0ec8123fc6fc73037538b067c415d049dde04c685e92c1c49647130f8a83b655

Analysis

max time kernel
45s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-06-2023 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe
Size

2.1MB
MD5

c7c2b2d1e8a78b6e759a136291f5ce6e
SHA1

6ac12b7a30fbd91371cc94eec70e715045b36a2a
SHA256

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3
SHA512

14cece17937533e8f23828ea6322a9a744d1e414551d359fc876fcb0ab16168ec125f5c0b1a36d13e8c6d567180fbe8d680aa05a5f2abec0ed0f9fe18d69443c
SSDEEP

49152:j5Mex9xwfdVsS5R2AcyqNabXxH2YYMLFYys:tr9CDsS2A5qNadbYMLFYys

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

description	ioc	process
File opened for modification	C:\Program Files\Easeware\DriverNavigator\ar\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\da\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-JBTGH.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-OL8M1.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\da\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.DriverInstall.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\fr\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\unins000.dat	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\fr\is-62JC5.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\hu\is-K6FEU.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Easeware.DriverInstall.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\it\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\pt-BR\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Easeware.Driver.Backup.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-CHRMD.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\de\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\it\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Backup.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\uk\is-MS9UE.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\uk\is-6MCPD.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\pt-BR\is-011R2.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\de\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\hu\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\fr\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-562JG.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\es-AR\is-G9LST.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\fr\is-B747F.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\da\is-SAN8N.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\de\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\hu\is-J923B.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\ar\is-L6MKC.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\unins000.dat	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-C357R.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\de\is-73CRT.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\es-AR\is-HDDG6.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\uk\is-5R8OA.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\da\is-O1T9B.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-NTD80.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-1HNA5.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\uk\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\fr\is-2FG2B.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\da\is-1LGLN.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\fr\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\uk\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-KM178.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\ar\is-O5JDH.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\it\is-NOJ15.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-H4G5E.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\pt-BR\is-673QC.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\it\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\uk\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\hu\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Interop.WUApiLib.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-7OQDS.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\de\is-NH54L.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\it\is-CAJHG.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\pt-BR\is-VNV3N.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-JNNPO.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-JNV1K.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Interop.WUApiLib.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-EHPR4.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\es-AR\is-JBVNR.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

Drops file in Windows directory 2 IoCs

Processes:

Easeware.CheckScheduledScan.exe

description	ioc	process
File created	C:\Windows\Tasks\DriverNavigator Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File opened for modification	C:\Windows\Tasks\DriverNavigator Scheduled Scan.job	Easeware.CheckScheduledScan.exe

Executes dropped EXE 4 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpEaseware.CheckScheduledScan.exeEaseware.ConfigLanguageFromSetup.exeDriverNavigator.exe

pid	process
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1260	Easeware.CheckScheduledScan.exe
1956	Easeware.ConfigLanguageFromSetup.exe
1632	DriverNavigator.exe

Loads dropped DLL 9 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exeb179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

pid	process
1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1700 1632 WerFault.exe DriverNavigator.exe
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

DriverNavigator.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate DriverNavigator.exe

pid	pid_target	process	target process
1700	1632	WerFault.exe	DriverNavigator.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	DriverNavigator.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpDriverNavigator.exe

pid	process
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1632	DriverNavigator.exe
1632	DriverNavigator.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DriverNavigator.exe

description pid process

Token: SeDebugPrivilege 1632 DriverNavigator.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpDriverNavigator.exe

pid process

1064 b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
1632 DriverNavigator.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

DriverNavigator.exe

pid process

1632 DriverNavigator.exe

description	pid	process
Token: SeDebugPrivilege	1632	DriverNavigator.exe

pid	process
1632	DriverNavigator.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exeb179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpDriverNavigator.exe

description	pid	process	target process
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1716 wrote to memory of 1064	1716	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 1064 wrote to memory of 1260	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 1064 wrote to memory of 1260	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 1064 wrote to memory of 1260	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 1064 wrote to memory of 1260	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 1064 wrote to memory of 1956	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 1064 wrote to memory of 1956	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 1064 wrote to memory of 1956	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 1064 wrote to memory of 1956	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 1064 wrote to memory of 1632	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe
PID 1064 wrote to memory of 1632	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe
PID 1064 wrote to memory of 1632	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe
PID 1064 wrote to memory of 1632	1064	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe
PID 1632 wrote to memory of 1700	1632	DriverNavigator.exe	WerFault.exe
PID 1632 wrote to memory of 1700	1632	DriverNavigator.exe	WerFault.exe
PID 1632 wrote to memory of 1700	1632	DriverNavigator.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe
"C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1716

C:\Users\Admin\AppData\Local\Temp\is-GB5L8.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GB5L8.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp" /SL5="$70122,1711512,119296,C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1064

C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
"C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe" -create "DriverNavigator Scheduled Scan" "C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe"
3⤵
- Drops file in Windows directory
- Executes dropped EXE
PID:1260

C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
"C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe" DriverNavigator en
3⤵
- Executes dropped EXE
PID:1956

C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
"C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe"
3⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1632 -s 1928
4⤵
- Program crash
PID:1700

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
Filesize
38KB

MD5
eda7bfc015c8b0d64021caec2c1b5fce

SHA1
38c477e84334d85f8db61d5dd5d622d30e99c0f5

SHA256
d31125d698dc5cf3e41538cfcf0f0bc4cedec57972a10a8fe76e16504716f423

SHA512
d98e817ac514833ad85f6867d9e15c87ff6fa9d664beb6440c5a0f3a1bd79814090907986402b23b6ed2c9e23f7afb0127e464c5b39cc845b44361c4b03649b4

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
Filesize
38KB

MD5
eda7bfc015c8b0d64021caec2c1b5fce

SHA1
38c477e84334d85f8db61d5dd5d622d30e99c0f5

SHA256
d31125d698dc5cf3e41538cfcf0f0bc4cedec57972a10a8fe76e16504716f423

SHA512
d98e817ac514833ad85f6867d9e15c87ff6fa9d664beb6440c5a0f3a1bd79814090907986402b23b6ed2c9e23f7afb0127e464c5b39cc845b44361c4b03649b4

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
Filesize
15KB

MD5
b673942c9e7be455877caf4071198fb7

SHA1
48db6875724c1b804bf289e41ff23cd5b087de8c

SHA256
f3b1405f197314676e1c1d612bffe69cc64ebaf09d56c12cea7583f4e82c5605

SHA512
762ec6226d0118e4eac50445a8273697b4934838b6ee761cac5fdf8f6aca6c9f87cf18c95acb5a44996bad26505e023a995edd78c6b8a2f728a4858e58dc00bc

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
Filesize
15KB

MD5
b673942c9e7be455877caf4071198fb7

SHA1
48db6875724c1b804bf289e41ff23cd5b087de8c

SHA256
f3b1405f197314676e1c1d612bffe69cc64ebaf09d56c12cea7583f4e82c5605

SHA512
762ec6226d0118e4eac50445a8273697b4934838b6ee761cac5fdf8f6aca6c9f87cf18c95acb5a44996bad26505e023a995edd78c6b8a2f728a4858e58dc00bc

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Backup.dll
Filesize
55KB

MD5
fab2103f448822789eae0255dd274a18

SHA1
4eab0afd585bf6d9f9cdf0a202c185087c6c5bbe

SHA256
a2ec0b800f86bf508ed18ca791b64030b33a31958fc93e7d77fe4a901676d169

SHA512
1ae222963231fe526a5330fdc2c7a7c6e251241ea019063d7d7061741c8823fd93a7fbcdd4d315823fd71fcb6e940fbba65ae93283572ad47171b641bb2ac21f

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Core.dll
Filesize
512KB

MD5
67dd0575309dbe0554843454d36c023c

SHA1
8f135bbf6ab8a2602ba53139bb0d5768845e17af

SHA256
8de43ffd41f45b27037d678ed82abdbd1529953b3f52e0932f2ae9779c7a0a79

SHA512
19b354c9d2e620b6ffa40e93ba954713655b9deed4b12ca0e39031766db7b9de418cbd36cb5e8c0d3495a9ed13b1964bad41dd8ad9a37a4e50ce9e8f08651c61

Download Submit
C:\Program Files\Easeware\DriverNavigator\is-86G4L.tmp
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\unins000.exe
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GB5L8.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GB5L8.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverNavigator\partner.xml
Filesize
164B

MD5
ed07de6aed0ce8a248c8afab56acf572

SHA1
293e35673ebadfb1a6a041864f275c40a3a7aa48

SHA256
b5506812ccf31c9b686bda14f9d3427e6e9412c478701bf9bfa4cff52ff5f3eb

SHA512
373049bcd6c942e24a735e35e819926f693be14d8581cb7d38cc5fbe789d42c6b32efdb175a9e01dade38f46885c4de991b4f6e438069a1aead6d1490c900228

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverNavigator\settings.dat
Filesize
542B

MD5
44123b8581c3286e939ce90e43e6c1f4

SHA1
affb439b03fd3564214fd0bf4850c9c6a84187dd

SHA256
e0bf73c072ef5354fac0614ce8acf78c3845679f561d9d35586f2557f6afbe41

SHA512
6b6b2cdec941ece374ca103483880c7346ef93b063e9d114f2e6ed204c8eaea57cdcc657071d27b34eb5a7c1db1f287e0969fdc2611b5f1b1995f780af40ba2f

Download Submit
\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
Filesize
38KB

MD5
eda7bfc015c8b0d64021caec2c1b5fce

SHA1
38c477e84334d85f8db61d5dd5d622d30e99c0f5

SHA256
d31125d698dc5cf3e41538cfcf0f0bc4cedec57972a10a8fe76e16504716f423

SHA512
d98e817ac514833ad85f6867d9e15c87ff6fa9d664beb6440c5a0f3a1bd79814090907986402b23b6ed2c9e23f7afb0127e464c5b39cc845b44361c4b03649b4

Download Submit
\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
Filesize
15KB

MD5
b673942c9e7be455877caf4071198fb7

SHA1
48db6875724c1b804bf289e41ff23cd5b087de8c

SHA256
f3b1405f197314676e1c1d612bffe69cc64ebaf09d56c12cea7583f4e82c5605

SHA512
762ec6226d0118e4eac50445a8273697b4934838b6ee761cac5fdf8f6aca6c9f87cf18c95acb5a44996bad26505e023a995edd78c6b8a2f728a4858e58dc00bc

Download Submit
\Program Files\Easeware\DriverNavigator\unins000.exe
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
\Users\Admin\AppData\Local\Temp\is-9LFFR.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-9LFFR.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-9LFFR.tmp\isxdl.dll
Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
\Users\Admin\AppData\Local\Temp\is-GB5L8.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
memory/1064-203-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1064-215-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/1064-73-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/1064-205-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/1064-61-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1260-191-0x0000000000F80000-0x0000000000F8E000-memory.dmp

Filesize
56KB

Download
memory/1632-220-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-222-0x000000001BBE0000-0x000000001BBF2000-memory.dmp

Filesize
72KB

Download
memory/1632-211-0x0000000000A80000-0x0000000000B04000-memory.dmp

Filesize
528KB

Download
memory/1632-225-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-224-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-223-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-218-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-219-0x00000000012F0000-0x0000000001370000-memory.dmp

Filesize
512KB

Download
memory/1632-210-0x0000000001380000-0x000000000152A000-memory.dmp

Filesize
1.7MB

Download
memory/1716-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1716-72-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1716-217-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1956-199-0x00000000013A0000-0x00000000013A8000-memory.dmp

Filesize
32KB

Download
memory/1956-201-0x0000000000500000-0x0000000000584000-memory.dmp

Filesize
528KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads