Overview

overview

5

Static

static

3

Lan Adapto...up.exe

windows7-x64

5

Lan Adapto...up.exe

windows10-2004-x64

5

Lan Adapto...IC.exe

windows7-x64

Lan Adapto...IC.exe

windows10-2004-x64

Lan Adapto...64.exe

windows7-x64

Lan Adapto...64.exe

windows10-2004-x64

Analysis

  • max time kernel
    260s
  • max time network
    269s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2023 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lan Adaptor/CH9152DRV/PSetup.exe

  • Size

    6KB

  • MD5

    bc0b5f20a2dd4e96084d7604cdb6aec5

  • SHA1

    c78246bbd5fd00ae6b0b867d9be7a76cdc70d075

  • SHA256

    a290256623a01ed19f5b05f45017e3cadac2e246476f86ac08bd61d8fcc4fb2d

  • SHA512

    684a765ba893a41b847c60b1cd5e2e4d6836a506af6ea8782256432065e9b509934edaa345becfb4702dbe88cfc16d8b2bbea189c264355fc5713137ea724ae0

  • SSDEEP

    96:tDqqr/Z8l9fgmuTV9TexmtIAKyPtboynh0GFQ+xX+vqp:tDqeZ8l9fg/TzIALP1oynhbQ23

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 15 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies data under HKEY_USERS 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV\PSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV\PSetup.exe"
    1⤵
    • Drops file in Windows directory
    PID:4164
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a0428902-68e5-fe42-85c8-ba38313e8b5f}\WCHUSBNIC.INF" "9" "4edb606f7" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:1976
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:60

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\{A0428~1\WCHUSBNIC.CAT
      Filesize

      12KB

      MD5

      e673c56519d4a7dacb6234355e9c017b

      SHA1

      cf4b61c6808c11ef1d4b2d0a0f2ac4e5a50ceb51

      SHA256

      30c19a3e7e65b79646ccc479b1a54d1b2e17058bea90a59c8e8ced4522c1f3ae

      SHA512

      1a0867a5bfa3219da4ca5f4e6de3dd2e5a1b2435dbaf78847f62a700bf5e3dc80d1cc07e02c9856ee627817bc3a39e47e801d2293275afc11c0708d6e9426007

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{A0428~1\WCHUSBNICA64.sys
      Filesize

      59KB

      MD5

      a41beaa61247e9864ab666025c820d1b

      SHA1

      57b29779767a6d7dd180514be84285489b43e42b

      SHA256

      f7740bd11e8c6688c7142fb8ded05197f38feef249cbc33434ffbc83925ef4c5

      SHA512

      518401a96ab52ffcc63c06a2e392ef4ba4bf516bdd43ee3de05b611b71932b33f08e24619ec8f9664fd040ce3cbdf82fe0b19800220869dfc599806b5de83c81

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{a0428902-68e5-fe42-85c8-ba38313e8b5f}\WCHUSBNIC.INF
      Filesize

      15KB

      MD5

      da8885e49970cb971221ac59d0234ac3

      SHA1

      c6ab9b14d5e69aee4427d517897b66d8a5293987

      SHA256

      b790b2442ab3a40d87247d9d70e37220f8914075d4af300afbb725159ab830ee

      SHA512

      5dbd3f3c248f10125dec7485f796d70864bf314d52f1d2ef3438c893e6a4e5fda35aee9eede7fe6bb40107d48e037a7e14740974546f9620c0aa52478efbe5c4

      Download Submit

    • C:\Windows\System32\DriverStore\Temp\{b9c10b59-6f05-4d4c-92d7-1bdacc6f3447}\SET6031.tmp
      Filesize

      59KB

      MD5

      a41beaa61247e9864ab666025c820d1b

      SHA1

      57b29779767a6d7dd180514be84285489b43e42b

      SHA256

      f7740bd11e8c6688c7142fb8ded05197f38feef249cbc33434ffbc83925ef4c5

      SHA512

      518401a96ab52ffcc63c06a2e392ef4ba4bf516bdd43ee3de05b611b71932b33f08e24619ec8f9664fd040ce3cbdf82fe0b19800220869dfc599806b5de83c81

      Download Submit

    • C:\Windows\System32\DriverStore\Temp\{b9c10b59-6f05-4d4c-92d7-1bdacc6f3447}\SET6032.tmp
      Filesize

      12KB

      MD5

      e673c56519d4a7dacb6234355e9c017b

      SHA1

      cf4b61c6808c11ef1d4b2d0a0f2ac4e5a50ceb51

      SHA256

      30c19a3e7e65b79646ccc479b1a54d1b2e17058bea90a59c8e8ced4522c1f3ae

      SHA512

      1a0867a5bfa3219da4ca5f4e6de3dd2e5a1b2435dbaf78847f62a700bf5e3dc80d1cc07e02c9856ee627817bc3a39e47e801d2293275afc11c0708d6e9426007

      Download Submit

    • C:\Windows\System32\DriverStore\Temp\{b9c10b59-6f05-4d4c-92d7-1bdacc6f3447}\SET6052.tmp
      Filesize

      15KB

      MD5

      da8885e49970cb971221ac59d0234ac3

      SHA1

      c6ab9b14d5e69aee4427d517897b66d8a5293987

      SHA256

      b790b2442ab3a40d87247d9d70e37220f8914075d4af300afbb725159ab830ee

      SHA512

      5dbd3f3c248f10125dec7485f796d70864bf314d52f1d2ef3438c893e6a4e5fda35aee9eede7fe6bb40107d48e037a7e14740974546f9620c0aa52478efbe5c4

      Download Submit