Overview

overview

7

Static

static

1

Intel-Driv...er.exe

windows7-x64

7

Intel-Driv...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2023 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Intel-Driver-and-Support-Assistant-Installer.exe

  • Size

    6.0MB

  • MD5

    8e997a9510401c1ae06e63529bd3e3ee

  • SHA1

    1080ee0e9224f8a686acb7b2c5884a279fc40315

  • SHA256

    e2e86be8c07a3be5708659c2bbe6b75209876b37e145d43ad28530ad98bec50a

  • SHA512

    ac47f36411f4672d5229d47dd0cbc98aa4d1dea4371ab01802f4666463dc948ae41eaf95e761fd9d1df05bc2e27ecac30ba5e7f063619a1f069aea63b47d47b7

  • SSDEEP

    196608:tTSNgqr37eI4QYwcV0gLCKkN5ByIDijXlL3HDyVS67:BSNgUWQYJV/TkNGm493HWc67

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Windows\Temp\{0C8DB420-190A-4BD9-ACFF-5AE6EA20A654}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
      "C:\Windows\Temp\{0C8DB420-190A-4BD9-ACFF-5AE6EA20A654}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1236

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{0C8DB420-190A-4BD9-ACFF-5AE6EA20A654}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    4d6b17e71ff3171fd786441c48af249f

    SHA1

    a4967a8f5ffa6fd048b531df21606cfe3f62c75c

    SHA256

    fd2e4647916bbabb5c2da776ae0fe617130499e6f3490fd40379f30c15b1823e

    SHA512

    57415f1581697d00dba6d7c0631f516bc473c170c8a83532a0a86a02b6a6f18805be154147c569cd7a09281ad915ee2be18b1883953e9120c3f43fadfa43b372

    Download Submit

  • C:\Windows\Temp\{0C8DB420-190A-4BD9-ACFF-5AE6EA20A654}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    4d6b17e71ff3171fd786441c48af249f

    SHA1

    a4967a8f5ffa6fd048b531df21606cfe3f62c75c

    SHA256

    fd2e4647916bbabb5c2da776ae0fe617130499e6f3490fd40379f30c15b1823e

    SHA512

    57415f1581697d00dba6d7c0631f516bc473c170c8a83532a0a86a02b6a6f18805be154147c569cd7a09281ad915ee2be18b1883953e9120c3f43fadfa43b372

    Download Submit

  • \Windows\Temp\{0C8DB420-190A-4BD9-ACFF-5AE6EA20A654}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    4d6b17e71ff3171fd786441c48af249f

    SHA1

    a4967a8f5ffa6fd048b531df21606cfe3f62c75c

    SHA256

    fd2e4647916bbabb5c2da776ae0fe617130499e6f3490fd40379f30c15b1823e

    SHA512

    57415f1581697d00dba6d7c0631f516bc473c170c8a83532a0a86a02b6a6f18805be154147c569cd7a09281ad915ee2be18b1883953e9120c3f43fadfa43b372

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\BootstrapperUI.dll
    Filesize

    425KB

    MD5

    c0f2a4531933d36742a690f0b6cfb9ac

    SHA1

    1e858b3e0c0fa423c46fc291ad4e1628ef9c4dce

    SHA256

    bc7bfe58a0dc6235847011cbbe62b40268286a48183e17da40eccb261e4d0eae

    SHA512

    bd05c3923487881b40568d44699f17412763abc3f8c37a5c9f353c4360fa4a67b1a0634e07922debb115f2e757ea8f3c641ae066987186fee8acc53f17ff9ae1

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\BootstrapperUI.dll
    Filesize

    425KB

    MD5

    c0f2a4531933d36742a690f0b6cfb9ac

    SHA1

    1e858b3e0c0fa423c46fc291ad4e1628ef9c4dce

    SHA256

    bc7bfe58a0dc6235847011cbbe62b40268286a48183e17da40eccb261e4d0eae

    SHA512

    bd05c3923487881b40568d44699f17412763abc3f8c37a5c9f353c4360fa4a67b1a0634e07922debb115f2e757ea8f3c641ae066987186fee8acc53f17ff9ae1

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • \Windows\Temp\{C06A2A83-EA78-49DF-99FD-318D5822CB36}\.ba\mbahost.dll
    Filesize

    119KB

    MD5

    c59832217903ce88793a6c40888e3cae

    SHA1

    6d9facabf41dcf53281897764d467696780623b8

    SHA256

    9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

    SHA512

    1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

    Download Submit

  • memory/1136-54-0x0000000075E01000-0x0000000075E03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1236-69-0x0000000000D90000-0x0000000000D9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1236-73-0x0000000002580000-0x0000000002588000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1236-63-0x00000000005E0000-0x00000000005F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1236-70-0x0000000000F10000-0x0000000000F1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1236-71-0x0000000000F20000-0x0000000000F28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1236-72-0x00000000024B0000-0x00000000024B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1236-66-0x0000000000EA0000-0x0000000000F0E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/1236-74-0x00000000025A0000-0x00000000025A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1236-76-0x00000000025B0000-0x00000000025BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1236-75-0x0000000005489000-0x000000000549A000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1236-77-0x00000000025B0000-0x00000000025BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1236-78-0x00000000025B0000-0x00000000025BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1236-79-0x00000000025B0000-0x00000000025BA000-memory.dmp

    Filesize

    40KB

    Download