Overview

overview

7

Static

static

3

SuperViewe...th.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...TE.msi

windows11-21h2-x64

6

SuperViewe...XT.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rt.msi

windows11-21h2-x64

6

SuperViewe...or.exe

windows11-21h2-x64

3

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...re.msi

windows11-21h2-x64

6

SuperViewe...er.exe

windows11-21h2-x64

3

SuperViewe...64.exe

windows11-21h2-x64

7

SuperViewe...86.exe

windows11-21h2-x64

7

SuperViewe...ex.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...kl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...os.msi

windows11-21h2-x64

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...es.msi

windows11-21h2-x64

6

SuperViewe...et.msi

windows11-21h2-x64

6

SuperViewe...me.msi

windows11-21h2-x64

SuperViewe...ph.msi

windows11-21h2-x64

6

SuperViewe...ls.msi

windows11-21h2-x64

6

SuperViewe...pp.msi

windows11-21h2-x64

6

SuperViewe...rk.msi

windows11-21h2-x64

6

SuperViewe...it.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...ne.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

Analysis

  • max time kernel
    227s
  • max time network
    293s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SuperViewer Installer/Volume/bin/p26/logos64.msi

  • Size

    1.1MB

  • MD5

    e343ca68c1e51e24996575274ce54aac

  • SHA1

    19f8726823d76da1d6deed569c79f9d64d7eca08

  • SHA256

    bae1b9b7ced72b77ce1dec5db20de104edb17be324225399ef6dbc1e10ac8d57

  • SHA512

    edaba1dc3d4d87d11120330eafc6f63c52ab9dea9faa8f4c29267e9c36fd377bb20d9f0aafd5c0057deb8680f54707d9f53ae2ac156315c2e52a14871f035be4

  • SSDEEP

    24576:9F9qVtKDpo/3Pf0+TQNxshTK+63S3ZgTqGgeSZUf/:9F9qVt8oNC2PJg6Uf

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 19 IoCs
  • Loads dropped DLL 11 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\SuperViewer Installer\Volume\bin\p26\logos64.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3896
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 716BE23C5FF452F2A998649C7DE5CB25 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:420
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:5072
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding D09245C34B0B83630ED10BAFCF293473
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2412
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4896

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e5870c7.rbs
      Filesize

      18KB

      MD5

      bd03d2955b6b76e926adef741d629ae3

      SHA1

      dee902552332a5e4c0291bdd65a97e0fc9f327d1

      SHA256

      4146f4be45ef9a83b77fed3b1cebf2978fc118b9e6d98f3408ef533b762d8c9a

      SHA512

      0a88a03f2af2b94ffa5b09a54d60982b89696843ee96370342319670c708659ad645aaf426b5557d508e9f68f25804ff5abab91e26876a7e57a62e16da9d7ea7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIBD26.tmp
      Filesize

      639KB

      MD5

      c6417930af8969f9f2cb431acd76ec89

      SHA1

      d2f2dc9b44f5f79348f7f36091b26a5465ad4f2b

      SHA256

      1b89704532113150fc7a8a06b5367ee26937c346635a860e93662e1fbb5cd79b

      SHA512

      f30d7a5b51f5d866ccabf3e15a45d3b4013e28a9bdaaf2176e8b121fbd4ab41a8e67c059b2ece8db5bc7a0ce043e76bbc4e3f6400fb9cd2886e1ffcd9e65d79b

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.6MB

      MD5

      8bce753701941c000ff956c80a7cb6ae

      SHA1

      6f7c57d376b6d06417c63570ebd96ff0f36c3eda

      SHA256

      4c4434067a9856ef9f08db89d8fa7db88ad3fa6e05a512e269698139b9e95a3d

      SHA512

      67fdf42b877e6466c7a517d2392339e6e587ab94213009bb1ed442b00b0cbd3ce848292ab0ed244cbfc617d290e4dd081a5f455e26b5a435688ea0a6998b4553

      Download Submit

    • \??\Volume{8a09a459-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{dca401aa-7b56-4cc8-b7b5-a12d977ef227}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      85939c29ea593e25dd5b454283a6e88c

      SHA1

      e5c978ed77f4fe371b879d9056490747d8ced76a

      SHA256

      a8c36ccb3b1d4a495e9ba0a390a50112bbbc3a8c332fd3e5cb668f45dd9404bf

      SHA512

      cb5c7a2d5310f50d294ea05ac66605c82444de982ed2dc437713638f24230c1acceb488f7379b07a58c72a43c062b49290aba799ef70e4d3c729153cc1945b1f

      Download Submit