Overview
overview
10Static
static
3touchthegi...e4.dll
windows7-x64
3touchthegi...e4.dll
windows10-2004-x64
3touchthegi...i4.dll
windows7-x64
3touchthegi...i4.dll
windows10-2004-x64
3touchthegi...k4.dll
windows7-x64
3touchthegi...k4.dll
windows10-2004-x64
3touchthegi...t4.dll
windows7-x64
3touchthegi...t4.dll
windows10-2004-x64
3touchthegi...up.exe
windows7-x64
10touchthegi...up.exe
windows10-2004-x64
10touchthegi...cc.dll
windows7-x64
1touchthegi...cc.dll
windows10-2004-x64
1touchthegi...67.msi
windows7-x64
6touchthegi...67.msi
windows10-2004-x64
6touchthegi...67.msi
windows7-x64
6touchthegi...67.msi
windows10-2004-x64
6touchthegi...00.dll
windows7-x64
3touchthegi...00.dll
windows10-2004-x64
3touchthegi...00.dll
windows7-x64
3touchthegi...00.dll
windows10-2004-x64
3touchthegi...40.dll
windows7-x64
1touchthegi...40.dll
windows10-2004-x64
1touchthegi...40.dll
windows7-x64
1touchthegi...40.dll
windows10-2004-x64
1touchthegi...CE.dll
windows7-x64
3touchthegi...CE.dll
windows10-2004-x64
3touchthegi...GM.dll
windows7-x64
3touchthegi...GM.dll
windows10-2004-x64
3touchthegi...DE.dll
windows7-x64
3touchthegi...DE.dll
windows10-2004-x64
3touchthegi...OL.dll
windows7-x64
3touchthegi...OL.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 17:27
Static task
static1
Behavioral task
behavioral1
Sample
touchthegirl/QtCore4.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
touchthegirl/QtCore4.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
touchthegirl/QtGui4.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
touchthegirl/QtGui4.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
touchthegirl/QtNetwork4.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
touchthegirl/QtNetwork4.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
touchthegirl/QtWebKit4.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral8
Sample
touchthegirl/QtWebKit4.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
touchthegirl/Setup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
touchthegirl/Setup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
touchthegirl/ccme_ecc.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
touchthegirl/ccme_ecc.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
touchthegirl/icucnv67.msi
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
touchthegirl/icucnv67.msi
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
touchthegirl/icudt67.msi
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
touchthegirl/icudt67.msi
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
touchthegirl/msvcp100.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
touchthegirl/msvcp100.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
touchthegirl/msvcr100.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
touchthegirl/msvcr100.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
touchthegirl/vcomp140.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
touchthegirl/vcomp140.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
touchthegirl/vcruntime140.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
touchthegirl/vcruntime140.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
touchthegirl/x86/ACE.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
touchthegirl/x86/ACE.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
touchthegirl/x86/AGM.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
touchthegirl/x86/AGM.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
touchthegirl/x86/AIDE.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
touchthegirl/x86/AIDE.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
touchthegirl/x86/Acrobat/Acrobat32OL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
touchthegirl/x86/Acrobat/Acrobat32OL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
touchthegirl/icudt67.msi
-
Size
15KB
-
MD5
d73b8ebe06c05cddad49297f668b481e
-
SHA1
44b139944043d4c4c5a33e1782cd8256f3fa70aa
-
SHA256
6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
-
SHA512
8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6
-
SSDEEP
192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
msiexec.exeflow pid Process 6 2320 msiexec.exe 9 2320 msiexec.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exedescription ioc Process File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe -
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 32 IoCs
Processes:
msiexec.exemsiexec.exedescription pid Process Token: SeShutdownPrivilege 2320 msiexec.exe Token: SeIncreaseQuotaPrivilege 2320 msiexec.exe Token: SeSecurityPrivilege 1260 msiexec.exe Token: SeCreateTokenPrivilege 2320 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 2320 msiexec.exe Token: SeLockMemoryPrivilege 2320 msiexec.exe Token: SeIncreaseQuotaPrivilege 2320 msiexec.exe Token: SeMachineAccountPrivilege 2320 msiexec.exe Token: SeTcbPrivilege 2320 msiexec.exe Token: SeSecurityPrivilege 2320 msiexec.exe Token: SeTakeOwnershipPrivilege 2320 msiexec.exe Token: SeLoadDriverPrivilege 2320 msiexec.exe Token: SeSystemProfilePrivilege 2320 msiexec.exe Token: SeSystemtimePrivilege 2320 msiexec.exe Token: SeProfSingleProcessPrivilege 2320 msiexec.exe Token: SeIncBasePriorityPrivilege 2320 msiexec.exe Token: SeCreatePagefilePrivilege 2320 msiexec.exe Token: SeCreatePermanentPrivilege 2320 msiexec.exe Token: SeBackupPrivilege 2320 msiexec.exe Token: SeRestorePrivilege 2320 msiexec.exe Token: SeShutdownPrivilege 2320 msiexec.exe Token: SeDebugPrivilege 2320 msiexec.exe Token: SeAuditPrivilege 2320 msiexec.exe Token: SeSystemEnvironmentPrivilege 2320 msiexec.exe Token: SeChangeNotifyPrivilege 2320 msiexec.exe Token: SeRemoteShutdownPrivilege 2320 msiexec.exe Token: SeUndockPrivilege 2320 msiexec.exe Token: SeSyncAgentPrivilege 2320 msiexec.exe Token: SeEnableDelegationPrivilege 2320 msiexec.exe Token: SeManageVolumePrivilege 2320 msiexec.exe Token: SeImpersonatePrivilege 2320 msiexec.exe Token: SeCreateGlobalPrivilege 2320 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msiexec.exepid Process 2320 msiexec.exe 2320 msiexec.exe
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\touchthegirl\icudt67.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2320
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1260