Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

Intel-Driv...er.exe

windows7-x64

4

Intel-Driv...er.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    23/09/2023, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Intel-Driver-and-Support-Assistant-Installer.exe

  • Size

    5.7MB

  • MD5

    5aeed594cdeac9e07eef948745708673

  • SHA1

    e03408fe345185a5926c935faf0127755b7a055d

  • SHA256

    b86b177015444922022d8fb0c7fa03cf6c56d01d727ee18ff45af0589504fbb7

  • SHA512

    0a0ef29e987758a66a66145a9f71a93705088ebe520963d9d153f7e697550d61e14d9ae540b29759fa552912a9dc59509e15f1c248320e3c280f5478c054cef7

  • SSDEEP

    98304:xT0hMKcMgi3/1ZQGkYZ0spHNo0UBFd0MxfXcgPxk3xl900vFn5T1h/nc2KfsKlUY:xT8MKc+9qGk9GHvUBgM7xMzV5Rlc2KU+

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\Temp\{87FE2D7F-4C20-4760-AF1B-586717FCF7B9}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
      "C:\Windows\Temp\{87FE2D7F-4C20-4760-AF1B-586717FCF7B9}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{87FE2D7F-4C20-4760-AF1B-586717FCF7B9}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    7db269ac09ee0a41012962e3322b1d19

    SHA1

    e69447a785e8830b37ebb0093b9ec6cd59a51b45

    SHA256

    ff20c63cc394e52adf8f39a0de4a62102b61ee49c6a4f1a37cfc5eb7c6649c78

    SHA512

    65dc1c05c88239fa15dc350f20fb0f2b408a2e78b79a9dfff20266f2471ba325248aa364a8fba2b6df894efb662626755c47473ccaebc7453f481f9ca0eb6a37

    Download Submit

  • C:\Windows\Temp\{87FE2D7F-4C20-4760-AF1B-586717FCF7B9}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    7db269ac09ee0a41012962e3322b1d19

    SHA1

    e69447a785e8830b37ebb0093b9ec6cd59a51b45

    SHA256

    ff20c63cc394e52adf8f39a0de4a62102b61ee49c6a4f1a37cfc5eb7c6649c78

    SHA512

    65dc1c05c88239fa15dc350f20fb0f2b408a2e78b79a9dfff20266f2471ba325248aa364a8fba2b6df894efb662626755c47473ccaebc7453f481f9ca0eb6a37

    Download Submit

  • C:\Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\BootstrapperCore.config
    Filesize

    803B

    MD5

    64248d2c500318bdd1f963905302ba87

    SHA1

    b075b452515b033f130518e83ad05f1896efb9f5

    SHA256

    6d03dc041d84644b0ce097f9313ed49ce38604b664db444aece1640731625298

    SHA512

    1909784250a9365a8a0d4d0c50a43553bd9003965fead60ac8d0315276a65b43e9c32a57216461cda0b68feae1d56d0c0242d18ed2202d424e04395e939cc68e

    Download Submit

  • \Windows\Temp\{87FE2D7F-4C20-4760-AF1B-586717FCF7B9}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    7db269ac09ee0a41012962e3322b1d19

    SHA1

    e69447a785e8830b37ebb0093b9ec6cd59a51b45

    SHA256

    ff20c63cc394e52adf8f39a0de4a62102b61ee49c6a4f1a37cfc5eb7c6649c78

    SHA512

    65dc1c05c88239fa15dc350f20fb0f2b408a2e78b79a9dfff20266f2471ba325248aa364a8fba2b6df894efb662626755c47473ccaebc7453f481f9ca0eb6a37

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\BootstrapperUI.dll
    Filesize

    415KB

    MD5

    3b4a049801eb311f69c4165bd001692b

    SHA1

    b9b165ca0602eee6a827b776e6a1b3c4bcc26774

    SHA256

    e75da441a631f5115d62f7521e71bd6b1430f3b4f9403c7038b3e5e3a9db0759

    SHA512

    b4202d3a86674c8edec034181c18e5dcbed7de86e348567017b7108048be8cd647c13fcc95fb499cf15089789d9fd537ac29410d411f77edf7c7605066b36b6a

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\BootstrapperUI.dll
    Filesize

    415KB

    MD5

    3b4a049801eb311f69c4165bd001692b

    SHA1

    b9b165ca0602eee6a827b776e6a1b3c4bcc26774

    SHA256

    e75da441a631f5115d62f7521e71bd6b1430f3b4f9403c7038b3e5e3a9db0759

    SHA512

    b4202d3a86674c8edec034181c18e5dcbed7de86e348567017b7108048be8cd647c13fcc95fb499cf15089789d9fd537ac29410d411f77edf7c7605066b36b6a

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • \Windows\Temp\{E579FD9F-0E7A-4FDC-B141-4FB124B4DBA8}\.ba\mbahost.dll
    Filesize

    119KB

    MD5

    c59832217903ce88793a6c40888e3cae

    SHA1

    6d9facabf41dcf53281897764d467696780623b8

    SHA256

    9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

    SHA512

    1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

    Download Submit

  • memory/2408-82-0x00000000025A0000-0x00000000025A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2408-84-0x0000000002600000-0x0000000002608000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2408-73-0x00000000030E0000-0x000000000314C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2408-74-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-65-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-67-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-78-0x0000000002440000-0x000000000244E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2408-79-0x0000000002450000-0x000000000245A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2408-80-0x0000000002520000-0x0000000002528000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2408-85-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-59-0x00000000741E0000-0x00000000748CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2408-64-0x0000000000D70000-0x0000000000D88000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2408-81-0x0000000002590000-0x0000000002598000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2408-86-0x0000000002610000-0x000000000261A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2408-87-0x0000000002610000-0x000000000261A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2408-88-0x00000000741E0000-0x00000000748CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2408-89-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-90-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-91-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-92-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-93-0x0000000005760000-0x00000000057A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2408-94-0x0000000002610000-0x000000000261A000-memory.dmp

    Filesize

    40KB

    Download