9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd

Analysis

max time kernel
275s
max time network
346s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe
Size

3.4MB
MD5

f4d7ffba6ce5cefad4835b2893d73d0a
SHA1

aac8491ab948f7bfe4168a2b1ac6903cd3f992c1
SHA256

9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd
SHA512

40e6efb9093fecc17493c12f2311173b0a285e3697720ea84e3d34de00888ba967dfd4914ab2447237ee8bbc4d844fdd2e91e95015aaa5ad0740d97eb7f18f5b
SSDEEP

98304:q3yobVyq03fv0oKATM6A/7zf8iEFb1OL6PVgNZz/:oyey13EoXM68vHO5fPeNZ7

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

drvprosetup.exedrvprosetup.tmp

pid process

3748 drvprosetup.exe
708 drvprosetup.tmp

pid	process
3748	drvprosetup.exe
708	drvprosetup.tmp

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exedrvprosetup.exe

description	pid	process	target process
PID 1468 wrote to memory of 3748	1468	9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe	drvprosetup.exe
PID 1468 wrote to memory of 3748	1468	9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe	drvprosetup.exe
PID 1468 wrote to memory of 3748	1468	9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe	drvprosetup.exe
PID 3748 wrote to memory of 708	3748	drvprosetup.exe	drvprosetup.tmp
PID 3748 wrote to memory of 708	3748	drvprosetup.exe	drvprosetup.tmp
PID 3748 wrote to memory of 708	3748	drvprosetup.exe	drvprosetup.tmp

C:\Users\Admin\AppData\Local\Temp\9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe
"C:\Users\Admin\AppData\Local\Temp\9d4eb4a37397e8abfb674bfb9974eb0daba26c4ab8ed15e35f8d0609829c8edd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1468

C:\Users\Admin\AppData\Local\Temp\drvprosetup.exe
C:\Users\Admin\AppData\Local\Temp\\drvprosetup.exe /VERYSILENT
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3748

C:\Users\Admin\AppData\Local\Temp\is-42H14.tmp\drvprosetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-42H14.tmp\drvprosetup.tmp" /SL5="$1701EA,2637513,85504,C:\Users\Admin\AppData\Local\Temp\drvprosetup.exe" /VERYSILENT
3⤵
- Executes dropped EXE
PID:708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\drvprosetup.exe
Filesize
3.0MB

MD5
e2bc1e4dbb1b4a5342b8dea5ba2ec9da

SHA1
5325f6df57aa9d6cae42964aba0e035ab64edfd6

SHA256
c7cf53ed5ed00bce7d76401ce81ea293e3e7e773a58aace75719f489bc52dfcd

SHA512
5e8f0b900ac38539d77204bbc6e3aed42c3e7d39279b0d21fe2fe1f37fe27e63f96d70fa7dd175198a747be0e3e04133e66ba84943fe06bdc162a826ce8d78f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\drvprosetup.exe
Filesize
3.0MB

MD5
e2bc1e4dbb1b4a5342b8dea5ba2ec9da

SHA1
5325f6df57aa9d6cae42964aba0e035ab64edfd6

SHA256
c7cf53ed5ed00bce7d76401ce81ea293e3e7e773a58aace75719f489bc52dfcd

SHA512
5e8f0b900ac38539d77204bbc6e3aed42c3e7d39279b0d21fe2fe1f37fe27e63f96d70fa7dd175198a747be0e3e04133e66ba84943fe06bdc162a826ce8d78f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-42H14.tmp\drvprosetup.tmp
Filesize
1.1MB

MD5
dcb39cc84c9294a56d2f2a01211377bf

SHA1
ea30b92f18668d34e421821f343a7061e8138086

SHA256
55ca4a2da5da485d1216ad825572165c23d1440204f0bbfac127f6cfe45a6108

SHA512
6579250d2ac658c860f40fd85fd525c0856fb7ad4faa75122e8685eac407c7c99ad7078450eaf106ecef60654693ddfa18a421dab4be7eee4ec20d097bc57cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-42H14.tmp\drvprosetup.tmp
Filesize
1.1MB

MD5
dcb39cc84c9294a56d2f2a01211377bf

SHA1
ea30b92f18668d34e421821f343a7061e8138086

SHA256
55ca4a2da5da485d1216ad825572165c23d1440204f0bbfac127f6cfe45a6108

SHA512
6579250d2ac658c860f40fd85fd525c0856fb7ad4faa75122e8685eac407c7c99ad7078450eaf106ecef60654693ddfa18a421dab4be7eee4ec20d097bc57cd7

Download Submit
memory/708-137-0x0000000000000000-mapping.dmp

Download
memory/3748-132-0x0000000000000000-mapping.dmp

Download
memory/3748-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3748-136-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download