2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6

Analysis

max time kernel
107s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-06-2023 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverToolkitInstaller.exe
Size

2.3MB
MD5

ade449592745b54724fa70ec488b99fd
SHA1

9aa32c2a67da99465f6b4c8c88cd52b109a243c4
SHA256

2097cfcef072f6b12370139d94a171073df2255807c01ad6d747f0d24a190aa6
SHA512

9675264caea44f30c035013f617591679b0802f8d7bc552b0091b944720db67ebc7ec3d1e9536ba7f13dcb07ef591d20e5c063de6e3979540c34d2b0963156ed
SSDEEP

49152:khg3LcSpYqQLyUf42fy6A4OeOqdAIjtYKmbaS/0GfVfcDi9r:JLcSpd8yEzvPlK1JODiN

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2040	DriverToolkitInstaller.tmp
1780	DriverToolkit.exe

Loads dropped DLL 10 IoCs

pid	Process
1368	DriverToolkitInstaller.exe
2040	DriverToolkitInstaller.tmp
2040	DriverToolkitInstaller.tmp
2040	DriverToolkitInstaller.tmp
2040	DriverToolkitInstaller.tmp
2040	DriverToolkitInstaller.tmp
1780	DriverToolkit.exe
1780	DriverToolkit.exe
1780	DriverToolkit.exe
1780	DriverToolkit.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DriverToolkit\is-22M5K.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-GD42Q.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\unins000.dat	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\msvcr100.dll	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\zlibwapi.dll	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\DPInst32.exe	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-7UJSQ.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-J429U.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-CF86E.tmp	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\DPInst64.exe	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\RemoveDT.exe	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-RU1B2.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-6VIBG.tmp	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\unins000.dat	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\extract.exe	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\network.dll	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\7z.dll	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-L2DP6.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-LO7AF.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-TGJJU.tmp	DriverToolkitInstaller.tmp
File created	C:\Program Files (x86)\DriverToolkit\is-8NOP5.tmp	DriverToolkitInstaller.tmp
File opened for modification	C:\Program Files (x86)\DriverToolkit\msvcp100.dll	DriverToolkitInstaller.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2040	DriverToolkitInstaller.tmp
2040	DriverToolkitInstaller.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2040	DriverToolkitInstaller.tmp
1780	DriverToolkit.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1780	DriverToolkit.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 1368 wrote to memory of 2040	1368	DriverToolkitInstaller.exe	28
PID 2040 wrote to memory of 1780	2040	DriverToolkitInstaller.tmp	30
PID 2040 wrote to memory of 1780	2040	DriverToolkitInstaller.tmp	30
PID 2040 wrote to memory of 1780	2040	DriverToolkitInstaller.tmp	30
PID 2040 wrote to memory of 1780	2040	DriverToolkitInstaller.tmp	30

C:\Users\Admin\AppData\Local\Temp\DriverToolkitInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\DriverToolkitInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\is-RJD4T.tmp\DriverToolkitInstaller.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RJD4T.tmp\DriverToolkitInstaller.tmp" /SL5="$80022,2034942,134144,C:\Users\Admin\AppData\Local\Temp\DriverToolkitInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    "C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Filesize
1.2MB

MD5
b35bcdc8758f44bb092590d92a8e744c

SHA1
ed9f80437bd8c6de9a5d5969432574711d054eaa

SHA256
a32a89ecbe1047c8644acbc85bb5306dfb9abcb8213e8c5253e68b196093a53a

SHA512
afa694298870d736d44f99707e0b69f42e3f423c345e44d4ad089ad6295296b18a1a0bcbf2110ef244045983e797b862f8576d5fc63c4e64d86aa03737049516

Download Submit
C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Filesize
1.2MB

MD5
b35bcdc8758f44bb092590d92a8e744c

SHA1
ed9f80437bd8c6de9a5d5969432574711d054eaa

SHA256
a32a89ecbe1047c8644acbc85bb5306dfb9abcb8213e8c5253e68b196093a53a

SHA512
afa694298870d736d44f99707e0b69f42e3f423c345e44d4ad089ad6295296b18a1a0bcbf2110ef244045983e797b862f8576d5fc63c4e64d86aa03737049516

Download Submit
C:\Program Files (x86)\DriverToolkit\MSVCP100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Program Files (x86)\DriverToolkit\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\DriverToolkit\network.dll

Filesize
187KB

MD5
0596b14e74b80af026915b15276eee59

SHA1
7c2d01ed093039be7e25307dd1fda12ee4ecd0b9

SHA256
f13fbad53d5f392c2fc6361003da7127d57d6a6b2a10113e3b1247251f0b7898

SHA512
ad74c3637cfca02effa31aaeafdad1671d15d0cd776cd5fdc0d0b41a83984ab6b9c8b2b13bf67b239b4ec99412579a529245b2424f7826194e43b4fb8235efec

Download Submit
C:\Program Files (x86)\DriverToolkit\zlibwapi.dll

Filesize
90KB

MD5
f59ad5e4b0cc94ae0089f633df6bb0cf

SHA1
9862043ab406a84ee88dfe619c42f1bc55a1d983

SHA256
86560fbce53b50200dc26f55de0c73d36f2cdba6533ce581232f4b6c1033c81d

SHA512
c1ac9c30a632fdb9d7ef8a5ad31d7426f701cfaec88e95120f20dd9075876df229ae5de0ffd17f651f6c50da6d00287215675eb810917034310a99bb994e6d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RJD4T.tmp\DriverToolkitInstaller.tmp

Filesize
1.1MB

MD5
4fec953b2903ca1dc503a08db5dfd8b7

SHA1
4d1ae35ce801b19abe2ffa48c972a6c416b92644

SHA256
25a03caed8ced6b4aff82ac86106bf1401f6c780c7719d821e8b44c2b7496680

SHA512
1baf114e41190c4acf436d39ae3db424f9fafb64a0219a580a33f70f5c24e117710830f29a6c2b06c977055644d764c83820e55d49c8d49d0a894e6ab133a85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RJD4T.tmp\DriverToolkitInstaller.tmp

Filesize
1.1MB

MD5
4fec953b2903ca1dc503a08db5dfd8b7

SHA1
4d1ae35ce801b19abe2ffa48c972a6c416b92644

SHA256
25a03caed8ced6b4aff82ac86106bf1401f6c780c7719d821e8b44c2b7496680

SHA512
1baf114e41190c4acf436d39ae3db424f9fafb64a0219a580a33f70f5c24e117710830f29a6c2b06c977055644d764c83820e55d49c8d49d0a894e6ab133a85a

Download Submit
\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Filesize
1.2MB

MD5
b35bcdc8758f44bb092590d92a8e744c

SHA1
ed9f80437bd8c6de9a5d5969432574711d054eaa

SHA256
a32a89ecbe1047c8644acbc85bb5306dfb9abcb8213e8c5253e68b196093a53a

SHA512
afa694298870d736d44f99707e0b69f42e3f423c345e44d4ad089ad6295296b18a1a0bcbf2110ef244045983e797b862f8576d5fc63c4e64d86aa03737049516

Download Submit
\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Filesize
1.2MB

MD5
b35bcdc8758f44bb092590d92a8e744c

SHA1
ed9f80437bd8c6de9a5d5969432574711d054eaa

SHA256
a32a89ecbe1047c8644acbc85bb5306dfb9abcb8213e8c5253e68b196093a53a

SHA512
afa694298870d736d44f99707e0b69f42e3f423c345e44d4ad089ad6295296b18a1a0bcbf2110ef244045983e797b862f8576d5fc63c4e64d86aa03737049516

Download Submit
\Program Files (x86)\DriverToolkit\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
\Program Files (x86)\DriverToolkit\msvcr100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
\Program Files (x86)\DriverToolkit\network.dll

Filesize
187KB

MD5
0596b14e74b80af026915b15276eee59

SHA1
7c2d01ed093039be7e25307dd1fda12ee4ecd0b9

SHA256
f13fbad53d5f392c2fc6361003da7127d57d6a6b2a10113e3b1247251f0b7898

SHA512
ad74c3637cfca02effa31aaeafdad1671d15d0cd776cd5fdc0d0b41a83984ab6b9c8b2b13bf67b239b4ec99412579a529245b2424f7826194e43b4fb8235efec

Download Submit
\Program Files (x86)\DriverToolkit\unins000.exe

Filesize
1.2MB

MD5
b1d6153b48e44d135fe52764dfbf9ee5

SHA1
70d81552cce6295120d956b3a93958dd8ace9dd1

SHA256
50869791dc0b586891f406ef19f89a90041dd7c8458ba68622a24f834fe2d0da

SHA512
8bcf4eac7158dfb33674691edb1c6ca286cb1010b8ef3fd12ddaeaf6be9e707e6ecc4dddd1426648e1193b436bab25d30a1c6607b2197d8944d6767ad8c187fc

Download Submit
\Program Files (x86)\DriverToolkit\zlibwapi.dll

Filesize
90KB

MD5
f59ad5e4b0cc94ae0089f633df6bb0cf

SHA1
9862043ab406a84ee88dfe619c42f1bc55a1d983

SHA256
86560fbce53b50200dc26f55de0c73d36f2cdba6533ce581232f4b6c1033c81d

SHA512
c1ac9c30a632fdb9d7ef8a5ad31d7426f701cfaec88e95120f20dd9075876df229ae5de0ffd17f651f6c50da6d00287215675eb810917034310a99bb994e6d6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-EE1J5.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-EE1J5.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-RJD4T.tmp\DriverToolkitInstaller.tmp

Filesize
1.1MB

MD5
4fec953b2903ca1dc503a08db5dfd8b7

SHA1
4d1ae35ce801b19abe2ffa48c972a6c416b92644

SHA256
25a03caed8ced6b4aff82ac86106bf1401f6c780c7719d821e8b44c2b7496680

SHA512
1baf114e41190c4acf436d39ae3db424f9fafb64a0219a580a33f70f5c24e117710830f29a6c2b06c977055644d764c83820e55d49c8d49d0a894e6ab133a85a

Download Submit
memory/1368-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1368-54-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1368-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1780-139-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2040-73-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-67-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2040-69-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-71-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-124-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-137-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-77-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2040-81-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download