Overview

overview

7

Static

static

3

SuperViewe...th.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...TE.msi

windows11-21h2-x64

6

SuperViewe...XT.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...rt.msi

windows11-21h2-x64

6

SuperViewe...or.exe

windows11-21h2-x64

3

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...er.msi

windows11-21h2-x64

6

SuperViewe...re.msi

windows11-21h2-x64

6

SuperViewe...er.exe

windows11-21h2-x64

3

SuperViewe...64.exe

windows11-21h2-x64

7

SuperViewe...86.exe

windows11-21h2-x64

7

SuperViewe...ex.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...kl.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...os.msi

windows11-21h2-x64

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...es.msi

windows11-21h2-x64

6

SuperViewe...et.msi

windows11-21h2-x64

6

SuperViewe...me.msi

windows11-21h2-x64

SuperViewe...ph.msi

windows11-21h2-x64

6

SuperViewe...ls.msi

windows11-21h2-x64

6

SuperViewe...pp.msi

windows11-21h2-x64

6

SuperViewe...rk.msi

windows11-21h2-x64

6

SuperViewe...it.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

SuperViewe...ne.msi

windows11-21h2-x64

6

SuperViewe...64.msi

windows11-21h2-x64

6

Analysis

  • max time kernel
    229s
  • max time network
    216s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SuperViewer Installer/Volume/bin/p19/ni_error/ni_error_report.msi

  • Size

    1.1MB

  • MD5

    0cea59575287dc50c9a8272a88b2db2d

  • SHA1

    ca2055220d3ac56d79415b491260d4772655dc62

  • SHA256

    0f4ef1784f9dcf15cda396c698c12d32055f9869d7ab9046d075ebdc9ab46d70

  • SHA512

    466d7a2dd6aeb51a374b0bfd8f0a5d53c0efb1a9175d50bc03720ef21cad156d73a946c2f5b53b51ab9d583c339a5503ff58650c1ef8c4fc93fac64dfb66f14d

  • SSDEEP

    24576:nFRtIJo/3Gf66+TQNxshTK+63S3ZgTqGgeSZUf/:nFRtIf6jC2PJg6Uf

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 19 IoCs
  • Loads dropped DLL 11 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\SuperViewer Installer\Volume\bin\p19\ni_error\ni_error_report.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:6092
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5856
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 8EB31DBC66B3B38235CA9F4DF3E51945 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4856
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3076
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 1D9DFDC0A8F441C28987C814A029C85A
        2⤵
        • Drops file in Program Files directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1752
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4956

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e581597.rbs
      Filesize

      15KB

      MD5

      be195c5f3b7d0e7ced0aac871cfcacff

      SHA1

      c4228dc000b438ade7e467737575894fafb69dde

      SHA256

      97e0d559593183509aff9a249708d4272d4c08111028b85caeb8a9187550542f

      SHA512

      40f186dc7ec50493984aa51cb24c0189e6e194030368c7db0ef6725efbd076e888259866edfccdce65b27566a9fc752f0a453af5e11d999136a0a75f93557252

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI7F32.tmp
      Filesize

      639KB

      MD5

      c6417930af8969f9f2cb431acd76ec89

      SHA1

      d2f2dc9b44f5f79348f7f36091b26a5465ad4f2b

      SHA256

      1b89704532113150fc7a8a06b5367ee26937c346635a860e93662e1fbb5cd79b

      SHA512

      f30d7a5b51f5d866ccabf3e15a45d3b4013e28a9bdaaf2176e8b121fbd4ab41a8e67c059b2ece8db5bc7a0ce043e76bbc4e3f6400fb9cd2886e1ffcd9e65d79b

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.6MB

      MD5

      8911dacee6de6f61a3afd3c513bd5204

      SHA1

      86a6447719824d6f427194745db0729c0aed6c43

      SHA256

      ff8355ba6b33fc71e0f5c2c9fd3efe61955065f2058543bca8e4b11f214c9c16

      SHA512

      f7b6d0995d7c6d48a7cb088c0bf39c04a482d1f3c6769d398cfb01942fdf94bc01124f2fbb43601966cb6430ebd5cc456c3a8e3b2c4ea907d9b6549f912b4892

      Download Submit

    • \??\Volume{ffaacb5d-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a394f6b1-0144-4558-8ee7-88b844972af7}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      39e57961fae85f863f386107d7f284c5

      SHA1

      4b345a447bcc3a9d140468c152239313941c706b

      SHA256

      f963f988a8e8e6437c781b7e8854ff658e53907cbf12f08e73ab540048c3d143

      SHA512

      0a31184ebd1bed4ca0a2ac8b75f15bf6c50911754e7e75e243c8f7fd485d756e5f77c3689310d0fc69e41e43c092b2f53ff69140b84643feb4121ebc94c663e8

      Download Submit