Analysis
-
max time kernel
610s -
max time network
607s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
30-11-2024 11:24
General
-
Target
IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi
-
Size
28.9MB
-
MD5
7172472c9a8e578dc6b8310601cbc646
-
SHA1
712976528526ad2c3c9bf82b7939abe652ad7962
-
SHA256
c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64
-
SHA512
4a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d
-
SSDEEP
393216:FLb7VqFnDYiFbWptlSPdJ1Zp9O71CeEHL/yEeEEszszuomY05LsW1IK18dZdu0JS:BVch2CdJ1ZOCNH73NHhYDWmz80
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 10 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies data under HKEY_USERS 43 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\IPTViewr_Movistar+_1-5_beta-1-sp1a_es-es.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 5C561754C0C20EA4BB47222485C48553 C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe"C:\Users\Admin\Documents\IPTViewr\movistar+ (v1.5.1105.0 'Kruger 60')\bin\FirstTimeConfig.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005AC" "000000000000059C"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD584aa5fe97bb0005253e8388939907594
SHA15820fa4d87c7a5187cadfb2e9a07da578aeef28b
SHA256dfdb310585887f93313404aa1e32f3a8706b82e7ce96ae072ea30e3930215fbf
SHA512a47b259c9b1302664772a0933d01d305d29043e2adbd88f03700617af9cd9d860382b34aade948c68ed7407c372c4dcfe7100c8fe1988557c514aeb7177fc211
-
Filesize
959B
MD5d5e98140c51869fc462c8975620faa78
SHA107e032e020b72c3f192f0628a2593a19a70f069e
SHA2565c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e
SHA5129bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105
-
Filesize
192B
MD5dbb26af05ff17d13cb6b2a169725bf4f
SHA1bdf1433bd5606475fe8ad19c6fcff4bed8360f98
SHA256fa20a2bf312fe518c9ea49b0d6de0ac805309c7e8041deb61ae9e1c51ee07fec
SHA5124530b3960d025ac3a3ee01249c50bebfc5a4db8e368c810a8f263938edbacccf59c4c7726210d7730932a0344f46196ebfcfe427cd03e7b22aa26bdac86c2a0a
-
Filesize
342B
MD5b5d352cc8d548f8780ceacef7fd459e9
SHA17fb8368c6ccef3fa517840a6c8b4e75c6efa46d2
SHA256bb759a9d5489d0a8034339b9c239e48fe201e3cb34bcace6b58d81cff5fdad77
SHA512ed2b37682d1ac5a31537fd9c35bf2365bf383c8ede00721813057f681d8b3eb566b107d3fa2c0721c0b07916cf545d8129ac38071f2c8088a8e842e48924a1f3
-
Filesize
342B
MD5f4770af6284f55bcceeb2babd274a227
SHA1824cc8f7befee7dabf199047072d09aca80ad150
SHA2566d916d2ed9396446e92c4eba6a7b6bfc6c6ff2eef0077ad5e6edb8b1917aab73
SHA5126584412f3a5706ffece59c349e971062e2591c3f7339a4a26ba78ce8868b5b88205f67d7c572870f9c01c49014c58214c7120baa7d8d3712923f5cb0099ea2c5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
202KB
MD5d773d9bd091e712df7560f576da53de8
SHA1165cfbdce1811883360112441f7237b287cf0691
SHA256e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7
SHA51215a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
495KB
MD50dab9c79fb28dcd12b10f0507e309e94
SHA16553a3cb065c3b2bcb505af883239da2584ff91a
SHA256dd94bf091c7dc0bd78dcc6cce0c5def4d495e463f6606607d2698d1871c5e8b2
SHA512c18d49039db26f2fdcf4f431efd9ea3bbe6a07d47dc3ceac62b51fb2aedf23eaa450e3525605ac8a917793663471a4d2356e334bd69bc65ebf6c668b2caeffe5
-
Filesize
27KB
MD506bf8a4e93bdb4bfd53fe6d7c7d46c5a
SHA16bb632a1be713f990449d2d1b8f815ede97b07e6
SHA256a9e5686130679fde198c0352d5da92cc58c85374c7629ed27010b1ce4701e69b
SHA5126ba99af1b0b59fec1e74ba8e9c25f7c4c0b542cd621a09a9880a4d10e45b10c79b39371f6f18167738f4585afe3698e23dda892afd83033f58bf95fa820663ce
-
Filesize
36KB
MD5934097b95dadb2f2bdc43d7828b0940f
SHA19806364e6d0c895a192456366b38babfa41910b7
SHA256a6b927b50bfaabbb7b83c7f6a87804e26a86c31bb70229bc9e1947ce0732b443
SHA512cb83fce48004bfc88e58fd0c22eb73398bbe337ebb2cc5f314251ba7efd31cef9a52c58bf22560812b3305079891ae5d95a4b13a12a36a92e8f58bba29df6b08
-
Filesize
19KB
MD5c519061adbb260bd0dbbac01b3cd054d
SHA1c7c492cfd7dabbe7fb527dcb481b873675b02f0c
SHA2564973081531b5ec2fd060fd6c8ee14c4ff95d50f7928892be01ca1612fc99ec8c
SHA512ded350d58a160650495261c42db18fd951cc5601a607152099ef64f1ab1ba5e21d86801a78fd19112c847b7b114bca20c48f40c1f14152df4c698722c0f2bf7f
-
Filesize
22KB
MD5825eaf4df1e08196d5015b70466b026c
SHA1cf974b0615bebfc2472bbb3af4669ad294c26828
SHA2565c99b5c0991b98dc1cec11f4b2a83595f6d0de224105b72e23e90318dfe22217
SHA51276fcd73f373896b034e321aecd7d630326040f89f1c50ab03a7481dc9a2e3f11a9d40c866e799f6bc2e1b283ba2da8d0dc8f48e75e8faefb903f0e58377d385f
-
Filesize
50KB
MD5017cd1faa21e8e1b99c835d3fae49626
SHA1a8fa47538cac3a24b3bb62051c73fb3cbfc9e5f0
SHA25648029564881e5091e1562a43befb1e42e1279ef267c9f9dce020beed7b7a3b8f
SHA512ac2368adebb2daf994610db1b914b43aaa50f0eae5b38598dfadf31e47aa45b1b3b7605a7c53821881061a5fe1e978ed74e674a3a4a62ae30bb03b76f0d3474b
-
Filesize
133KB
MD52bd1307c211ae53acd2e39085a0e5dac
SHA15e37dbbd42400880d9b102516c7bbbe5eef47fcb
SHA25683355b80d15813703c3d0e563328f46355c388426eb1afb3312748497da8a677
SHA512be9da4538ad3292e97f0129cce6f59759038de9fa9145ceebcd6df2c57e82fdc152ea01d796270bf6b4e8493a32b3619750d0946625b3a2044e704238901d682
-
Filesize
683KB
MD56815034209687816d8cf401877ec8133
SHA11248142eb45eed3beb0d9a2d3b8bed5fe2569b10
SHA2567f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
SHA5123398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721
-
Filesize
87KB
MD57a46ddf0945aa9ada3bc767bafb51cfe
SHA1545fba74961a567581d3e72fe62c3211e2c29c01
SHA256e679bd9e238c081d9f8264581e0159d8110b4c0c3b80e79c769384a31169e731
SHA512ad0ffce79d50c7c0d8b1cc4e71ddfebcb0aa4be619e2325f76d58254bd8023a5ba74b6e8bbdcc41f8e13324a053edf189f34c9368345ba33d2d60fcdca93d771
-
Filesize
37KB
MD5368a54998f44548028dce205b4bd8fb2
SHA1d3f53fdc858440b1e9e60ee644c8a17ffa5329a0
SHA2560c1cf0a93aa8bb63be0f117f7c8dd2bc18820a42af8c96ba34b76de28c469072
SHA51257b63aaa5797380039b31e69136d71c6ba3f49feca19217ca380d2909f7b863e7a2146fe4d5b5a13465a4e20beab118bfd4e5f1b52426885272bebd1473a8767
-
Filesize
983KB
MD5e332b587fb34859d14ad3d14effbc20d
SHA18f9a5850105764de70601e24ddebf6cd3b4d7f69
SHA2562fb7837c5f7e7cfa743a95aa94de0fdd6b30efaa081c7d5eccf488d60dca24af
SHA5126b95290dbfaa2549a2f5d0b0bf6946bd1f7787b6ed3e637a61973c05db0703638d5a7ae870707e280b8c8fc235f0fd196a288f5ff2ead8101c3e38724f6a4f85
-
Filesize
564KB
MD5b2559bd40a1c61e201d69653415ca1e8
SHA1a16505b06dd1f5f765db6e2e42212b8d4943d993
SHA256387a4565a3ff0b2bf96a03826219aa535d4477e0c74c78ea8f82512fc39d6e14
SHA51218246e600ebfe45b1fa6c140779b976c8d26e6a647169906a2c2ed54aaa6dc6689d125ab7ac87f23fc20d6e978102df9fe3dba5eeb911ca8e648aefcb89825d8
-
Filesize
28.9MB
MD57172472c9a8e578dc6b8310601cbc646
SHA1712976528526ad2c3c9bf82b7939abe652ad7962
SHA256c61ecd976b087abf7eba06ba7d8fc9767f3b2bffe79a3952ac8f9c8b1bb0be64
SHA5124a40bd0268399bc3e1a7232550de69b310d967e81941e279c453fc3d47cb4691aaa522805a6ef08a12c9747ec4e283aeee2b09245717a8c5a47df9fb1fd0a04d
-
Filesize
40KB
-
Filesize
112KB
-
Filesize
704KB
-
Filesize
152KB
-
Filesize
512KB
-
Filesize
48KB
-
Filesize
1008KB
-
Filesize
64KB
-
Filesize
56KB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
592KB
-
Filesize
64KB
-
Filesize
32KB