Overview

overview

6

Static

static

1

Eufonia-Cl...64.msi

windows7-x64

6

Eufonia-Cl...64.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    1794s
  • max time network
    1803s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    28-09-2024 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eufonia-Client-windows-x86_64.msi

  • Size

    29.5MB

  • MD5

    043c5c1502dc00487a1dfd99b62732b2

  • SHA1

    67c284c5852bd2af91a55ec5d08f792de666e0bb

  • SHA256

    bb55abbc7bb2f87fcf349d3483497c76f8c9fb2923fe54f9d8c662fdc57a8c5a

  • SHA512

    8ae98e4bae3299095e9b3d668f5cea7155cc0eab471be6fbd278b15593fd79dda4de5ff45554ffeca5b5cfc0e8f4c6194acb55e12d18a2eeeb8596e4dbd8ed08

  • SSDEEP

    786432:GVuXoaq7A/9YtfMYsdBV05XO7rNBGFwgNE9H6F1Ioy:GUXoaqmQzYKO7poFBk6Lc

Score
6/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Eufonia-Client-windows-x86_64.msi
    1⤵
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3160
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4640
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=1304,i,15554696853514343836,10056627555468107043,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:8
    1⤵
      PID:1708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=4188,i,15554696853514343836,10056627555468107043,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
      1⤵
        PID:5096

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads