Overview

overview

7

Static

static

3

SuperViewe...th.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...TE.msi

windows11-21h2-x64

6

SuperViewe...XT.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rt.msi

windows11-21h2-x64

6

SuperViewe...or.exe

windows11-21h2-x64

3

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...re.msi

windows11-21h2-x64

6

SuperViewe...er.exe

windows11-21h2-x64

3

SuperViewe...64.exe

windows11-21h2-x64

7

SuperViewe...86.exe

windows11-21h2-x64

7

SuperViewe...ex.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...kl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...os.msi

windows11-21h2-x64

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...es.msi

windows11-21h2-x64

6

SuperViewe...et.msi

windows11-21h2-x64

6

SuperViewe...me.msi

windows11-21h2-x64

SuperViewe...ph.msi

windows11-21h2-x64

6

SuperViewe...ls.msi

windows11-21h2-x64

6

SuperViewe...pp.msi

windows11-21h2-x64

6

SuperViewe...rk.msi

windows11-21h2-x64

6

SuperViewe...it.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...ne.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

Analysis

  • max time kernel
    233s
  • max time network
    289s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SuperViewer Installer/Volume/bin/p17/LabVI00/NIWebServer_LVRTE.msi

  • Size

    1.1MB

  • MD5

    7d9b07ad95428de54babecfc43dbc793

  • SHA1

    cc1a97bf7ef41ea151e317b3a0b9215e138d79c6

  • SHA256

    c56f68f1616e296241b60774db7772866e37e57232901f52798f192f6959e44a

  • SHA512

    2d5aa8761caa03477dd8fdc39c5baa125b6649a1c5413be7479b2b7e3b90447fc1d93403192aef370bd88421c3afe860b00f324cbcaeb61b8a97c7c6caddbfbe

  • SSDEEP

    24576:rkkkkkk3F9txo/3GfS7+kkkkkkL+TQNxshTK+63S3ZgTqGgeSZUf/:zF9t3qFC2PJg6Uf

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 27 IoCs
  • Drops file in Windows directory 19 IoCs
  • Loads dropped DLL 11 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\SuperViewer Installer\Volume\bin\p17\LabVI00\NIWebServer_LVRTE.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3472
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 96B87A8DDB0F920296232D1FDD8BB143 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2052
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1420
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 963E0B49D44C0D93E968F3A4018AB3B9
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2044
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:900

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e580720.rbs
      Filesize

      21KB

      MD5

      bd03b63ef7004c410aef434e1c20d402

      SHA1

      7577458b088d156050b2ee777f317a12adad0949

      SHA256

      f7f1dcc1a080cff11e7af753f51ab8069085b97e6ed9af4ac96a1b63b48a48b8

      SHA512

      18b73ab22df9103c09859b5e9a7180770c6a7921bc51edf1adc076d3f766d0a9a25f5341b17eae841f905f5ac45dd0bb6dcb7cf8e94a5af3fa6aac54a5676ef7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSIA0F3.tmp
      Filesize

      639KB

      MD5

      c6417930af8969f9f2cb431acd76ec89

      SHA1

      d2f2dc9b44f5f79348f7f36091b26a5465ad4f2b

      SHA256

      1b89704532113150fc7a8a06b5367ee26937c346635a860e93662e1fbb5cd79b

      SHA512

      f30d7a5b51f5d866ccabf3e15a45d3b4013e28a9bdaaf2176e8b121fbd4ab41a8e67c059b2ece8db5bc7a0ce043e76bbc4e3f6400fb9cd2886e1ffcd9e65d79b

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.6MB

      MD5

      0a2936ef9315a7d8519f541a8f4ba644

      SHA1

      7ef7ab06923416cdaf3bac7a899172dc5910c8b7

      SHA256

      98dd9aefe7c5cecc70693745e1d03a599981f9591928c9d52528f54593ea15aa

      SHA512

      04e9d66d47caccc812ea9927779ede7f01ddac1ae1c587873ecdb37c703fd4c0d263a48120b2403a6466fc270e7ddccbe3d769f58df8a3d6e9e3c132cfdc0dc7

      Download Submit

    • \??\Volume{4fff9cb4-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{c019f4fc-b440-41cc-99bd-ce5944c46c12}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      68f5af81b708bd26e07af4954e8f2651

      SHA1

      7d61f6af3e23d7ff1dbda49c4cd33f95007eac78

      SHA256

      ab79e267bd33349d5745f0c3bc67eca627e89192d11c5b79ab609dae4f3a4be6

      SHA512

      923f3be13de01c2a710b91f2fa4066b629253341a33633984153948068fb30ae364375261129118e289aa109edbd51b3e75063a213df0bbec6c02b222c41c1d5

      Download Submit