Overview

overview

7

Static

static

3

SuperViewe...th.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...TE.msi

windows11-21h2-x64

6

SuperViewe...XT.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rt.msi

windows11-21h2-x64

6

SuperViewe...or.exe

windows11-21h2-x64

3

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...re.msi

windows11-21h2-x64

6

SuperViewe...er.exe

windows11-21h2-x64

3

SuperViewe...64.exe

windows11-21h2-x64

7

SuperViewe...86.exe

windows11-21h2-x64

7

SuperViewe...ex.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...kl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...os.msi

windows11-21h2-x64

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...es.msi

windows11-21h2-x64

6

SuperViewe...et.msi

windows11-21h2-x64

6

SuperViewe...me.msi

windows11-21h2-x64

SuperViewe...ph.msi

windows11-21h2-x64

6

SuperViewe...ls.msi

windows11-21h2-x64

6

SuperViewe...pp.msi

windows11-21h2-x64

6

SuperViewe...rk.msi

windows11-21h2-x64

6

SuperViewe...it.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...ne.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

Analysis

  • max time kernel
    231s
  • max time network
    291s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SuperViewer Installer/Volume/bin/p20/activex.msi

  • Size

    1.1MB

  • MD5

    2df25b30e70ba5bac6bb7f4525128dff

  • SHA1

    ec5a83c0fef5f28944c03826f83d9fced85c3710

  • SHA256

    c7329e9500c8aa32802199abb1fc91585f17c6648be74cebad7f736ee056d36d

  • SHA512

    eed10f2eb8b6588bee0ac98d98739b3568b94f4e828143b92abaa78793634b50ae57037b7a0fc399d2e09bd42f2e70f0ec6df679ad3ee743e9c3935ec8f1509e

  • SSDEEP

    24576:/tGWMVo/3G1x6W+TQNxshTK+63S3ZgTqGgeSZUf/:/tGWM5x63C2PJg6Uf

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 8 IoCs
  • Drops file in Windows directory 19 IoCs
  • Loads dropped DLL 11 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 63 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\SuperViewer Installer\Volume\bin\p20\activex.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4696
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CB924E84756EDAEB52229175AF2C5C7B C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2340
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:276
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding C690A75120605CFE879580BE9C63FE40
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1872
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:2012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e58680d.rbs
      Filesize

      20KB

      MD5

      10ec7186fee98e6e0bd2da07414f6592

      SHA1

      3b6f1d604b3bbbe90f6e74b9bb39952be9755cc8

      SHA256

      38740105ac60af9e4c5c0f54a39e9d5bd04f4eac017953f416eed9166313a1c8

      SHA512

      eb8b03b8dac0e1d0621cb28e5758557a1ba2d7964b99c676b0b3b5eb14dd8cbf56d0917ab9ec90a1fa73de3926b8afd46b5b9191d99d40c44b320fb79f36f919

      Download Submit

    • C:\Program Files (x86)\Common Files\Merge Modules\nicont.ver
      Filesize

      2KB

      MD5

      fb337d8a37c4f80bc06bec8619cd1660

      SHA1

      5e8b9a4bf739e643f9ed7929a4a23ed49427cdef

      SHA256

      777b307640470d68c553d7b51e60705c01508a333d33c9b93dddec15d33a168c

      SHA512

      ae6bba9536f735a4fecf86a4e7c5f15b9abdfe7a48bb30a0e8917f2de4869569f3a1def3ade01cebce587cc8967dd69d84d1b485b90108f8ccd0936d7403c89b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSICA26.tmp
      Filesize

      639KB

      MD5

      c6417930af8969f9f2cb431acd76ec89

      SHA1

      d2f2dc9b44f5f79348f7f36091b26a5465ad4f2b

      SHA256

      1b89704532113150fc7a8a06b5367ee26937c346635a860e93662e1fbb5cd79b

      SHA512

      f30d7a5b51f5d866ccabf3e15a45d3b4013e28a9bdaaf2176e8b121fbd4ab41a8e67c059b2ece8db5bc7a0ce043e76bbc4e3f6400fb9cd2886e1ffcd9e65d79b

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.6MB

      MD5

      ac38216db85a9019f665f4d93c2c5e22

      SHA1

      0bd5588ed325e1df95d1c93c0c637b980cb39449

      SHA256

      08814bc3e9839be94128202a25f6b8164b8ad8132a4f8aa9235a7f474ed57f55

      SHA512

      ca90b928cec9100c584f79479e0bf44cd29bdb5d632efbc16e3095fd9f77f1b75134243babb97e3d5af1968bd464a1a9e287582ebdf58c9d66e912b8f6f089ef

      Download Submit

    • \??\Volume{3463923c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7110955c-0528-47a0-9e4a-abf218828031}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      accc749618b496290a1565986fef6864

      SHA1

      4cee37a2d2784ec7087435a8f1405374b6b1db18

      SHA256

      6d810ca940762feb896c793fa20a1ea15dba09b7c733075e950a8a5cd3289940

      SHA512

      d3d468d4cdd7af56781f6bb738cc75207bf167a7decc8b266ed571049ec64222758552c2565ae62f7e0fcf4a5a435304b785ad162df576fcd5bba625b2b5d4ad

      Download Submit