Overview

overview

10

Static

static

10

Crack UZ1/...oc.exe

windows7-x64

1

Crack UZ1/...oc.exe

windows10-2004-x64

3

Setup_Driv...22.exe

windows7-x64

9

Setup_Driv...22.exe

windows10-2004-x64

9

Resubmissions

05-11-2022 19:59

221105-yqefyabgdl 10

05-11-2022 19:56

221105-yn7dyabgcp 10

05-11-2022 19:39

221105-ydcftabfgr 10

05-11-2022 19:22

221105-x3ef2ahce6 10

Analysis

  • max time kernel
    600s
  • max time network
    433s
  • platform
    windows7_x64
  • resource
    win7-20220812-de
  • resource tags

    arch:x64arch:x86image:win7-20220812-delocale:de-deos:windows7-x64systemwindows
  • submitted
    05-11-2022 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_DriverDoc_2022.exe

  • Size

    6.0MB

  • MD5

    c65a354ac28f2f45c7ca8a38e4f778d6

  • SHA1

    42d84f6be5cfa1503dc7bd8275073872d71a4fc0

  • SHA256

    396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e

  • SHA512

    7acba2651fb1378a97c47ce6723808235ddd74d2cb736f5fb6f28a241f3b33188e9a511c6be2eb3ca8e7cad68c05a76a0c853edc5a417a16aacd5c0388950017

  • SSDEEP

    98304:KSi1jH0UJukUYMwioEgGU9KM+ZFNIO05p0oO2gz8+fyTx:MUvkUMiij9KM+7Npc0R4+KTx

Score
9/10

Malware Config

Signatures

  • Affect hook table 3 IoCs
  • Bypass DEP 7 IoCs
  • Checks if being debugged 3 IoCs
  • DebuggerException__SetConsoleCtrl 3 IoCs
  • SEH_Init 3 IoCs
  • SEH_Save 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:272
    • C:\Users\Admin\AppData\Local\Temp\is-VUADU.tmp\Setup_DriverDoc_2022.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VUADU.tmp\Setup_DriverDoc_2022.tmp" /SL5="$60130,5347251,879104,C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2040
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1700
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:584
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x450
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-VUADU.tmp\Setup_DriverDoc_2022.tmp
      Filesize

      3.1MB

      MD5

      d70a98daf7a810ee18ce451ec673e399

      SHA1

      274dff37313f3fbdf82dfc4afd94582359b79fee

      SHA256

      9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

      SHA512

      a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-VUADU.tmp\Setup_DriverDoc_2022.tmp
      Filesize

      3.1MB

      MD5

      d70a98daf7a810ee18ce451ec673e399

      SHA1

      274dff37313f3fbdf82dfc4afd94582359b79fee

      SHA256

      9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

      SHA512

      a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

      Download Submit

    • \Users\Admin\AppData\Local\Temp\is-VUADU.tmp\Setup_DriverDoc_2022.tmp
      Filesize

      3.1MB

      MD5

      d70a98daf7a810ee18ce451ec673e399

      SHA1

      274dff37313f3fbdf82dfc4afd94582359b79fee

      SHA256

      9621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340

      SHA512

      a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60

      Download Submit

    • memory/272-54-0x0000000076C51000-0x0000000076C53000-memory.dmp

      Filesize

      8KB

      Download

    • memory/272-55-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/272-60-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/272-62-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/1700-63-0x000007FEFC461000-0x000007FEFC463000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1700-65-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/1700-66-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download