Analysis
-
max time kernel
2s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 11:22
Behavioral task
behavioral1
Sample
New folder.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
New folder.zip
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
New folder/Client-built - Copy.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
New folder/Client-built - Copy.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
New folder/hamachi.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
New folder/hamachi.msi
Resource
win11-20240508-en
General
-
Target
New folder/hamachi.msi
-
Size
13.7MB
-
MD5
909db4061c32f798e94d746717782444
-
SHA1
10f5ffff17d2dd4476686a941a7bcc5f9b83b1b8
-
SHA256
6ee98db32852a2ff31a969d918bb7c730950bb15f24ea1baf996697cebc8b9fa
-
SHA512
44e7f97b27aef2e4cb62a6a0ebab5033b99e1ec940f231eda416f3b68d83df81d10950a8ced2ca528024adecd1dea7e1d4427e78b111edbc0124d7ffd6c1232d
-
SSDEEP
196608:cp/8gF8Li2aauOgsgJ9RSfD3G43O+WFoy1jNDVxJBQHhIO4E46uVwOXsHoHybhLf:O/382agT9RK73O+kN3JSHuy46inqUMC
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
msiexec.exedescription pid process Token: SeShutdownPrivilege 380 msiexec.exe Token: SeIncreaseQuotaPrivilege 380 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
msiexec.exepid process 380 msiexec.exe
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\New folder\hamachi.msi"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A4D9C760CF9B3D833B74317F5343481B C2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\HamachiSetup.logFilesize
387B
MD572087be86ed99fc6624543d89ad22ef2
SHA1bfcb69b58769f2c1fc41162056226dd0db9b1ac3
SHA2563db1ff0b48f2d554e4ade6f1e0f90c33d11e6c5ac9c4289bdb76273317b80144
SHA512079a5ebe9a226ec8fefb080500aadfaa92af4b0b9333ad0dbe9dd0d5e69c65c62efccd964fab83418479fc60e1521e708708d41d987f4457d7cc17033ce84ed2
-
C:\Users\Admin\AppData\Local\Temp\MSIA5C.tmpFilesize
239KB
MD552cc29054472ab4f526d2a4fe50587c9
SHA1924302666c79e35fae03b1712ef9f78777b48f1b
SHA25603db1931a23aca4a8333c941d0609f2d3b0fb2a66d298e6eb90cee57d4a5afd3
SHA5125490f5ba0ad29d66f5cec84a4e013252dd2ab3c2a505cd1a3eb7d13d9ec72acf2eb1a6f566707df0fa225e219819258339b1316f7eadc08ba5c9236646d51ab6
-
C:\Users\Admin\AppData\Local\Temp\MSIA5C.tmpFilesize
186KB
MD53e7550b4ddda21041effc03586f4b138
SHA1a7a51b85bc138b350b8807794cb3e669efcc393d
SHA2560257f815f74bc030dacc02be12855362974a2551a0f25f336b65443db6b43fdc
SHA5127174f9332667faf8f81193b2b6ab855b1b32b91a064e0ca8c281c83f2462b8f48eabb69bf800681ea0aa4d672ce06152f492222eed5ac8c4646e866e3ef13b95
-
C:\Users\Admin\AppData\Local\Temp\MSIFDE8.tmpFilesize
149KB
MD5ec88e8fb646e0ea2faff7ddcb3e8be9e
SHA116c40fb4159becbc7ee72aa62f8da07d5759b79e
SHA256b671dcfb7859eb8d3bb4149d6691929f9f55da2a3a7dd0bbe35c7659ed71cd5b
SHA5125bc5a2d5e18c13c6be906136788f5635ecd031cc348c46a0df132660900a7add6d31af1ecffa835a956163727ba5f989bdbb5d58de9446697aab3458f4573ffc
-
C:\Users\Admin\AppData\Local\Temp\MSIFDE8.tmpFilesize
213KB
MD5b48d9f9f8ba20bfa6c7e547892f493b0
SHA1bdf40dbdcca2b3baf6a10c45e00969c9dc5c944e
SHA25660499e620fd2bd99001f59264d811d6e88d61500cf7f1653016c97cd7f481b06
SHA51287e16a4d6fde48b9f7b86ed8c83dc3072925507257c62791a0fcdfe6738c93df48b07f071a4dab1f9790f559793faa5ad2ee4b135b76755ec7a070140de1c854