10cb7412824e0d603884f6a324d2067408749855f1043764946fcd9a5f725644 | Triage

Submit
Reports

Overview

overview

8

Static

static

DriverEasy_Setup.exe

windows7_x64

8

DriverEasy_Setup.exe

windows10_x64

8

Sharing

General

Target

DriverEasy_Setup.exe
Size

5.0MB
Sample

210209-pnhrvrw1ex
MD5

7c6c801ec4fc74865194c42230f391ab
SHA1

50b1166d786e209414f5e2b051d023792405883a
SHA256

10cb7412824e0d603884f6a324d2067408749855f1043764946fcd9a5f725644
SHA512

a5b71d8c80aae6cb3d5da73cc1dbbe6f3331025674da4064a1fb1ae0e82f31e1430bff9c435e55dacb2fb450fba522c9de2698c929cf81ec7b74aa2690d042b7

Score

8^/10

bootkit discovery evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

DriverEasy_Setup.exe

Resource

win7v20201028

bootkit discovery evasion persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DriverEasy_Setup.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DriverEasy_Setup.exe
- Size
  
  5.0MB
- MD5
  
  7c6c801ec4fc74865194c42230f391ab
- SHA1
  
  50b1166d786e209414f5e2b051d023792405883a
- SHA256
  
  10cb7412824e0d603884f6a324d2067408749855f1043764946fcd9a5f725644
- SHA512
  
  a5b71d8c80aae6cb3d5da73cc1dbbe6f3331025674da4064a1fb1ae0e82f31e1430bff9c435e55dacb2fb450fba522c9de2698c929cf81ec7b74aa2690d042b7
Score

8^/10

bootkit discovery evasion persistence ransomware
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistenceransomware

behavioral2

© 2018-2024

Terms | Privacy