官网安装包.msi

  • Size

    18.9MB

  • MD5

    613f5baf5dc10b078583d76dc524638c

  • SHA1

    e418401b983ff628622f972e2b9c72f21e2e104b

  • SHA256

    4f814cc796e43cb4214554dc9e3d7c8512f8f6e6fa6969b3f6e781c1476968d5

  • SHA512

    822581b42b507bed664fc3f00db18a865011f23a547d6f73762a8d948b8f0e8791c624192dad3b6b00acb061d75d43208cdf09fbd90a5554638b10b56d1d8b5b

  • SSDEEP

    393216:9vbbOv23u55DQRaGtTT6GoX1YOL7/0Nib+EFpvMVdoH:xn4nftUVoXp7/0EyAMVdoH

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 15 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\谷歌官网安装包.msi
    1⤵
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3196
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 9419F875445833522528193D3B6CE58C C
      2⤵
      • Drops file in Windows directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\谷歌\谷歌\Eas安装7.exe
        "C:\Program Files (x86)\谷歌\谷歌\Eas安装7.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4488
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1B4F1DA56BBDD7A8B01F07F498B8B06F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57b0d2.rbs
    Filesize

    8KB

    MD5

    a8661a9c91fad21ebb4fb6b04bbf0500

    SHA1

    a94cafede989f098f15bf69801128f9d2512aa47

    SHA256

    a88a3d0180161fb8a910e5e01325e98dd57d4458bc43eab9a8527c556d788fc2

    SHA512

    4aa6d67cc6099c5672c22b5dfa2323657541cdc4453273051f6452aed9ec483f2fa540cbc6f50ea399a577ec3ab71e49d924f532bec2abba41778d52ddc3894e

    Download Submit

  • C:\Program Files (x86)\谷歌\谷歌\ChromeSetup.exe
    Filesize

    8.0MB

    MD5

    6146d80ddb9ab1d200feaef5c5782668

    SHA1

    0630776275c0186ed80796b502f93f49e5f4f07d

    SHA256

    c50158d713846589ea9021e7dd7ee845f261576b5ab919bf39262bc62cf1aa49

    SHA512

    eec3fe32ee0f223d52788464f33c146e38286c9a1d59f23dfb77bb9d7976fe89516da17fbe858c99f3811687a053eaf79a9e26df7cca29cd15696915cd3af44b

    Download Submit

  • C:\Program Files (x86)\谷歌\谷歌\Eas安装7.exe
    Filesize

    12.0MB

    MD5

    a36426519198480cfd977926587ca5ad

    SHA1

    47308f2d1c6d546edcbc1d1523e932afd40e8736

    SHA256

    8e9bc7263f880f504d8dce9e7cac6f144aa897f335975c154b60ffb07ae4962a

    SHA512

    1096a90a941c7725bfe4ba4273d3dad20bea7a31aeefda734e01142ad4664355f30f64dd94d5c03505bb416af99e2760778e2498763c0f483c7dbc93f251b583

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI8F8E.tmp
    Filesize

    557KB

    MD5

    e1423fc5ddaedc0152a09f4796243e31

    SHA1

    c92cec1fb6093d6922fe64719e583048fca12153

    SHA256

    3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

    SHA512

    fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI92B0.tmp
    Filesize

    703KB

    MD5

    59f4b7e8b960987b68b311660c99957a

    SHA1

    3ba452e27d4bf53e72bf28cde68240290e72e46f

    SHA256

    3b43d469e1f3656f948eabbd9e1ed99570a7962118fcfc9ccaa309eb657502bf

    SHA512

    64bd1ddbc90dfae6a7b34b67eaa32a0fd03e5ccff7e25f997dfb488f56b7ab2c7fab867915d05ba40f215216f87942d035e740edd64db7cb6df049a589dde27b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI92FF.tmp
    Filesize

    1.0MB

    MD5

    5566149fc623f29d55ca72018369c780

    SHA1

    8ae947ab0ae9182f1c09bd266ff360c0e8b88326

    SHA256

    a8c8ff2a0e754059b1f44ef69df492ef3cd582f3750f8c374037c9621069c608

    SHA512

    f9f49c930c3ead40f208482ab6f70a21a8495fd1c50b56a3f689eb53e8e7b8ca9a642bae2199fc80b6099bd3fdd3c4cfcd0d3a8cada47ebf23c7fcef87064cb5

    Download Submit

  • C:\Windows\Installer\e57b0d1.msi
    Filesize

    18.9MB

    MD5

    613f5baf5dc10b078583d76dc524638c

    SHA1

    e418401b983ff628622f972e2b9c72f21e2e104b

    SHA256

    4f814cc796e43cb4214554dc9e3d7c8512f8f6e6fa6969b3f6e781c1476968d5

    SHA512

    822581b42b507bed664fc3f00db18a865011f23a547d6f73762a8d948b8f0e8791c624192dad3b6b00acb061d75d43208cdf09fbd90a5554638b10b56d1d8b5b

    Download Submit