552c789cf68b88af18cf75ace35963445e3f7625cb07ae6b3933ceef26032f18 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Driver_Boo...si.msi

windows7-x64

8

Driver_Boo...si.msi

windows10-2004-x64

7

Sharing

General

Target

Driver_Booster_19_02_23_to_msi.msi
Size

7.2MB
Sample

230219-pe115afe43
MD5

5ad74e66323ae26320cd9c051f266a4f
SHA1

d7f999814e7c76466dba21619defc955d2660f20
SHA256

552c789cf68b88af18cf75ace35963445e3f7625cb07ae6b3933ceef26032f18
SHA512

019d370fe90818e1e5650496bbe3b187f0cb933e18b7644120ee25065974c108633bdab28db09bff879240d30de5a845572f4d1eb81ce92b469acc6ffa3f49a3
SSDEEP

196608:fYSxCsde/fxOql6socvDWnwlIzAY7kRSb6PdnjR:pxCz3xOHcRiERj

Score

8^/10

discovery evasion exploit themida

Static task

static1

Behavioral task

behavioral1

Sample

Driver_Booster_19_02_23_to_msi.msi

Resource

win7-20220812-en

discovery evasion exploit themida

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

Driver_Booster_19_02_23_to_msi.msi

Resource

win10v2004-20221111-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Driver_Booster_19_02_23_to_msi.msi
- Size
  
  7.2MB
- MD5
  
  5ad74e66323ae26320cd9c051f266a4f
- SHA1
  
  d7f999814e7c76466dba21619defc955d2660f20
- SHA256
  
  552c789cf68b88af18cf75ace35963445e3f7625cb07ae6b3933ceef26032f18
- SHA512
  
  019d370fe90818e1e5650496bbe3b187f0cb933e18b7644120ee25065974c108633bdab28db09bff879240d30de5a845572f4d1eb81ce92b469acc6ffa3f49a3
- SSDEEP
  
  196608:fYSxCsde/fxOql6socvDWnwlIzAY7kRSb6PdnjR:pxCz3xOHcRiERj
Score

8^/10

discovery evasion exploit themida
- Possible privilege escalation attempt
  exploit
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitthemida

behavioral2

© 2018-2024

Terms | Privacy