6f2fb40533acb394987715bdeec71588ae88a3782c2b372c0b0c221ed7b8ffba

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23-09-2023 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IObit Driver Booster 11.0.0.21.exe
Size

23.8MB
MD5

72cafe441f7b5526d7fbd74b877db42f
SHA1

0ce90507748961fa9d0769d87a26318d8dd0bb13
SHA256

6f2fb40533acb394987715bdeec71588ae88a3782c2b372c0b0c221ed7b8ffba
SHA512

6d4d5aaf5956347028bcb657886d314b32a03f3306e027da067bd7dfd7cdd9fe563b6196551a6fe964601e97056fab22a68ddea503c2c49a2012867b58947a83
SSDEEP

393216:hIBVFnYCCP7YPkWzHTdUxSOVE9QWM+qtLT2Wcwa4Ovjz0bL+01KrP:4V+Cj79QT+kCEOLAbL31KL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1708	IObit Driver Booster 11.0.0.21.tmp

Loads dropped DLL 5 IoCs

pid	Process
2200	IObit Driver Booster 11.0.0.21.exe
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp
1708	IObit Driver Booster 11.0.0.21.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28
PID 2200 wrote to memory of 1708	2200	IObit Driver Booster 11.0.0.21.exe	28

C:\Users\Admin\AppData\Local\Temp\IObit Driver Booster 11.0.0.21.exe
"C:\Users\Admin\AppData\Local\Temp\IObit Driver Booster 11.0.0.21.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\is-S3GSD.tmp\IObit Driver Booster 11.0.0.21.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S3GSD.tmp\IObit Driver Booster 11.0.0.21.tmp" /SL5="$30158,24648767,64512,C:\Users\Admin\AppData\Local\Temp\IObit Driver Booster 11.0.0.21.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-S3GSD.tmp\IObit Driver Booster 11.0.0.21.tmp

Filesize
911KB

MD5
1007aae9bab56b1ca7c432c8429399e5

SHA1
6b0e6b53a4cfd1d00e41d5c16577ee08d5a1afd6

SHA256
e7a45ca3a1122049b91199c59d95adef650b104b96dec47c1f4dc227d2d807d2

SHA512
4bc8674ab4b41b715e707fc89d67218db2f1c032de2f156a0b131350393fc8c32f3045c111a30ab2c84725c494d96fda37649755f60c4b1eeed925575da8d3db

Download Submit
\Users\Admin\AppData\Local\Temp\is-DK30U.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
\Users\Admin\AppData\Local\Temp\is-DK30U.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
\Users\Admin\AppData\Local\Temp\is-DK30U.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-DK30U.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-S3GSD.tmp\IObit Driver Booster 11.0.0.21.tmp

Filesize
911KB

MD5
1007aae9bab56b1ca7c432c8429399e5

SHA1
6b0e6b53a4cfd1d00e41d5c16577ee08d5a1afd6

SHA256
e7a45ca3a1122049b91199c59d95adef650b104b96dec47c1f4dc227d2d807d2

SHA512
4bc8674ab4b41b715e707fc89d67218db2f1c032de2f156a0b131350393fc8c32f3045c111a30ab2c84725c494d96fda37649755f60c4b1eeed925575da8d3db

Download Submit
memory/1708-53-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-35-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-23-0x0000000006DC0000-0x00000000070DA000-memory.dmp

Filesize
3.1MB

Download
memory/1708-25-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/1708-26-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-27-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-29-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-28-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/1708-31-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/1708-32-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-30-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-33-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-34-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/1708-56-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-36-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-37-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/1708-38-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-39-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-41-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-40-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/1708-42-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-43-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/1708-44-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-46-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/1708-58-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/1708-47-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-48-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-49-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/1708-50-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-51-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-8-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1708-52-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/1708-63-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-19-0x0000000000540000-0x0000000000556000-memory.dmp

Filesize
88KB

Download
memory/1708-45-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-54-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-57-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-59-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-62-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-61-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/1708-55-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/1708-64-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/1708-65-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-67-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/1708-66-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-60-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-68-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-69-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-70-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/1708-71-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-74-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-73-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/1708-75-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-76-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/1708-77-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-78-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-79-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/1708-72-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-80-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-81-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-82-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/1708-83-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-84-0x00000000070E0000-0x0000000007220000-memory.dmp

Filesize
1.2MB

Download
memory/1708-96-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1708-89-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1708-88-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/2200-87-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2200-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download