Analysis

  • max time kernel
    63s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 00:21

General

  • Target

    LauncherPred8.3.389 stablesetup.msi

  • Size

    3.1MB

  • MD5

    028578212baa7456aae40d4bdb5792e5

  • SHA1

    fd9037a16f327a64f8b2fd8ff9f6664ae307ca39

  • SHA256

    bdb79800e4177b59b3830ae7cc996a41fc2b560593e7b51e02408c062f8d4449

  • SHA512

    66961e2be5b19aa30c2bb50f7ca502aa8e451299b2f1b5a6b9f3e6c82486e13dd9f18857553e8ff65912ffea9708ed8cab6da704c1bf5bba57944143ca7b1867

  • SSDEEP

    49152:muoukMo27Epq0n8Toc4Ur8r6F5mCmR+Ov0Rn0rItYcuwwERO9qZFTvqPvO6Ezvsk:1Yn8ToWo6AvAYcuwr9qrn

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\LauncherPred8.3.389 stablesetup.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1096
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 91D089A71BC15686A41353A07143796E
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI77e92.LOG

    Filesize

    21KB

    MD5

    3c9799fcbe08ed98d94a266e3743eddd

    SHA1

    96e76818a51f3e844d6f98d11a877bc91dbfbbd8

    SHA256

    77ccf372f422c44ecf86330ee333f73716c242b8080dbe378c4b9b3e1df8b49d

    SHA512

    e21478112c03d1909a2061e0a834a89bb85e31e555f682fb34287d35d679f6d51a8a1747fac2c54db36397a7a6480f34ff5992b6463aaeb43d2f11ef8abface5

  • C:\Windows\Installer\MSI7FAB.tmp

    Filesize

    557KB

    MD5

    2c9c51ac508570303c6d46c0571ea3a1

    SHA1

    e3e0fe08fa11a43c8bca533f212bdf0704c726d5

    SHA256

    ff86c76a8d5846b3a1ad58ff2fd8e5a06a84eb5899cdee98e59c548d33335550

    SHA512

    df5f1def5aac44f39a2dfde9c6c73f15f83a7374b4ad42b67e425ccb7ac99a64c5701b676ae46d2f7167a04a955158031a839e7878d100aaf8fab0ce2059f127

  • C:\Windows\Installer\MSI80E5.tmp

    Filesize

    1.1MB

    MD5

    7768d9d4634bf3dc159cebb6f3ea4718

    SHA1

    a297e0e4dd61ee8f5e88916af1ee6596cd216f26

    SHA256

    745de246181eb58f48224e6433c810ffbaa67fba330c616f03a7361fb1edb121

    SHA512

    985bbf38667609f6a422a22af34d9382ae4112e7995f87b6053a683a0aaa647e17ba70a7a83b5e1309f201fc12a53db3c13ffd2b0fad44c1374fff6f07059cbf