7aa6c2e38366d1b553ce56e67f35cfa687e4ba0f7c3eaa404f5ba2449af9fbe5

Analysis

max time kernel
2s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New folder/hamachi.msi
Size

13.7MB
MD5

909db4061c32f798e94d746717782444
SHA1

10f5ffff17d2dd4476686a941a7bcc5f9b83b1b8
SHA256

6ee98db32852a2ff31a969d918bb7c730950bb15f24ea1baf996697cebc8b9fa
SHA512

44e7f97b27aef2e4cb62a6a0ebab5033b99e1ec940f231eda416f3b68d83df81d10950a8ced2ca528024adecd1dea7e1d4427e78b111edbc0124d7ffd6c1232d
SSDEEP

196608:cp/8gF8Li2aauOgsgJ9RSfD3G43O+WFoy1jNDVxJBQHhIO4E46uVwOXsHoHybhLf:O/382agT9RK73O+kN3JSHuy46inqUMC

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

msiexec.exe

description pid process

Token: SeShutdownPrivilege 380 msiexec.exe
Token: SeIncreaseQuotaPrivilege 380 msiexec.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

msiexec.exe

pid process

380 msiexec.exe

description	pid	process
Token: SeShutdownPrivilege	380	msiexec.exe
Token: SeIncreaseQuotaPrivilege	380	msiexec.exe

pid	process
380	msiexec.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\New folder\hamachi.msi"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:380

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:4988

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A4D9C760CF9B3D833B74317F5343481B C
2⤵
PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HamachiSetup.log
Filesize
387B

MD5
72087be86ed99fc6624543d89ad22ef2

SHA1
bfcb69b58769f2c1fc41162056226dd0db9b1ac3

SHA256
3db1ff0b48f2d554e4ade6f1e0f90c33d11e6c5ac9c4289bdb76273317b80144

SHA512
079a5ebe9a226ec8fefb080500aadfaa92af4b0b9333ad0dbe9dd0d5e69c65c62efccd964fab83418479fc60e1521e708708d41d987f4457d7cc17033ce84ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA5C.tmp
Filesize
239KB

MD5
52cc29054472ab4f526d2a4fe50587c9

SHA1
924302666c79e35fae03b1712ef9f78777b48f1b

SHA256
03db1931a23aca4a8333c941d0609f2d3b0fb2a66d298e6eb90cee57d4a5afd3

SHA512
5490f5ba0ad29d66f5cec84a4e013252dd2ab3c2a505cd1a3eb7d13d9ec72acf2eb1a6f566707df0fa225e219819258339b1316f7eadc08ba5c9236646d51ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA5C.tmp
Filesize
186KB

MD5
3e7550b4ddda21041effc03586f4b138

SHA1
a7a51b85bc138b350b8807794cb3e669efcc393d

SHA256
0257f815f74bc030dacc02be12855362974a2551a0f25f336b65443db6b43fdc

SHA512
7174f9332667faf8f81193b2b6ab855b1b32b91a064e0ca8c281c83f2462b8f48eabb69bf800681ea0aa4d672ce06152f492222eed5ac8c4646e866e3ef13b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIFDE8.tmp
Filesize
149KB

MD5
ec88e8fb646e0ea2faff7ddcb3e8be9e

SHA1
16c40fb4159becbc7ee72aa62f8da07d5759b79e

SHA256
b671dcfb7859eb8d3bb4149d6691929f9f55da2a3a7dd0bbe35c7659ed71cd5b

SHA512
5bc5a2d5e18c13c6be906136788f5635ecd031cc348c46a0df132660900a7add6d31af1ecffa835a956163727ba5f989bdbb5d58de9446697aab3458f4573ffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIFDE8.tmp
Filesize
213KB

MD5
b48d9f9f8ba20bfa6c7e547892f493b0

SHA1
bdf40dbdcca2b3baf6a10c45e00969c9dc5c944e

SHA256
60499e620fd2bd99001f59264d811d6e88d61500cf7f1653016c97cd7f481b06

SHA512
87e16a4d6fde48b9f7b86ed8c83dc3072925507257c62791a0fcdfe6738c93df48b07f071a4dab1f9790f559793faa5ad2ee4b135b76755ec7a070140de1c854

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads