Resubmissions

21/09/2024, 16:57

240921-vgn28stckl 6

21/09/2024, 12:04

240921-n8n3zs1dlg 6

Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 16:57

General

  • Target

    Meteorite_0.3.0_x64_en-US.msi

  • Size

    5.6MB

  • MD5

    196f000d6929e1ce6f79e581fec37e2c

  • SHA1

    8e904fd9477ffa493acfe0631c249002944c0e88

  • SHA256

    828d5c8ff19fb394f8444acfdb6dfd4030a0d3122cce2272452e34f5393f4972

  • SHA512

    1b4b643a26f34e7cc48407f9fc9a07f1705e93d7c7f7a5a421f8861a8a3971c15931a7ee091e4aef37fb3a606b5656843d081b0e8fca8ae046d81f52abb5bd42

  • SSDEEP

    98304:zllounibAOzWM+JczBnjAt2hxiS0gCMjiZJqrtqa4TAKlGyA08dysDdkSbTry:rodh1FnOSnOZJGtZ4kK6ZQidkSb

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Meteorite_0.3.0_x64_en-US.msi
    1⤵
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:876
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads