Analysis
-
max time kernel
58s -
max time network
66s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 06:41
Behavioral task
behavioral1
Sample
840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe
-
Size
207KB
-
MD5
da990c92650cc9d76ec7551b83bf0b80
-
SHA1
35ea8708c240cd12d5e3dc275eef6434241bf4c9
-
SHA256
840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067
-
SHA512
78cd07c66bf5ef3086bd5daee5730e1434481947588f4717b3b35900e9b67842a47df42d078377387d4f71a5c89acd80f3a4a0630239e897858bc76325b719c8
-
SSDEEP
6144:NK7kA352xsl1hssGwGWlatbJ6GV+3/DVvWtU1k:2kAJ2xifBwFCNt
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
Processes:
840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exedescription ioc process File opened for modification C:\Windows\system32\drivers\ql40xx.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\sermouse.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\TsUsbGD.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\USBSTOR.SYS 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\arcsas.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\bxvbda.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\b57nd60a.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\usbohci.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\tcpipreg.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\mpio.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\Drivers\secdrv.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\uagp35.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\lsi_sas2.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\MSKSSRV.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\vmbus.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\asyncmac.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\iirsp.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\ipnat.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\amdppm.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\nfrd960.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\rdpdr.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\ndisuio.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\usbprint.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\Drivers\BrSerWdm.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\dmvsc.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\MSTEE.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\lsi_sas.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\parport.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\rdprefmp.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\adp94xx.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\Drivers\Null.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\hwpolicy.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\tdpipe.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\usbcir.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\amdsata.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\isapnp.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\msdsm.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\tsusbflt.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\rspndr.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\aliide.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\mpsdrv.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\nvraid.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\DRIVERS\scfilter.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\terminpt.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\tsusbhub.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\rdvgkmd.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\agp440.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\HpSAMD.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\processr.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\wacompen.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\adpahci.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\HidBatt.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\nwifi.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\sisraid4.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\vwifibus.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\DRIVERS\lltdio.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\1394ohci.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\drivers\dxgkrnl.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\ohci1394.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\speeder.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\VMBusHID.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\System32\DRIVERS\RDPCDD.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\gagp30kx.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe File opened for modification C:\Windows\system32\drivers\hcw85cir.sys 840bd4b0e47a5fc5561bae900310fff3d0df06765c611eee231296f700322067.exe -
Processes:
resource yara_rule behavioral1/memory/1292-54-0x0000000000400000-0x0000000000468000-memory.dmp vmprotect behavioral1/memory/1292-55-0x0000000000400000-0x0000000000468000-memory.dmp vmprotect behavioral1/memory/1292-57-0x0000000000400000-0x0000000000468000-memory.dmp vmprotect