Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

Intel-Driv...er.exe

windows7-x64

4

Intel-Driv...er.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/09/2023, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Intel-Driver-and-Support-Assistant-Installer.exe

  • Size

    5.7MB

  • MD5

    5aeed594cdeac9e07eef948745708673

  • SHA1

    e03408fe345185a5926c935faf0127755b7a055d

  • SHA256

    b86b177015444922022d8fb0c7fa03cf6c56d01d727ee18ff45af0589504fbb7

  • SHA512

    0a0ef29e987758a66a66145a9f71a93705088ebe520963d9d153f7e697550d61e14d9ae540b29759fa552912a9dc59509e15f1c248320e3c280f5478c054cef7

  • SSDEEP

    98304:xT0hMKcMgi3/1ZQGkYZ0spHNo0UBFd0MxfXcgPxk3xl900vFn5T1h/nc2KfsKlUY:xT8MKc+9qGk9GHvUBgM7xMzV5Rlc2KU+

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Windows\Temp\{CDAA80C2-B22D-47B4-AAA6-1DBA12E7FFDF}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
      "C:\Windows\Temp\{CDAA80C2-B22D-47B4-AAA6-1DBA12E7FFDF}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" -burn.filehandle.attached=548 -burn.filehandle.self=528
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\BootstrapperCore.config
    Filesize

    803B

    MD5

    64248d2c500318bdd1f963905302ba87

    SHA1

    b075b452515b033f130518e83ad05f1896efb9f5

    SHA256

    6d03dc041d84644b0ce097f9313ed49ce38604b664db444aece1640731625298

    SHA512

    1909784250a9365a8a0d4d0c50a43553bd9003965fead60ac8d0315276a65b43e9c32a57216461cda0b68feae1d56d0c0242d18ed2202d424e04395e939cc68e

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\BootstrapperCore.dll
    Filesize

    87KB

    MD5

    b0d10a2a622a322788780e7a3cbb85f3

    SHA1

    04d90b16fa7b47a545c1133d5c0ca9e490f54633

    SHA256

    f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

    SHA512

    62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\BootstrapperUI.dll
    Filesize

    415KB

    MD5

    3b4a049801eb311f69c4165bd001692b

    SHA1

    b9b165ca0602eee6a827b776e6a1b3c4bcc26774

    SHA256

    e75da441a631f5115d62f7521e71bd6b1430f3b4f9403c7038b3e5e3a9db0759

    SHA512

    b4202d3a86674c8edec034181c18e5dcbed7de86e348567017b7108048be8cd647c13fcc95fb499cf15089789d9fd537ac29410d411f77edf7c7605066b36b6a

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\BootstrapperUI.dll
    Filesize

    415KB

    MD5

    3b4a049801eb311f69c4165bd001692b

    SHA1

    b9b165ca0602eee6a827b776e6a1b3c4bcc26774

    SHA256

    e75da441a631f5115d62f7521e71bd6b1430f3b4f9403c7038b3e5e3a9db0759

    SHA512

    b4202d3a86674c8edec034181c18e5dcbed7de86e348567017b7108048be8cd647c13fcc95fb499cf15089789d9fd537ac29410d411f77edf7c7605066b36b6a

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\GalaSoft.MvvmLight.dll
    Filesize

    29KB

    MD5

    af04687248da9e95a7ff65ab538d0bcf

    SHA1

    7511184300e2b6f70bc92333392386a812b2dabf

    SHA256

    b097fca120a9e76fa870d82662bdd233adbf08fc34a3c509f31cc5ced0ac1ecf

    SHA512

    a5eab337f6386de5fb2cc809730bac7d17cdfb309afea32e65e9d8c457f97ac3e3f03cebd48535cf253e28f3aa600f234631c2060ec59acb917cb5f135f4b67a

    Download Submit

  • C:\Windows\Temp\{532B1F99-9A2D-4CEF-89CE-B4446D400999}\.ba\mbahost.dll
    Filesize

    119KB

    MD5

    c59832217903ce88793a6c40888e3cae

    SHA1

    6d9facabf41dcf53281897764d467696780623b8

    SHA256

    9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

    SHA512

    1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

    Download Submit

  • C:\Windows\Temp\{CDAA80C2-B22D-47B4-AAA6-1DBA12E7FFDF}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    7db269ac09ee0a41012962e3322b1d19

    SHA1

    e69447a785e8830b37ebb0093b9ec6cd59a51b45

    SHA256

    ff20c63cc394e52adf8f39a0de4a62102b61ee49c6a4f1a37cfc5eb7c6649c78

    SHA512

    65dc1c05c88239fa15dc350f20fb0f2b408a2e78b79a9dfff20266f2471ba325248aa364a8fba2b6df894efb662626755c47473ccaebc7453f481f9ca0eb6a37

    Download Submit

  • C:\Windows\Temp\{CDAA80C2-B22D-47B4-AAA6-1DBA12E7FFDF}\.cr\Intel-Driver-and-Support-Assistant-Installer.exe
    Filesize

    1.1MB

    MD5

    7db269ac09ee0a41012962e3322b1d19

    SHA1

    e69447a785e8830b37ebb0093b9ec6cd59a51b45

    SHA256

    ff20c63cc394e52adf8f39a0de4a62102b61ee49c6a4f1a37cfc5eb7c6649c78

    SHA512

    65dc1c05c88239fa15dc350f20fb0f2b408a2e78b79a9dfff20266f2471ba325248aa364a8fba2b6df894efb662626755c47473ccaebc7453f481f9ca0eb6a37

    Download Submit

  • memory/3612-78-0x0000000003D60000-0x0000000003D6E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3612-81-0x0000000006CB0000-0x0000000006CB8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3612-65-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-64-0x0000000003610000-0x0000000003628000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3612-73-0x0000000006EA0000-0x0000000006EEA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/3612-74-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-60-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-58-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-57-0x0000000073750000-0x0000000073F00000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3612-79-0x0000000003D70000-0x0000000003D7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3612-80-0x0000000003D80000-0x0000000003D88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3612-72-0x0000000006CE0000-0x0000000006D4C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/3612-82-0x0000000006CC0000-0x0000000006CC8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3612-84-0x0000000006E90000-0x0000000006E98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3612-85-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-86-0x0000000009A50000-0x0000000009AB6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3612-87-0x000000000A190000-0x000000000A198000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3612-88-0x000000000A080000-0x000000000A0B8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3612-89-0x000000000A060000-0x000000000A06E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3612-90-0x0000000073750000-0x0000000073F00000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3612-91-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-92-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3612-93-0x0000000006960000-0x0000000006970000-memory.dmp

    Filesize

    64KB

    Download