Overview

overview

5

Static

static

3

Camera/Install.bat

windows7-x64

5

Camera/Install.bat

windows10-2004-x64

5

Camera/OV2...80.sys

windows10-2004-x64

1

Camera/OV5...48.sys

windows10-2004-x64

1

Camera/iac...in.dll

windows7-x64

1

Camera/iac...in.dll

windows10-2004-x64

1

Camera/iac...py.dll

windows7-x64

1

Camera/iac...py.dll

windows10-2004-x64

1

Camera/iac...32.dll

windows7-x64

1

Camera/iac...32.dll

windows10-2004-x64

1

Camera/iac...32.sys

windows10-2004-x64

1

Camera/iac...cp.dll

windows7-x64

1

Camera/iac...cp.dll

windows10-2004-x64

1

Camera/iac...vl.dll

windows7-x64

1

Camera/iac...vl.dll

windows10-2004-x64

3

Camera/iai...32.sys

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Camera/iacamera32/iacamera32.sys

  • Size

    729KB

  • MD5

    37c19545e1282a0af754d17c2b862bf5

  • SHA1

    d5bf0217af004b890ef6eed290a2c642c5ed938e

  • SHA256

    1096cf55a931cae4d044f35b4de031263468ca8e9fde9953d7333afa91d583f8

  • SHA512

    c4e70b158acf90e4c2394b31cc4a4018fd59d42b4d23c1aaf835e971e111ddf4ab2e08d96e9231ff4d41b9db49bc04d00ccff50747fc535f0bd73ecd9a33108e

  • SSDEEP

    12288:oG90LOdYqQ/Jrc4YgLSM88CN7NXzOoiOE0iZQW4icT2:oG90LOdGhrmcD5CN79zOolEFZPET2

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Camera\iacamera32\iacamera32.sys
    1⤵
      PID:1916
      • C:\Users\Admin\AppData\Local\Temp\Camera\iacamera32\iacamera32.sys
        C:\Users\Admin\AppData\Local\Temp\Camera\iacamera32\iacamera32.sys
        2⤵
          PID:2232
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:4804
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4796

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
          Filesize

          16KB

          MD5

          ccb971711760979402e285ad4ed1379f

          SHA1

          014483d7611644971d4811ebf3cace3eefa3f625

          SHA256

          0285e226ad4c252053bbf6794c16251d08908f487f8674e516423378f8855fd6

          SHA512

          eef9d7eaede3c948045efde41fa08798c905224eb8d16803201a8b49bc9a2ae60982276f253dd2a13c8d34e2b73e2e962c18c059a6962ae77a88a87f436e821e

          Download Submit

        • memory/2232-0-0x0000000000B70000-0x0000000000C4C000-memory.dmp

          Filesize

          880KB

          Download

        • memory/4796-42-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-43-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-34-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-35-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-36-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-37-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-38-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-39-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-40-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-44-0x0000024846190000-0x0000024846191000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-33-0x0000024846540000-0x0000024846541000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-17-0x000002483DF50000-0x000002483DF60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4796-41-0x0000024846560000-0x0000024846561000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-45-0x0000024846180000-0x0000024846181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-47-0x0000024846190000-0x0000024846191000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-50-0x0000024846180000-0x0000024846181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-53-0x00000248460C0000-0x00000248460C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-1-0x000002483DE50000-0x000002483DE60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4796-65-0x00000248462C0000-0x00000248462C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-67-0x00000248462D0000-0x00000248462D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-68-0x00000248462D0000-0x00000248462D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-69-0x00000248463E0000-0x00000248463E1000-memory.dmp

          Filesize

          4KB

          Download