a146cf8b84d5e38a583fa9a69b922d2b6c78f55a995a0447b34a88c6f2449af3

Resubmissions

18/09/2023, 14:36

230918-ryk55ahh5y 7

18/09/2023, 14:30

230918-rt4fxacb59 5

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18/09/2023, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver_booster_setup.exe
Size

29.1MB
MD5

176d5e834d6e8588b77b4f9f039297e8
SHA1

ede5a8e6ea191eb41f38b7c3609a8b9e3d71c3f3
SHA256

a146cf8b84d5e38a583fa9a69b922d2b6c78f55a995a0447b34a88c6f2449af3
SHA512

1a6d2e44ec18e701370e62fb70096ada429bb89897ef93d611c7b550517d2285079f6b9dd0969ff445d23a1fa63ffb1c3b3777e0a1e11e86acd5d8cd8d90e57c
SSDEEP

786432:UNuGPNGtIg+Wmt5f5oC7qz09Logz14lbgZw:UNusGCFWmLf5oAZzalx

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2592	driver_booster_setup.tmp
2712	setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2256	driver_booster_setup.exe
2592	driver_booster_setup.tmp
2592	driver_booster_setup.tmp
2592	driver_booster_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2592	driver_booster_setup.tmp
2592	driver_booster_setup.tmp
2712	setup.exe
2712	setup.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2592	driver_booster_setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2712	setup.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2256 wrote to memory of 2592	2256	driver_booster_setup.exe	28
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29
PID 2592 wrote to memory of 2712	2592	driver_booster_setup.tmp	29

C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe
"C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\is-529HG.tmp\driver_booster_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-529HG.tmp\driver_booster_setup.tmp" /SL5="$90154,29778900,139264,C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe" "C:\Users\Admin\AppData\Local\Temp\driver_booster_setup.exe" /title="Driver Booster 11" /dbver=11.0.0.21 /eula="C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\EULA.rtf" /showlearnmore /pmtproduct /nochromepmt
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\IObit\iobitpromotion.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\1695047429\ENGLISH.lng

Filesize
24KB

MD5
6265a3d8b6ea027b596c0c6e9afd5c38

SHA1
4502ff9bccfcbee6d6fc5d65e5381288f2d9f3a0

SHA256
193facd48ea0e183c7825c5efa2638c594cb73d9b40a1505a5ce14b478c6fb2e

SHA512
54b3492a3f4bfaf9f6b02b6d95710a5f7b0b8ef1078623ea77303f253bd0e1d44dad3e725afe0afa12a433b21b8d0cfea55c0214bf09213de7a3cebbf78fd8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\appver-ac.ini

Filesize
852B

MD5
d9ce701424b850ef8ae544e661868110

SHA1
a78819b10dafb4fc4334b5401c1d55b6f1c75aeb

SHA256
900670772ad4957ec82d45eea253fde657452ad709eb3f477559e1cd0f76995f

SHA512
95572ca0bbf91c39b6c2bdd1d9f5bf0e42da6fd83e06ded16c1b823e87b6664ed71ea026f3decd402b89f5a94f1af4760fd38548a8d6e2ec2d72141bbfe09af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
e17fcb38300501b2285179b0b1ace9b1

SHA1
584e0db0709cc6e0239f15f9ca145b2954af8a7d

SHA256
8cc6c79137b3f203ebf70f485d581fcc39d677f978b7dd821eca5194b85f6480

SHA512
d1a3849d397a50ce5862b62d9eb8115434933a79eb88dee64a1f4f03bd9eb9091ff3d25b592b04b42ef1354bc115470563d9a013f85407da91d1f511bc687921

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
e17fcb38300501b2285179b0b1ace9b1

SHA1
584e0db0709cc6e0239f15f9ca145b2954af8a7d

SHA256
8cc6c79137b3f203ebf70f485d581fcc39d677f978b7dd821eca5194b85f6480

SHA512
d1a3849d397a50ce5862b62d9eb8115434933a79eb88dee64a1f4f03bd9eb9091ff3d25b592b04b42ef1354bc115470563d9a013f85407da91d1f511bc687921

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
e17fcb38300501b2285179b0b1ace9b1

SHA1
584e0db0709cc6e0239f15f9ca145b2954af8a7d

SHA256
8cc6c79137b3f203ebf70f485d581fcc39d677f978b7dd821eca5194b85f6480

SHA512
d1a3849d397a50ce5862b62d9eb8115434933a79eb88dee64a1f4f03bd9eb9091ff3d25b592b04b42ef1354bc115470563d9a013f85407da91d1f511bc687921

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-529HG.tmp\driver_booster_setup.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp-dbinst\setup.exe

Filesize
5.8MB

MD5
e17fcb38300501b2285179b0b1ace9b1

SHA1
584e0db0709cc6e0239f15f9ca145b2954af8a7d

SHA256
8cc6c79137b3f203ebf70f485d581fcc39d677f978b7dd821eca5194b85f6480

SHA512
d1a3849d397a50ce5862b62d9eb8115434933a79eb88dee64a1f4f03bd9eb9091ff3d25b592b04b42ef1354bc115470563d9a013f85407da91d1f511bc687921

Download Submit
\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp\DriverBooster.exe

Filesize
8.6MB

MD5
ca781243e6988a1a30da6af5c350456d

SHA1
3e6ace2bb13d192bda7af845f6e95a8c3b3a9672

SHA256
c833092c1aa94b54c30f5ed7f0c989f05f7fe9a395fefa217b3671391236a904

SHA512
15eeb1c59c0f7701f67fe3780e3ddde36645cf2263061fa840829f7d1769531923cd81e6a73cff6e20ca9f2afcb163a4a341b0878b9d58d50ee487f60da3a93d

Download Submit
\Users\Admin\AppData\Local\Temp\is-2EFAQ.tmp\DriverBooster.exe

Filesize
8.6MB

MD5
ca781243e6988a1a30da6af5c350456d

SHA1
3e6ace2bb13d192bda7af845f6e95a8c3b3a9672

SHA256
c833092c1aa94b54c30f5ed7f0c989f05f7fe9a395fefa217b3671391236a904

SHA512
15eeb1c59c0f7701f67fe3780e3ddde36645cf2263061fa840829f7d1769531923cd81e6a73cff6e20ca9f2afcb163a4a341b0878b9d58d50ee487f60da3a93d

Download Submit
\Users\Admin\AppData\Local\Temp\is-529HG.tmp\driver_booster_setup.tmp

Filesize
1.2MB

MD5
68b52a0b8e3d45bf3b520a0e7f16dad1

SHA1
e50408326eafb5ca8adc70db29c33b64e25bbbbd

SHA256
b409d6d6f8896dc2afd1774479c741ca253c0e9b4732daaa08af84aa9c96888b

SHA512
b8e0b486e2b9652831eb8efe48cf9575eef49204e827a64d69ae7c9c30304b2d98a66c28f1072fe8596847c15f13bbf7ec39d7708684ff64051bbae7ed063faf

Download Submit
memory/2256-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2256-53-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2592-50-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/2592-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2712-131-0x0000000000AB0000-0x0000000000AF0000-memory.dmp

Filesize
256KB

Download
memory/2712-54-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2712-157-0x0000000000400000-0x0000000000A17000-memory.dmp

Filesize
6.1MB

Download
memory/2712-158-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2712-159-0x0000000000AB0000-0x0000000000AF0000-memory.dmp

Filesize
256KB

Download