Overview

overview

6

Static

static

1

XXMI-Launc....4.msi

windows7-x64

6

XXMI-Launc....4.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    51s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XXMI-Launcher-Installer-Online-v1.0.4.msi

  • Size

    87.1MB

  • MD5

    ade799235aaf27c7a98381a7813467ec

  • SHA1

    74dddc921c62363b9df68fe4a68cdcf569d23b47

  • SHA256

    68068ff8e4d417bdd54e14395fcaf965ddc0784343496d69f8ddce1f5ec89e80

  • SHA512

    b8ef4d5e58589d5d16ed10d51f55d5abfabc6f909a86a82115825250dc51362b4e836c827a586494c1220b9a6345c591ef4b07219c22e2fa4053831664cff48b

  • SSDEEP

    1572864:aWzi879+zykLmz37KOTZd9VUd7fEFqmMrAA1iHUw9oFdxPlY/NMvm6NsVY:agbOBEUdD1iH2lsmvm6im

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 8 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 25 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\XXMI-Launcher-Installer-Online-v1.0.4.msi
    1⤵
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2132
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 15D7BBA405154D89B793C242F8DCAD18 U
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Users\Admin\AppData\Local\Temp\MSI9946\EnhancedUI.exe
        EmbeddedUI.exe /embeddedui 2132
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        PID:2840
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 7AB247C15EA3D9C0857D32A1D3D86E8E C
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2784
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E9DDD00F43C9DEF36393799110DC19A4
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1684
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
      PID:1688
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004D0" "00000000000002D0"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\ProgressImagecopy.png
      Filesize

      1KB

      MD5

      7c44f5b82f26f61b5b3509f4ec993644

      SHA1

      5750c9e83e1adf011f3bdfd885ec2df23def0a7d

      SHA256

      4252dddc3c7d08b1bbccf386361b174bd4d6e779555894f03ffea6f32c516e23

      SHA512

      9bf2b0f0a6c8c812ca45716def6cf14a1a266bf09c1ea639c75d7b3c00219a1fa55ba747b22931369287a902ba0e123f30837538805a8d846bccc4e89c06f875

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\aboutbtndark
      Filesize

      1KB

      MD5

      b51b54b77e9cbfdb1063f7487c1c07ec

      SHA1

      8a8a7036cfbc86a537447bf71b9f6795923db8b9

      SHA256

      9d7243c688264329a8cb9e22da00b651e0a9407741d722e03dd67cc8b3ee1335

      SHA512

      04cef1aa3a530e7f03054369450eb42f36bf45c13c7445adf450ec4635a8601447c5bb6e978b3adabe9021019644681bf1609539eb548dd50ada973aac0c6555

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\applogodark.png
      Filesize

      2KB

      MD5

      b16b5f5c787e896842cfb4195764972c

      SHA1

      cb3e60098b06e8fa5bb777a2ee2b86171443dd08

      SHA256

      ed14c1e9b094e893185460f1e58f6bfd302baba51aec24f55a8f38f28d9c8ba7

      SHA512

      db811a720d88bee6aedd6e89c86a646b5d74e94bcc83caef4240baa30660f3b5288e34f598ba210c61d6c32547087baa2cebfd73be1cb62b74a3a1d023ec9890

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\background
      Filesize

      2KB

      MD5

      9e23da7c3cd3fb8113e698a12a3d3047

      SHA1

      6d021109495d77a53afe101f2b03a4da847e6d99

      SHA256

      b671008e5d4a15409051d7b3d2aa40f7c028e1dab5876c2882976793abb9356c

      SHA512

      65e885984681cee190764515f61bb8da3c29463b87f4371fff27ae4c4089af46c9b98910a847ec29d7368160d6aaf841fb93f1347c9abc47bce5cf997c8b4ef2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\backgrounddefault.png
      Filesize

      1.4MB

      MD5

      8c5879673ab4e62fcd2a7b424da76ece

      SHA1

      4b6774c6ba34032e36772395667da953646f5261

      SHA256

      87e3a66d88fce2b57debcb2445a44f51551df4210c0ee2922d7b4a16d9e8b2a4

      SHA512

      de95fdbac0698d6ea3bf5a2f254b8816a9cfb0ba3aff6ebfd366f21131e608fbf0145ecdbcd6d09137425dfd3b9a84ccac2e5aaf03357d0a74444eedb326aeaa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\buttoncustominstall.png
      Filesize

      4KB

      MD5

      f90b1793f37a50bfbd39f897eb01c9ce

      SHA1

      daf59b9720e422cb584d146b782e16ac9d7640f7

      SHA256

      a6af01e7d8b8c77c9229c84b76ce134e9c01ba70a7db467fdcff50305d5ee560

      SHA512

      31224b087e88d59d465d0a23332f17cb2994070a91c260b68d6c4b83298361026ca50e0907a9299d214c06b1d99349b9df3d17dbd4ba6b294b4242dc98d8077e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\buttonimgsdark
      Filesize

      1KB

      MD5

      d2cee1442309fe99e978f0316395d970

      SHA1

      957524b71a6a2228487f77748d50ff3adfe1e65e

      SHA256

      75fea1443a0af73756270c1840ed88b22301530ae5b9418a6bd1f45b62f8f1cd

      SHA512

      3972baf2f0facc70225b96019acc83c32c21a525b31fba81c537638face5dfda33deae2c9b082e33cf94f2e9db6b5f5ee79e904e331e8c88fe60dd2ea5752bef

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\buttoninstall.png
      Filesize

      5KB

      MD5

      d578c544196e2ce9efa0a0658004be7d

      SHA1

      c38dd1e3b9ed5fe8c53e14d334a3b3ba4e827b9f

      SHA256

      44110a589819c95cffe8b79ce1d57c7788d25ea51436fc919ac6007d110d7afd

      SHA512

      3b1e34a95c3f0bf2eb89450a2b33b2561b42d43935fe79df2e11b71e1df6ac1d04dcbd4c15e7167137309b753fb0151fce204dcff22542bc1318a7fc6d7b6545

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\buttonred.png
      Filesize

      4KB

      MD5

      84eaf9b942880507aa7c46688efa5104

      SHA1

      a4280f1886d35d89f381552d5bffa35382135833

      SHA256

      8947de972aab01d56a3a5db06e798379d054b356bf0e504939f51abe52b1927e

      SHA512

      f270012591686be59cb8b7aaf5938992790a030a05802c38b17980fa2f36f9546689893b317f772027db6cd5ab9d76cc1ecd94f8043b5bfde32950451b58a34f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\buttonsystemclose.png
      Filesize

      6KB

      MD5

      b3522bd4032f436520282b269f77c6cb

      SHA1

      7463d223b210eb6a37797f2b72c11d417bdc34fc

      SHA256

      01ad2a1436f97714af2e21edb948b06a2fd2ab62b460d9e5727ce2f6d3a8ddb9

      SHA512

      4be4b40eaf7ea1239ca821b229be682c144f4732d42b2e89e409f4cd08ffe18495bf65b0f32d61a14647d12f6208c3e681ff3180b9d7c96d15f25d1e6fdd0bd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\checkbox.png
      Filesize

      4KB

      MD5

      ee75cc1e40f4f18f43400067a536bad3

      SHA1

      de0e8fbef3ee8172fb8d511899e7d2441001a2d4

      SHA256

      b6930f5df4fad9c193bcee9a8bd2738834f821ea61a8e816d74edfee048ea8a4

      SHA512

      e7cfaa64b86859c643730805e9e92ff02d1cca28073ee8e86b6b7f368a2ffbcff0b19a5a30a98f0c77d07cba594110c3df7bf1dd8b9d6baf2bcc900d78156578

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\checkboximgs
      Filesize

      1KB

      MD5

      bf7ac146eb80de9d4d3e6b5a7998ebbf

      SHA1

      532b1bae084af1bb3a8880c47a509ce1bb804df3

      SHA256

      73616e9e679089cd5c580d5ef9cc96859f13509af8150fe081d67a1935ce4885

      SHA512

      ea5ed62de728d88cf598b0b9bb1da953b2ee7675cb71d04f022ce41b2697e0f02bef269181c09ede6c28c6946dd8944abbb487ab4be8b190fc9b72423ca4a905

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\checkboximgsdark
      Filesize

      1KB

      MD5

      da526c0caa0495a9c96ecc574cc5ff20

      SHA1

      f570c7cda9594f68950ebfad4497863eddf55097

      SHA256

      205a20e410235b12b18cf6b48e69edf1d8dc28e6ea9f4896baf3adeff33260ba

      SHA512

      600ea6951973b3f3efcb8649030ddedf223927b9cced03e8ce99b818f6a26b0d3f0f0075af0c696593db9086f422147ffa35dc4ba8fc10061fb4922024ad0c10

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\custominstallbtndark
      Filesize

      918B

      MD5

      9644532f7c320bf54dfe912d016b7b6b

      SHA1

      5867e7e4fbbae2cb922d76926e425ed846c44bcc

      SHA256

      d51beb033d366f295e3c342767dce17de6cb6395fb9086ff3063325f6df22f62

      SHA512

      717234ed347ab6f92c951085bfc0f91ba251f8bc65a00e00f67acf8ff31db452e09600cc5199fbc3b27e708494bb74c419e09cea37e648b1249ae96ef5726397

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\infoIconMsi
      Filesize

      14KB

      MD5

      8595d2a2d58310b448729e28649443d6

      SHA1

      08c1df6fbf692f21157b2276eb1988ac732ff93c

      SHA256

      27f13c4829994b214bb1a26eef474da67c521fd429536cb8421ba2f7c3e02b5f

      SHA512

      ae409b8f210067ac194875e8ebf6a04797df64fa92874646957b2213fb4a4f7da2427ef1ed8d35cd2832b2a065e050298bac0fc99c2a81de4a569a417c2a1037

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2840\windowicon.ico
      Filesize

      400KB

      MD5

      2be2a2e909b7be9beedee5decb627748

      SHA1

      8faab1507c1c831b09690b8bd9ac9ce637b9e257

      SHA256

      6e33614c8c42ecbaf6e7b3bf95759d5ebde4d889c9c3aedfecba347443242014

      SHA512

      f744c1e5e9b7184a7af68a988f3384a05ab5232022c7f131042854d5cc994a881ce9debd4b7c05174ab2532c0671ff94102a8c617297ffa57b0ec2f7b34a96f9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2129.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI6bc9d.LOG
      Filesize

      460B

      MD5

      e1ae603b16f4e9c0a487f0378e2e0c29

      SHA1

      735486a7ee6505cbdd5b8695a9b5a521bde5c24c

      SHA256

      316aedfbde5c2435eeb9570c0e22e9944aac8985c11064109fa73a2c6e91eb79

      SHA512

      e25e366433e2f77a4eb693cf911bd91936b27dff3ff0b5fc0eed2c017b04349094c3448459ee454f72ac0576c905600c7667a933b6487b954a84f756bc235c8a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI9946\embeddeduiproxy.dll
      Filesize

      308KB

      MD5

      8dc7199aea9216eea74b18cd32d3a20a

      SHA1

      fad20e6526edb9b3e1d4032603ad62c6b1172e07

      SHA256

      96e0fe57c2f2347e8994d6e3685c85a97b0c12f920eb37882d24bb0606fa915a

      SHA512

      032ee5b73e42747bcaf783fe2a1a7214331a608ba28bb45e427fa60e3d18d3289ceb763e6cc2f959c1bb058a15756f9b245b463750b0653de091429e66825f28

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIB8D4.tmp
      Filesize

      936KB

      MD5

      13056f6fc48a93c1268d690e554f4571

      SHA1

      b83de3638e8551a315bb51703762a9820a7e0688

      SHA256

      aeda49baf2d79da2f7a9266f1fb7884111c2620e187090321f5278af5131c996

      SHA512

      ca828b4248e399178a8614f941332d159a30bad0156df0d5f4c4ca9d74d0ccb61fac59f34c945f5f914e22ec639bd97718f76d21b452825b07fe4041d1a44824

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIBB59.tmp
      Filesize

      881KB

      MD5

      1dfd211901db1786649a911dfedc3f7f

      SHA1

      5785489170086bbfa69ac1c324b3437ca337d926

      SHA256

      7f4713f31958704586a9173759dc568dd48b21de022eeae19e5152ae2d011b4d

      SHA512

      4c7cd03d9067ce17f15df2ddb6073aa372999d00a4475dbc04b947232357b8cca27aaae1630a5a58959ade379d2b073c2df6b0e41fd97e7ded5bf8ab5ade93eb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIBBA8.tmp
      Filesize

      1.1MB

      MD5

      834b14d594a4e5d32b2c6a8a2b9c9e9d

      SHA1

      e23f0522085d11eaa9f7de30dd87508f9a15e777

      SHA256

      e5aff7492b86b6461591e93213b33c639db991b04ac63b5d07240d1777e554ff

      SHA512

      b054bb31911557461d7f86eeddd2028d1326d43826f95da958478640fc667b8389de61606e9f3b431baa20c27fed0fd54d93fc3534a19b81e5a6f1634b82d7d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar214B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MSI9946\EnhancedUI.exe
      Filesize

      3.9MB

      MD5

      766d9e2ec1d3aa3ae09f09b232b42911

      SHA1

      273b48ee5f64f36ef034252bc0d6fbf59d19197e

      SHA256

      30791eb229d55d42da62b7048b36bce26bd5dbc89e26056ddf042a951d519624

      SHA512

      13affca5db479eadee0a45e33845b19216e3c95fbf7715312fde79959d4c2225355b99e4c43cec8fcf1edb22aabdf50f94c94960ff1987c0d14d6abc6be43d9a

      Download Submit