Overview

overview

8

Static

static

1

Docs/THA/adaptusr.htm

windows7-x64

1

Docs/THA/adaptusr.htm

windows10-2004-x64

1

Docs/THA/index.htm

windows7-x64

1

Docs/THA/index.htm

windows10-2004-x64

1

Docs/THA/regs.htm

windows7-x64

1

Docs/THA/regs.htm

windows10-2004-x64

1

Docs/THA/specs.htm

windows7-x64

1

Docs/THA/specs.htm

windows10-2004-x64

1

Docs/THA/support.htm

windows7-x64

1

Docs/THA/support.htm

windows10-2004-x64

1

Docs/THA/warranty.htm

windows7-x64

1

Docs/THA/warranty.htm

windows10-2004-x64

1

Docs/TRK/adaptusr.htm

windows7-x64

1

Docs/TRK/adaptusr.htm

windows10-2004-x64

1

Docs/TRK/index.htm

windows7-x64

1

Docs/TRK/index.htm

windows10-2004-x64

1

Docs/TRK/regs.htm

windows7-x64

1

Docs/TRK/regs.htm

windows10-2004-x64

1

Docs/TRK/specs.htm

windows7-x64

1

Docs/TRK/specs.htm

windows10-2004-x64

1

Docs/TRK/support.htm

windows7-x64

1

Docs/TRK/support.htm

windows10-2004-x64

1

Docs/TRK/warranty.htm

windows7-x64

1

Docs/TRK/warranty.htm

windows10-2004-x64

1

Docs/releasenotes.htm

windows7-x64

1

Docs/releasenotes.htm

windows10-2004-x64

1

Install Up...e).url

windows7-x64

1

Install Up...e).url

windows10-2004-x64

1

Local/Win6...st.bat

windows7-x64

8

Local/Win6...st.bat

windows10-2004-x64

8

Local/Win6...st.bat

windows7-x64

1

Local/Win6...st.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2023, 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Local/Win64/Tools/Diagnostics/ETW/Driver/RegisterCustomerManifest.bat

  • Size

    428B

  • MD5

    f5314a68e0060772e6f2233ba7c278bb

  • SHA1

    e7371fb3bb37f18a01258b2b52247db7ee09c078

  • SHA256

    ea1fe0bc9b01d26db4c8ab0a16df54a1812e0f74efb00389f7cc5f4fbd443a0e

  • SHA512

    002ffb080b173c68cc5eaa9f534034ff7bcafcdd78d31dc175c09be8d7c1a4c6ab06d55f1bb2b297085f68a9c20633ff56dc61192d55694e44289087596cc49a

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Local\Win64\Tools\Diagnostics\ETW\Driver\RegisterCustomerManifest.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Windows\system32\wevtutil.exe
      wevtutil um WlanDriverEventsCustomer.man
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3068
    • C:\Windows\system32\xcopy.exe
      xcopy ..\..\RESOURCES\IntelWiFiDriverEtw_driver_customer.dll C:\Windows\system32\drivers\ /Y /I
      2⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      PID:1440
    • C:\Windows\system32\wevtutil.exe
      wevtutil im WlanDriverEventsCustomer.man /rf:C:\Windows\system32\drivers\IntelWiFiDriverEtw_driver_customer.dll /mf:C:\Windows\system32\drivers\IntelWiFiDriverEtw_driver_customer.dll
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads