481a27d459a41b553c8b6da044b0d9348db511dac50b18de3c8c36f135b58793

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2022, 12:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DriverEasy_Setup.exe
Size

5.6MB
MD5

bd71d39a25f582e042baa1b945165f9f
SHA1

ea9a032d0200cb6a886218aa5413843e72e07a6b
SHA256

481a27d459a41b553c8b6da044b0d9348db511dac50b18de3c8c36f135b58793
SHA512

a69787a3dec4fa4ab6874e68f1f7e05ef376b4cb4c981fbf7625010bed31e9ddbf0f467f866f57a52f4077092e3f8b621e5cd7f5dbdc0508054428af11a06b0e
SSDEEP

98304:DkL7gFMaY1manVjlZLZC3RHlbZKGqmRTI4ooo+mnq0tdeMfpoB+RD3I6ejq:oEF21VjlZUrlK6TIUUq0Xe8pRD3V5

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4784	DriverEasy_Setup.tmp

Loads dropped DLL 8 IoCs

pid	Process
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp
4784	DriverEasy_Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4784	4888	DriverEasy_Setup.exe	80
PID 4888 wrote to memory of 4784	4888	DriverEasy_Setup.exe	80
PID 4888 wrote to memory of 4784	4888	DriverEasy_Setup.exe	80

C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Users\Admin\AppData\Local\Temp\is-6KV31.tmp\DriverEasy_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6KV31.tmp\DriverEasy_Setup.tmp" /SL5="$A0052,4931470,1057792,C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6KV31.tmp\DriverEasy_Setup.tmp

Filesize
3.2MB

MD5
7f8e59a43deaa5193e0570e1aaf3d5b6

SHA1
b968b7756c540ffe42631af749733f881e4cb4d9

SHA256
1a5cf7dfb6d981982f2a32893108edb405161b80456600d980f21bf7a3c5a699

SHA512
3981aa8f26d1b7bcc81e7132d1c13b71c8d8326ba7aadc9a4f81209afe835013b5e9a0b990451aa551f9dd17285e05c4e45ef475d4ba1653884defdb944c3299

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\PlayaSDK.dll

Filesize
960KB

MD5
11a813c0972b740937d3a7e2daf9ffcb

SHA1
4245b5a3c97f725c56a29d745767edebb5e3f15d

SHA256
3f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9

SHA512
9a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\gifctrl.dll

Filesize
13KB

MD5
c09fc647b0a74bf713ea4909557e353f

SHA1
b7fe9ddfdeb92d351358b12086b39d8cb8058658

SHA256
1f9bc1ddad49da4be7fe27c7e8fa59ee21d6b262f09f256b4d5b3359c7f419b0

SHA512
504c3bd1cfd1469f2deac2bd84188f93d860b2a8026c14c997f4390da84858bdd244511f54e032fc8273faea9dbab6fa928e18efe7af3395251f5a60c7f67ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LAVFP.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
memory/4784-140-0x0000000003620000-0x0000000003642000-memory.dmp

Filesize
136KB

Download
memory/4784-143-0x0000000003690000-0x000000000369F000-memory.dmp

Filesize
60KB

Download
memory/4784-146-0x0000000003720000-0x0000000003735000-memory.dmp

Filesize
84KB

Download
memory/4888-132-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/4888-169-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads