Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
09/04/2025, 13:13
General
-
Target
msi (15).msi
-
Size
9.3MB
-
MD5
9a36d4f45fbd23ffec4f23039af02e74
-
SHA1
614eda94a70a9e2179c46949cd019f2e2a60fdaf
-
SHA256
747e9cc899e32182bcca6d6bda20cdf87e07efb78fd84b6c305c1e02b22ba04e
-
SHA512
c23b34d5b867dfc0c7a992743c1434ff525769a1fab1d2ff2110ea50a409af917ca1eb2c3113ea9ad2965a801024dd9b2b19c36c374a5c60278b24a7abe651d1
-
SSDEEP
196608:Y/Ode3yudNkygr9XnplBjPx5pNZ/fi2YS6d4SF537efUrt:Ne3yuLoplBLjpQ4geMrt
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 37 IoCs
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\msi (15).msi"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 373785948CC1FB76EF78D3CE2DBE37C2 C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DBCD1AEA-7DB2-4372-8A74-60EE12F0D079}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A87ED001-218E-4F8F-B9C9-4380FD9208D2}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{87B6DAAB-2E87-44F4-9CC6-2642DD78CFAD}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D947D1D-9002-4F76-BFC4-2E7F915D1243}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6DA8B2C6-51F0-4F6D-87E1-DA9BCAC89D67}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{386814F5-30BA-4F0F-A44E-1009AD72E18B}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B4C2C2DE-DC8F-4126-AA11-94678D23BC62}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80E5B2E0-C6A9-4E38-87F9-8E5E1E1B1B80}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7592511C-C607-4F8B-B0B0-A1877AC2E735}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exeC:\Users\Admin\AppData\Local\Temp\{F3BCA18F-F0A2-4AD4-B9C7-273748D73D04}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{463835AC-4D8A-4C62-9853-70DCA16DB007}3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\{21E1857E-2275-448E-96A5-9E8F9F12BA12}\SplashWin.exeC:\Users\Admin\AppData\Local\Temp\{21E1857E-2275-448E-96A5-9E8F9F12BA12}\SplashWin.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\demofirefox\SplashWin.exeC:\Users\Admin\AppData\Roaming\demofirefox\SplashWin.exe4⤵
- Suspicious use of SetThreadContext
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe5⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\localUpdate_alpha.exeC:\Users\Admin\AppData\Local\Temp\localUpdate_alpha.exe6⤵
- Loads dropped DLL
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
171KB
MD5a0e940a3d3c1523416675125e3b0c07e
SHA12e29eeba6da9a4023bc8071158feee3b0277fd1b
SHA256b8fa7aa425e4084ea3721780a13d11e08b8d53d1c5414b73f22faeca1bfd314f
SHA512736ea06824388372aeef1938c6b11e66f4595e0b0589d7b4a87ff4abbabe52e82dff64d916293eab47aa869cf372ced2c66755dd8a8471b2ab0d3a37ba91d0b2
-
Filesize
2.5MB
MD566859891d6d4fdce53592a1fcd5deae9
SHA19606ab0e29af4804c3d854eeee7bd404034269bd
SHA256315dd6cb35097e0d85c5133048717c0669db06060c15cdc03a995dfdeb9c22ed
SHA5125e946501187a30d69cba58b0eb6fd1586570870238c38c4bc4ca483b895cfc003cca4ec0d19dec98c3415b3e0ccee21fa42c7c524dea01e60bba2d81e3a1c2b4
-
Filesize
5.4MB
MD575a38363a3a92cd3d450beebbb43bb4d
SHA10d496281508c3083b220de4551dfefabd393d99f
SHA256cc77844039ba0fb8bafcbc22fbd50823200ff219bb55e89dc5595d40d44d9f75
SHA512c6f319e5e8552aa335cc1f0bdb6c3796d8d7d9a9c41eeeb1722dba693f2ca678a9ff3f4f400027d292881c37d77325ec039f7b0f604fa9b48c756db3e7537467
-
Filesize
2.3MB
MD5967f4470627f823f4d7981e511c9824f
SHA1416501b096df80ddc49f4144c3832cf2cadb9cb2
SHA256b22bf1210b5fd173a210ebfa9092390aa0513c41e1914cbe161eb547f049ef91
SHA5128883ead428c9d4b415046de9f8398aa1f65ae81fe7945a840c822620e18f6f9930cce2e10acff3b5da8b9c817ade3dabc1de576cbd255087267f77341900a41c
-
Filesize
840KB
MD5677004470e3bb68df7b0cf61c67bb5b8
SHA1d82697919f929bfac3069d70242c82b41b32f2dd
SHA2568d11e5e24f3f4454b3bcddc3b6ad8848c4bc7bdb96bb6375188b1f5d44e84a6a
SHA512676f64dff0d90943f9c42beeb34e8efb5cb88440c2a8b720ef8404f54d6e297b50a247d517eb03c83eb00e0f6355f1233b73c36cc7d35db7bce7ed7573e88c30
-
Filesize
437KB
MD5e9f00dd8746712610706cbeffd8df0bd
SHA15004d98c89a40ebf35f51407553e38e5ca16fb98
SHA2564cb882621a3d1c6283570447f842801b396db1b3dcd2e01c2f7002efd66a0a97
SHA5124d1ce1fc92cea60859b27ca95ca1d1a7c2bec4e2356f87659a69bab9c1befa7a94a2c64669cef1c9dadf9d38ab77e836fe69acdda0f95fa1b32cba9e8c6bb554
-
Filesize
446KB
MD54d20b83562eec3660e45027ad56fb444
SHA1ff6134c34500a8f8e5881e6a34263e5796f83667
SHA256c5e650b331fa5292872fdaede3a75c8167a0f1280ce0cd3d58b880d23854bdb1
SHA512718bd66fcff80b8008a4523d88bd726cdbc95e6e7bdb3f50e337e291294505ed54e6f5995d431968b85415e96f6f7ed37381ca021401ad57fda3b08a1f0c27f4
-
Filesize
74KB
MD5a554e4f1addc0c2c4ebb93d66b790796
SHA19fbd1d222da47240db92cd6c50625eb0cf650f61
SHA256e610cdac0a37147919032d0d723b967276c217ff06ea402f098696ab4112512a
SHA5125f3253f071da3e0110def888682d255186f2e2a30a8480791c0cad74029420033b5c90f818ae845b5f041ee4005f6de174a687aca8f858371026423f017902cc
-
Filesize
45KB
MD575c30eb9a53a184a8b05dca487f07de5
SHA1c3fe8d85a16817c402bd5c5776195f6c337ccda0
SHA256f709a1b33efaa8ecd4070193803aea5986c4ddacb8846ad8612605679b1096c5
SHA512855d2532438bf6d6ce2f2c8a51921cf356e14c3083b56963ec8b6d4943807bf94d4dae4ffbb4623117d0e8018f3d771810ef54da6c61ffadbb7b3f8b9d8f8597
-
Filesize
4.3MB
MD5f0eeb136a5ee73ff8ffbbe21b7e24611
SHA1656d568f849b655f6cf8cd330c9b91b65b027a09
SHA256a6151658dbac3f241832c9e0059a35cad1346f37796485d2ebbd993a94f4f255
SHA51251d45cce6ae73e93fffeaaf46060bbf933bd54b9d7a15c3c857e02d7dfd40a6f7cff2817fbb49ca3ddc44b5f803abfaafb08c93dd5051075a03e317e28fdce22
-
Filesize
178KB
MD540f3a092744e46f3531a40b917cca81e
SHA1c73f62a44cb3a75933cecf1be73a48d0d623039b
SHA256561f14cdece85b38617403e1c525ff0b1b752303797894607a4615d0bd66f97f
SHA5121589b27db29051c772e5ba56953d9f798efbf74d75e0524fa8569df092d28960972779811a7916198d0707d35b1093d3e0dd7669a8179c412cfa7df7120733b2
-
Filesize
426KB
MD58af02bf8e358e11caec4f2e7884b43cc
SHA116badc6c610eeb08de121ab268093dd36b56bf27
SHA25658a724d23c63387a2dda27ccfdbc8ca87fd4db671bea8bb636247667f6a5a11e
SHA512d0228a8cc93ff6647c2f4ba645fa224dc9d114e2adb5b5d01670b6dafc2258b5b1be11629868748e77b346e291974325e8e8e1192042d7c04a35fc727ad4e3fd
-
Filesize
1.8MB
MD57de024bc275f9cdeaf66a865e6fd8e58
SHA15086e4a26f9b80699ea8d9f2a33cead28a1819c0
SHA256bd32468ee7e8885323f22eabbff9763a0f6ffef3cc151e0bd0481df5888f4152
SHA512191c57e22ea13d13806dd390c4039029d40c7532918618d185d8a627aabc3969c7af2e532e3c933bde8f652b4723d951bf712e9ba0cc0d172dde693012f5ef1a
-
Filesize
1.5MB
-
Filesize
2.0MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
3.1MB
-
Filesize
1.5MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.1MB
-
Filesize
1.8MB