Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18-08-2023 10:42
Static task
static1
Behavioral task
behavioral1
Sample
Setup_DriverDoc_2022.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Setup_DriverDoc_2022.exe
Resource
win10v2004-20230703-en
General
-
Target
Setup_DriverDoc_2022.exe
-
Size
6.0MB
-
MD5
c65a354ac28f2f45c7ca8a38e4f778d6
-
SHA1
42d84f6be5cfa1503dc7bd8275073872d71a4fc0
-
SHA256
396cb9e17c57f09c4afab97f91e72011e3f115b15e764c39d26473d92fe2c45e
-
SHA512
7acba2651fb1378a97c47ce6723808235ddd74d2cb736f5fb6f28a241f3b33188e9a511c6be2eb3ca8e7cad68c05a76a0c853edc5a417a16aacd5c0388950017
-
SSDEEP
98304:KSi1jH0UJukUYMwioEgGU9KM+ZFNIO05p0oO2gz8+fyTx:MUvkUMiij9KM+7Npc0R4+KTx
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Setup_DriverDoc_2022.tmppid process 1456 Setup_DriverDoc_2022.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Setup_DriverDoc_2022.exedescription pid process target process PID 4056 wrote to memory of 1456 4056 Setup_DriverDoc_2022.exe Setup_DriverDoc_2022.tmp PID 4056 wrote to memory of 1456 4056 Setup_DriverDoc_2022.exe Setup_DriverDoc_2022.tmp PID 4056 wrote to memory of 1456 4056 Setup_DriverDoc_2022.exe Setup_DriverDoc_2022.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Users\Admin\AppData\Local\Temp\is-9QVA4.tmp\Setup_DriverDoc_2022.tmp"C:\Users\Admin\AppData\Local\Temp\is-9QVA4.tmp\Setup_DriverDoc_2022.tmp" /SL5="$80064,5347251,879104,C:\Users\Admin\AppData\Local\Temp\Setup_DriverDoc_2022.exe"2⤵
- Executes dropped EXE
PID:1456
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5d70a98daf7a810ee18ce451ec673e399
SHA1274dff37313f3fbdf82dfc4afd94582359b79fee
SHA2569621346beee2a257b1966b6dc3f1f850d54ae0746bf1718d35c966649ac9b340
SHA512a246aa8979a7bc1a8ae6d1c5ac637939e7ab3380484cb78a3fc98fe9ceccb51cb5d6dfe787ece6bb1420450741c0734a049849dac7242679b8660e71acf00e60