3d5b5be07939390fbfaf99686610df55d7c6eae7395c02a523f5028bd68fdb9e

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverEasy.5.7.0.exe
Size

3.9MB
MD5

69a34500bdb95a4e6a408d859d86accd
SHA1

ac6db3f7a982e9edb7d0c669ce0c43c37d6a5933
SHA256

3d5b5be07939390fbfaf99686610df55d7c6eae7395c02a523f5028bd68fdb9e
SHA512

a436250dbab821bba6c179a40d711f2c0d47b8fd675b249694837bfca9050eba2aee7e6d9ba902b26113cb960c2bdeee98dadcb840c0ff7473358ab0efaa5030
SSDEEP

98304:1diPuVIBxzPqWFvZio5q8rKN+bEs1rpXlJROah:uuVI3zPquximq8FNN1x

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

DriverEasy.5.7.0.tmp

pid process

4500 DriverEasy.5.7.0.tmp
Loads dropped DLL 4 IoCs

Processes:

DriverEasy.5.7.0.tmp

pid process

4500 DriverEasy.5.7.0.tmp
4500 DriverEasy.5.7.0.tmp
4500 DriverEasy.5.7.0.tmp
4500 DriverEasy.5.7.0.tmp
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

DriverEasy.5.7.0.tmp

pid process

4500 DriverEasy.5.7.0.tmp
4500 DriverEasy.5.7.0.tmp

pid	process
4500	DriverEasy.5.7.0.tmp

pid	process
4500	DriverEasy.5.7.0.tmp
4500	DriverEasy.5.7.0.tmp
4500	DriverEasy.5.7.0.tmp
4500	DriverEasy.5.7.0.tmp

pid	process
4500	DriverEasy.5.7.0.tmp
4500	DriverEasy.5.7.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

DriverEasy.5.7.0.exe

description	pid	process	target process
PID 1176 wrote to memory of 4500	1176	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 1176 wrote to memory of 4500	1176	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp
PID 1176 wrote to memory of 4500	1176	DriverEasy.5.7.0.exe	DriverEasy.5.7.0.tmp

C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe
"C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1176

C:\Users\Admin\AppData\Local\Temp\is-DKAT3.tmp\DriverEasy.5.7.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DKAT3.tmp\DriverEasy.5.7.0.tmp" /SL5="$E004A,3724160,330752,C:\Users\Admin\AppData\Local\Temp\DriverEasy.5.7.0.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-DKAT3.tmp\DriverEasy.5.7.0.tmp
Filesize
1.1MB

MD5
bf61f7e7761c80a27b13f82014f5687b

SHA1
1894fac2a9e8adcfb74a864e92155f9a4506a9d5

SHA256
26f877e0e715507e37f2ca323e0e5897d4246478ee55b8b779eb0b4e92ef7244

SHA512
df0dc8a6db13218b4a4e1c47b13f791d10fff5649d0fda5bf40636a22128abd83d57a7dd695e8cd4ddb0e09d050eff033eaa2aa242fa7e1b20cf61f36e49b54a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGJMT.tmp\b2p.dll
Filesize
22KB

MD5
ab35386487b343e3e82dbd2671ff9dab

SHA1
03591d07aea3309b631a7d3a6e20a92653e199b8

SHA256
c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2

SHA512
b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGJMT.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGJMT.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGJMT.tmp\iswin7logo.dll
Filesize
39KB

MD5
1ea948aad25ddd347d9b80bef6df9779

SHA1
0be971e67a6c3b1297e572d97c14f74b05dafed3

SHA256
30eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488

SHA512
f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545

Download Submit
memory/1176-170-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1176-133-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4500-164-0x0000000002480000-0x0000000002483000-memory.dmp

Filesize
12KB

Download
memory/4500-163-0x0000000074F30000-0x0000000074F4B000-memory.dmp

Filesize
108KB

Download
memory/4500-160-0x0000000009810000-0x000000000981F000-memory.dmp

Filesize
60KB

Download
memory/4500-166-0x0000000074630000-0x0000000074641000-memory.dmp

Filesize
68KB

Download
memory/4500-167-0x00000000073D0000-0x00000000073D2000-memory.dmp

Filesize
8KB

Download
memory/4500-162-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4500-171-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4500-172-0x0000000074F30000-0x0000000074F4B000-memory.dmp

Filesize
108KB

Download
memory/4500-174-0x0000000009810000-0x000000000981F000-memory.dmp

Filesize
60KB

Download
memory/4500-173-0x0000000074630000-0x0000000074641000-memory.dmp

Filesize
68KB

Download
memory/4500-175-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4500-183-0x0000000074F30000-0x0000000074F4B000-memory.dmp

Filesize
108KB

Download