Overview

overview

8

Static

static

1

Docs/THA/adaptusr.htm

windows7-x64

1

Docs/THA/adaptusr.htm

windows10-2004-x64

1

Docs/THA/index.htm

windows7-x64

1

Docs/THA/index.htm

windows10-2004-x64

1

Docs/THA/regs.htm

windows7-x64

1

Docs/THA/regs.htm

windows10-2004-x64

1

Docs/THA/specs.htm

windows7-x64

1

Docs/THA/specs.htm

windows10-2004-x64

1

Docs/THA/support.htm

windows7-x64

1

Docs/THA/support.htm

windows10-2004-x64

1

Docs/THA/warranty.htm

windows7-x64

1

Docs/THA/warranty.htm

windows10-2004-x64

1

Docs/TRK/adaptusr.htm

windows7-x64

1

Docs/TRK/adaptusr.htm

windows10-2004-x64

1

Docs/TRK/index.htm

windows7-x64

1

Docs/TRK/index.htm

windows10-2004-x64

1

Docs/TRK/regs.htm

windows7-x64

1

Docs/TRK/regs.htm

windows10-2004-x64

1

Docs/TRK/specs.htm

windows7-x64

1

Docs/TRK/specs.htm

windows10-2004-x64

1

Docs/TRK/support.htm

windows7-x64

1

Docs/TRK/support.htm

windows10-2004-x64

1

Docs/TRK/warranty.htm

windows7-x64

1

Docs/TRK/warranty.htm

windows10-2004-x64

1

Docs/releasenotes.htm

windows7-x64

1

Docs/releasenotes.htm

windows10-2004-x64

1

Install Up...e).url

windows7-x64

1

Install Up...e).url

windows10-2004-x64

1

Local/Win6...st.bat

windows7-x64

8

Local/Win6...st.bat

windows10-2004-x64

8

Local/Win6...st.bat

windows7-x64

1

Local/Win6...st.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2023, 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Local/Win64/Tools/Diagnostics/ETW/Driver/RegisterCustomerManifest.bat

  • Size

    428B

  • MD5

    f5314a68e0060772e6f2233ba7c278bb

  • SHA1

    e7371fb3bb37f18a01258b2b52247db7ee09c078

  • SHA256

    ea1fe0bc9b01d26db4c8ab0a16df54a1812e0f74efb00389f7cc5f4fbd443a0e

  • SHA512

    002ffb080b173c68cc5eaa9f534034ff7bcafcdd78d31dc175c09be8d7c1a4c6ab06d55f1bb2b297085f68a9c20633ff56dc61192d55694e44289087596cc49a

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Local\Win64\Tools\Diagnostics\ETW\Driver\RegisterCustomerManifest.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Windows\system32\wevtutil.exe
      wevtutil um WlanDriverEventsCustomer.man
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3668
    • C:\Windows\system32\xcopy.exe
      xcopy ..\..\RESOURCES\IntelWiFiDriverEtw_driver_customer.dll C:\Windows\system32\drivers\ /Y /I
      2⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      PID:448
    • C:\Windows\system32\wevtutil.exe
      wevtutil im WlanDriverEventsCustomer.man /rf:C:\Windows\system32\drivers\IntelWiFiDriverEtw_driver_customer.dll /mf:C:\Windows\system32\drivers\IntelWiFiDriverEtw_driver_customer.dll
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system32\drivers\IntelWiFiDriverEtw_driver_customer.dll
    Filesize

    36KB

    MD5

    d8d17f379acff08eb8f5dcd596a791eb

    SHA1

    9975b8183e054f9e3e83750429e45d2ae1d4c15f

    SHA256

    af39831be318e6e663886d44ad321d3dbe0414b92aff867c4bc870ae99eaea65

    SHA512

    ce8d9c4d99ae8393da303877c35e707ff2ae2894165d6138d4cbfccd70abfa2f39fc0a220a9652a7a72b282018c7741b07e8ed3825e27a474cc8213a610b0dfa

    Download Submit