Analysis
-
max time kernel
106s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
14-12-2024 00:09
General
-
Target
install.exe
-
Size
57KB
-
MD5
242b49803d0dc2c25486ab866d8516cb
-
SHA1
8d4302a242f4e3be1678e21e9bf79cc27f123e7d
-
SHA256
0d03931dae04b1d6cae8d3745c3aff6315e0df8c6b0bb2589fe77b50580e88f6
-
SHA512
02ba717114ac8fe22898356403065203d719e97b6bc4ececaf849fb21e02529bf54f367bd3468103045cc63a60c77935d8efa04fec67f6d80b60e43067966577
-
SSDEEP
768:/Y9BR4QkHgaYpYnqL6n/RwilMARtPvevxHs4gZWk:mzlkHgNxc58ARtP2xHeW
Malware Config
Signatures
-
Drops file in System32 directory 8 IoCs
-
Drops file in Windows directory 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 10 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\install.exe"C:\Users\Admin\AppData\Local\Temp\install.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fd9cf680-f4be-9f45-96dc-4ad74640b1cc}\snbus.inf" "9" "435f382f7" "000000000000014C" "WinSta0\Default" "0000000000000160" "208" "C:\Users\Admin\AppData\Local\Temp"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{61de96a8-4bc3-b949-bd4e-a871775d6c3b}\snserial.inf" "9" "479e6210b" "0000000000000160" "WinSta0\Default" "000000000000015C" "208" "C:\Users\Admin\AppData\Local\Temp"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c2aeabdadd719d5ff4097c4fe2995af7
SHA139cca12c94d4ba8aa41a6560a00b031de6899606
SHA256392e836b5a9cdbba0f9b4eb8346a6c0281c134c070a40d99a2c71ad0d2362520
SHA5127854dce413a860dde871d143480fc21ddbd2441516d9a913f568883aec726f0d45d5385dc2ac9fdf449babef2c72715378d683b097f869fd4f6ec6fe54281d38
-
Filesize
1KB
MD596d0078ea02ed681f67d8c8e6409473c
SHA1a45fad9dc80b4e74b0ec31af2187b0e4b6cfee3b
SHA2563804a768e956d3f30666258972b3215b738fdd58383b8ea808d31042f4fda439
SHA512e53e058248544cdbcf219130ba4ec3dce6e6885745064e8da52174490b348952b72addb7bc45625d73521fea7c290f1698adc1efeada744a8eda08f7008247b3