0ec8123fc6fc73037538b067c415d049dde04c685e92c1c49647130f8a83b655

Analysis

max time kernel
93s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2023 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe
Size

2.1MB
MD5

c7c2b2d1e8a78b6e759a136291f5ce6e
SHA1

6ac12b7a30fbd91371cc94eec70e715045b36a2a
SHA256

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3
SHA512

14cece17937533e8f23828ea6322a9a744d1e414551d359fc876fcb0ab16168ec125f5c0b1a36d13e8c6d567180fbe8d680aa05a5f2abec0ed0f9fe18d69443c
SSDEEP

49152:j5Mex9xwfdVsS5R2AcyqNabXxH2YYMLFYys:tr9CDsS2A5qNadbYMLFYys

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

description	ioc	process
File opened for modification	C:\Program Files\Easeware\DriverNavigator\ar\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\hu\is-41I8H.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\da\is-UHJ01.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-O7TF4.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-QJB3J.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Interop.WUApiLib.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\ar\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\fr\is-8HUNS.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\hu\is-H8293.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-NDUJH.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-C46IF.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-RTR41.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\de\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-ROPM8.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\fr\is-VI6JP.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\uk\is-SO91V.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\it\is-PHILP.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-D8DLJ.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\es-AR\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\fr\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\unins000.dat	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-C794U.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\es-AR\is-D34HH.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\hu\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\pt-BR\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-F5STU.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\unins000.dat	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.DriverInstall.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Backup.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Core.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\UnRAR.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\uk\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\pt-BR\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\da\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-FI8O4.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-HNHVF.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\de\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Easeware.Driver.Backup.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\it\is-VDGJJ.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\pt-BR\is-E8ULI.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\pt-BR\is-UF8M7.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\da\is-138TC.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\ar\is-Q6BEL.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\fr\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\fr\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\ar\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Easeware.Driver.Core.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\x64\Easeware.DriverInstall.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\de\is-QUF17.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\ar\is-8RB5F.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\da\is-BEAD9.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\x64\is-71733.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\de\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\hu\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\unins000.msg	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\it\Easeware.DriverInstall.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-DTLIQ.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\de\is-1EH6O.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File created	C:\Program Files\Easeware\DriverNavigator\is-B2PPE.tmp	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\pt-BR\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
File opened for modification	C:\Program Files\Easeware\DriverNavigator\da\DriverNavigator.resources.dll	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

Drops file in Windows directory 2 IoCs

Processes:

Easeware.CheckScheduledScan.exe

description	ioc	process
File created	C:\Windows\Tasks\DriverNavigator Scheduled Scan.job	Easeware.CheckScheduledScan.exe
File opened for modification	C:\Windows\Tasks\DriverNavigator Scheduled Scan.job	Easeware.CheckScheduledScan.exe

Executes dropped EXE 4 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpEaseware.CheckScheduledScan.exeEaseware.ConfigLanguageFromSetup.exeDriverNavigator.exe

pid	process
3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
2376	Easeware.CheckScheduledScan.exe
3712	Easeware.ConfigLanguageFromSetup.exe
3516	DriverNavigator.exe

Loads dropped DLL 1 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

pid process

3664 b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4828 3516 WerFault.exe DriverNavigator.exe
4512 3516 WerFault.exe DriverNavigator.exe

pid	pid_target	process	target process
4828	3516	WerFault.exe	DriverNavigator.exe
4512	3516	WerFault.exe	DriverNavigator.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriverNavigator.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DriverNavigator.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverNavigator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DriverNavigator.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DriverNavigator.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

DriverNavigator.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate DriverNavigator.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate	DriverNavigator.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpDriverNavigator.exe

pid	process
3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
3516	DriverNavigator.exe
3516	DriverNavigator.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DriverNavigator.exe

description pid process

Token: SeDebugPrivilege 3516 DriverNavigator.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmpDriverNavigator.exe

pid process

3664 b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
3516 DriverNavigator.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

DriverNavigator.exe

pid process

3516 DriverNavigator.exe

description	pid	process
Token: SeDebugPrivilege	3516	DriverNavigator.exe

pid	process
3516	DriverNavigator.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exeb179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp

description	pid	process	target process
PID 3140 wrote to memory of 3664	3140	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 3140 wrote to memory of 3664	3140	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 3140 wrote to memory of 3664	3140	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
PID 3664 wrote to memory of 2376	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 3664 wrote to memory of 2376	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.CheckScheduledScan.exe
PID 3664 wrote to memory of 3712	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 3664 wrote to memory of 3712	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	Easeware.ConfigLanguageFromSetup.exe
PID 3664 wrote to memory of 3516	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe
PID 3664 wrote to memory of 3516	3664	b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp	DriverNavigator.exe

C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe
"C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3140

C:\Users\Admin\AppData\Local\Temp\is-35MDK.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-35MDK.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp" /SL5="$A005E,1711512,119296,C:\Users\Admin\AppData\Local\Temp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3664

C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
"C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe" -create "DriverNavigator Scheduled Scan" "C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe"
3⤵
- Drops file in Windows directory
- Executes dropped EXE
PID:2376

C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
"C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe" DriverNavigator en
3⤵
- Executes dropped EXE
PID:3712

C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
"C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe"
3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3516 -s 1956
4⤵
- Program crash
PID:4828

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3516 -s 1920
4⤵
- Program crash
PID:4512

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 3516 -ip 3516
1⤵
PID:1424

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 3516 -ip 3516
1⤵
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Filesize
1.7MB

MD5
cdaa56ed59fec7b7523603c525629169

SHA1
a7417b8279c4007917fb85492f65ae5696d412ee

SHA256
b871de9185f9486927b7352906bc269bb9e8e92f6a3cef45a6b4c950e88c19be

SHA512
a40b3f3eb13e79a78916efd716dcc27447a9eb4c9b7f4b6788592eb7848e631a27e3095697fc1f209065fb7fbc9a8601e9b4748c59580c0a15916e966a583387

Download Submit
C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
Filesize
38KB

MD5
eda7bfc015c8b0d64021caec2c1b5fce

SHA1
38c477e84334d85f8db61d5dd5d622d30e99c0f5

SHA256
d31125d698dc5cf3e41538cfcf0f0bc4cedec57972a10a8fe76e16504716f423

SHA512
d98e817ac514833ad85f6867d9e15c87ff6fa9d664beb6440c5a0f3a1bd79814090907986402b23b6ed2c9e23f7afb0127e464c5b39cc845b44361c4b03649b4

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe
Filesize
38KB

MD5
eda7bfc015c8b0d64021caec2c1b5fce

SHA1
38c477e84334d85f8db61d5dd5d622d30e99c0f5

SHA256
d31125d698dc5cf3e41538cfcf0f0bc4cedec57972a10a8fe76e16504716f423

SHA512
d98e817ac514833ad85f6867d9e15c87ff6fa9d664beb6440c5a0f3a1bd79814090907986402b23b6ed2c9e23f7afb0127e464c5b39cc845b44361c4b03649b4

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.CheckScheduledScan.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
Filesize
15KB

MD5
b673942c9e7be455877caf4071198fb7

SHA1
48db6875724c1b804bf289e41ff23cd5b087de8c

SHA256
f3b1405f197314676e1c1d612bffe69cc64ebaf09d56c12cea7583f4e82c5605

SHA512
762ec6226d0118e4eac50445a8273697b4934838b6ee761cac5fdf8f6aca6c9f87cf18c95acb5a44996bad26505e023a995edd78c6b8a2f728a4858e58dc00bc

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe
Filesize
15KB

MD5
b673942c9e7be455877caf4071198fb7

SHA1
48db6875724c1b804bf289e41ff23cd5b087de8c

SHA256
f3b1405f197314676e1c1d612bffe69cc64ebaf09d56c12cea7583f4e82c5605

SHA512
762ec6226d0118e4eac50445a8273697b4934838b6ee761cac5fdf8f6aca6c9f87cf18c95acb5a44996bad26505e023a995edd78c6b8a2f728a4858e58dc00bc

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.ConfigLanguageFromSetup.exe.config
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Backup.dll
Filesize
55KB

MD5
fab2103f448822789eae0255dd274a18

SHA1
4eab0afd585bf6d9f9cdf0a202c185087c6c5bbe

SHA256
a2ec0b800f86bf508ed18ca791b64030b33a31958fc93e7d77fe4a901676d169

SHA512
1ae222963231fe526a5330fdc2c7a7c6e251241ea019063d7d7061741c8823fd93a7fbcdd4d315823fd71fcb6e940fbba65ae93283572ad47171b641bb2ac21f

Download Submit
C:\Program Files\Easeware\DriverNavigator\Easeware.Driver.Core.dll
Filesize
512KB

MD5
67dd0575309dbe0554843454d36c023c

SHA1
8f135bbf6ab8a2602ba53139bb0d5768845e17af

SHA256
8de43ffd41f45b27037d678ed82abdbd1529953b3f52e0932f2ae9779c7a0a79

SHA512
19b354c9d2e620b6ffa40e93ba954713655b9deed4b12ca0e39031766db7b9de418cbd36cb5e8c0d3495a9ed13b1964bad41dd8ad9a37a4e50ce9e8f08651c61

Download Submit
C:\Program Files\Easeware\DriverNavigator\is-9VTUN.tmp
Filesize
1KB

MD5
357195ceb812beb8702453e21728d0b1

SHA1
06b2a12be50d2d3b0c7e8b52211237cb2ba563c5

SHA256
12a8b7a1e3fd311ca61042456f20cbb3ef06cabc113c6308c4eded25b449085c

SHA512
037f08821398d97eaf6e4cf1d15581a5caaae6a49123649e926b6e1bf6293ece3a7e492827c50624f98666b201725e12795b2397173fbc3ccfda745622aae4a5

Download Submit
C:\Program Files\Easeware\DriverNavigator\unins000.exe
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-35MDK.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-35MDK.tmp\b179ef5a6843e1f06aae36222088cc4db3f604db4e7e1b6bb58fd36500b5d3b3.tmp
Filesize
1.1MB

MD5
66fcbe441c7c36fedb02075e17379a6f

SHA1
b0f4a88ab357a0c5eee66b3c251c60eae58fad7d

SHA256
2d7bf1a7686eadcb3ee33f4d4a46d7b30dcaf1dc9c0789bfdaa21cc49b64f874

SHA512
78f1ec5c890b6a6a54e6ce99f5d4cd0ec57162b35e46450d786678e77a7f336955894120d8d1d1d8c3c9a405155de91da30d163e934a9068f1a83442d6d735b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HA2LJ.tmp\isxdl.dll
Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverNavigator\partner.xml
Filesize
164B

MD5
ed07de6aed0ce8a248c8afab56acf572

SHA1
293e35673ebadfb1a6a041864f275c40a3a7aa48

SHA256
b5506812ccf31c9b686bda14f9d3427e6e9412c478701bf9bfa4cff52ff5f3eb

SHA512
373049bcd6c942e24a735e35e819926f693be14d8581cb7d38cc5fbe789d42c6b32efdb175a9e01dade38f46885c4de991b4f6e438069a1aead6d1490c900228

Download Submit
C:\Users\Admin\AppData\Roaming\Easeware\DriverNavigator\settings.dat
Filesize
542B

MD5
44123b8581c3286e939ce90e43e6c1f4

SHA1
affb439b03fd3564214fd0bf4850c9c6a84187dd

SHA256
e0bf73c072ef5354fac0614ce8acf78c3845679f561d9d35586f2557f6afbe41

SHA512
6b6b2cdec941ece374ca103483880c7346ef93b063e9d114f2e6ed204c8eaea57cdcc657071d27b34eb5a7c1db1f287e0969fdc2611b5f1b1995f780af40ba2f

Download Submit
memory/2376-266-0x0000000000C80000-0x0000000000C8E000-memory.dmp

Filesize
56KB

Download
memory/3140-133-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3140-290-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3140-149-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3516-285-0x000000001B640000-0x000000001B650000-memory.dmp

Filesize
64KB

Download
memory/3516-283-0x00000000006D0000-0x000000000087A000-memory.dmp

Filesize
1.7MB

Download
memory/3516-291-0x000000001B640000-0x000000001B650000-memory.dmp

Filesize
64KB

Download
memory/3516-292-0x000000001B640000-0x000000001B650000-memory.dmp

Filesize
64KB

Download
memory/3516-294-0x000000001FB30000-0x000000001FB42000-memory.dmp

Filesize
72KB

Download
memory/3516-295-0x000000001BBD0000-0x000000001BD79000-memory.dmp

Filesize
1.7MB

Download
memory/3664-139-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/3664-150-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/3664-289-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/3664-151-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/3664-157-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/3712-276-0x0000000002B20000-0x0000000002BA4000-memory.dmp

Filesize
528KB

Download
memory/3712-274-0x00000000008C0000-0x00000000008C8000-memory.dmp

Filesize
32KB

Download