Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    17-11-2024 09:46

General

  • Target

    LauncherPred8.3.37Stablesetup.msi

  • Size

    11.4MB

  • MD5

    c628123d2539f5ae51b37a06bd179fc7

  • SHA1

    139dfe6164e7c6ba6e2360673cf75801fd2add36

  • SHA256

    f5dfa6b5d19d9334c69d24dd98f13cb30badacb6403b03afc47af4e267cbe0c2

  • SHA512

    3cc3af8065b138719bae90720aeb37b15bb9412631aba972dab1d8d42e7507fd1d4ba231c96a0fe4b32b67e450594a95fe6d0fbc858bf2018b02b6d83ccda567

  • SSDEEP

    196608:oEGAvNE+MNqCjsict52JykNWmKoahv02bfHJNeh5XK3zQlstPGaVB4L0iJP:QCBAK5XmooaBYhtKklkG

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Loads dropped DLL 3 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\LauncherPred8.3.37Stablesetup.msi
    1⤵
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2616
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A58E18B2862951A849DC5727A41B1727
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI69c9d.LOG

    Filesize

    21KB

    MD5

    af8552e496c71962ae4c0e1f63d73286

    SHA1

    eb98c9245737d018660b5a9c77a04a3116bd6318

    SHA256

    6c234cb8d589aa1e9b718d33f61f116ffd44659fc7d8f6440a31298a2b0d365d

    SHA512

    c0994ce4fa052af3d19f20bad445f74aef3cabf664cc5a0b4610309367aade5369dfe93f2e8581bd88d370edecac24b0b4b000b0de1473b9c4bc73137324ac30

  • C:\Windows\Installer\MSI9E71.tmp

    Filesize

    557KB

    MD5

    2c9c51ac508570303c6d46c0571ea3a1

    SHA1

    e3e0fe08fa11a43c8bca533f212bdf0704c726d5

    SHA256

    ff86c76a8d5846b3a1ad58ff2fd8e5a06a84eb5899cdee98e59c548d33335550

    SHA512

    df5f1def5aac44f39a2dfde9c6c73f15f83a7374b4ad42b67e425ccb7ac99a64c5701b676ae46d2f7167a04a955158031a839e7878d100aaf8fab0ce2059f127

  • C:\Windows\Installer\MSIA028.tmp

    Filesize

    1.1MB

    MD5

    7768d9d4634bf3dc159cebb6f3ea4718

    SHA1

    a297e0e4dd61ee8f5e88916af1ee6596cd216f26

    SHA256

    745de246181eb58f48224e6433c810ffbaa67fba330c616f03a7361fb1edb121

    SHA512

    985bbf38667609f6a422a22af34d9382ae4112e7995f87b6053a683a0aaa647e17ba70a7a83b5e1309f201fc12a53db3c13ffd2b0fad44c1374fff6f07059cbf