8fc521653d7167d4339a6a158def934c8fa46d7f3c75eb1d3420f53069128561

Analysis

max time kernel
141s
max time network
153s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Driver Booster-20230201T014702Z-001.zip
Size

29.3MB
MD5

9ba34331e1605e4d7fe38bf8b9ee8026
SHA1

491932a698742599848dbe6ff379635ac0e9d3d2
SHA256

8fc521653d7167d4339a6a158def934c8fa46d7f3c75eb1d3420f53069128561
SHA512

551e390fb6676585c0c34507f4a1cd1861fe34a52e9a7216d668db8f93f51c578ff21668305f8966ef29ceb3d28c1d199252635f2930aee2a1fe53259ff59e46
SSDEEP

786432:YuparT0m6Zao7R98Qu1RmPcea5kgKgA6BEqZrjllcp0qpJA+:YupapbS8QaRmkea5kcEau5A+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1756	chrome.exe
316	chrome.exe
316	chrome.exe
3028	chrome.exe
316	chrome.exe
316	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2200	AUDIODG.EXE
Token: 33	2200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2200	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 2008	316	chrome.exe	28
PID 316 wrote to memory of 2008	316	chrome.exe	28
PID 316 wrote to memory of 2008	316	chrome.exe	28
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 112	316	chrome.exe	29
PID 316 wrote to memory of 1756	316	chrome.exe	30
PID 316 wrote to memory of 1756	316	chrome.exe	30
PID 316 wrote to memory of 1756	316	chrome.exe	30
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31
PID 316 wrote to memory of 1688	316	chrome.exe	31

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Driver Booster-20230201T014702Z-001.zip"
1⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb184f50,0x7fefb184f60,0x7fefb184f70
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:2
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4228 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1000 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=540 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1084,17078351118419990540,7145639659870588500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/992-55-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

Filesize
8KB

Download