Overview

overview

7

Static

static

1

Intel-Driv...er.exe

windows7-x64

7

Intel-Driv...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-02-2023 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Intel-Driver-and-Support-Assistant-Installer.exe

  • Size

    6.0MB

  • MD5

    8e997a9510401c1ae06e63529bd3e3ee

  • SHA1

    1080ee0e9224f8a686acb7b2c5884a279fc40315

  • SHA256

    e2e86be8c07a3be5708659c2bbe6b75209876b37e145d43ad28530ad98bec50a

  • SHA512

    ac47f36411f4672d5229d47dd0cbc98aa4d1dea4371ab01802f4666463dc948ae41eaf95e761fd9d1df05bc2e27ecac30ba5e7f063619a1f069aea63b47d47b7

  • SSDEEP

    196608:tTSNgqr37eI4QYwcV0gLCKkN5ByIDijXlL3HDyVS67:BSNgUWQYJV/TkNGm493HWc67

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Windows\Temp\{F1F26C4A-BFEF-4759-8619-E9F28DF35BF4}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
      "C:\Windows\Temp\{F1F26C4A-BFEF-4759-8619-E9F28DF35BF4}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\BootstrapperUI.dll
    Filesize

    425KB

    MD5

    c0f2a4531933d36742a690f0b6cfb9ac

    SHA1

    1e858b3e0c0fa423c46fc291ad4e1628ef9c4dce

    SHA256

    bc7bfe58a0dc6235847011cbbe62b40268286a48183e17da40eccb261e4d0eae

    SHA512

    bd05c3923487881b40568d44699f17412763abc3f8c37a5c9f353c4360fa4a67b1a0634e07922debb115f2e757ea8f3c641ae066987186fee8acc53f17ff9ae1

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\BootstrapperUI.dll
    Filesize

    425KB

    MD5

    c0f2a4531933d36742a690f0b6cfb9ac

    SHA1

    1e858b3e0c0fa423c46fc291ad4e1628ef9c4dce

    SHA256

    bc7bfe58a0dc6235847011cbbe62b40268286a48183e17da40eccb261e4d0eae

    SHA512

    bd05c3923487881b40568d44699f17412763abc3f8c37a5c9f353c4360fa4a67b1a0634e07922debb115f2e757ea8f3c641ae066987186fee8acc53f17ff9ae1

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • C:\Windows\Temp\{8BE54C5D-B804-4D4D-AFBD-2391AA7C542C}\.ba\mbahost.dll
    Filesize

    119KB

    MD5

    c59832217903ce88793a6c40888e3cae

    SHA1

    6d9facabf41dcf53281897764d467696780623b8

    SHA256

    9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

    SHA512

    1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

    Download Submit

  • C:\Windows\Temp\{F1F26C4A-BFEF-4759-8619-E9F28DF35BF4}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    4d6b17e71ff3171fd786441c48af249f

    SHA1

    a4967a8f5ffa6fd048b531df21606cfe3f62c75c

    SHA256

    fd2e4647916bbabb5c2da776ae0fe617130499e6f3490fd40379f30c15b1823e

    SHA512

    57415f1581697d00dba6d7c0631f516bc473c170c8a83532a0a86a02b6a6f18805be154147c569cd7a09281ad915ee2be18b1883953e9120c3f43fadfa43b372

    Download Submit

  • C:\Windows\Temp\{F1F26C4A-BFEF-4759-8619-E9F28DF35BF4}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    4d6b17e71ff3171fd786441c48af249f

    SHA1

    a4967a8f5ffa6fd048b531df21606cfe3f62c75c

    SHA256

    fd2e4647916bbabb5c2da776ae0fe617130499e6f3490fd40379f30c15b1823e

    SHA512

    57415f1581697d00dba6d7c0631f516bc473c170c8a83532a0a86a02b6a6f18805be154147c569cd7a09281ad915ee2be18b1883953e9120c3f43fadfa43b372

    Download Submit

  • memory/4848-142-0x0000000007010000-0x000000000705A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4848-148-0x00000000072B0000-0x00000000072B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4848-141-0x0000000006EA0000-0x0000000006F0E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/4848-138-0x00000000069E0000-0x00000000069F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4848-145-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4848-146-0x0000000007260000-0x000000000726A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4848-147-0x0000000007270000-0x0000000007278000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4848-132-0x0000000000000000-mapping.dmp

    Download

  • memory/4848-149-0x00000000072C0000-0x00000000072C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4848-150-0x0000000007460000-0x0000000007468000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4848-151-0x000000000B510000-0x000000000B576000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4848-152-0x000000000B4F0000-0x000000000B4F8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4848-153-0x000000000B020000-0x000000000B058000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4848-154-0x000000000B000000-0x000000000B00E000-memory.dmp

    Filesize

    56KB

    Download