Analysis

  • max time kernel
    211s
  • max time network
    288s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 13:52

General

  • Target

    SuperViewer Installer/Volume/bin/p2/VC2015-32Wrapper.msi

  • Size

    232KB

  • MD5

    782c1dcc5bdb5922c513bce1af73905b

  • SHA1

    443a74d32c0975e37cdf376a169f9d5502177f92

  • SHA256

    04febbada7ccad674326c4d094b086f0f638d60d4714c82a43c188ac7a0152b2

  • SHA512

    9479ac0b805fce1a1fa604427ce740d14def51102debefb7444640330d2eb779d7c0c6e7ab9c10df817834f91f3ddcb2d455456be7acad5b14c848ee37772e75

  • SSDEEP

    3072:PaKWEqtAX//Xj65p2rcvJVPdZx3ZOYguuw5D5muyPWEl6G:Uhi/vj65p2rSjPFpOKm

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\SuperViewer Installer\Volume\bin\p2\VC2015-32Wrapper.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4212
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads