73e65cc1d77e63701e503ab1f89d5d383182d2a4e50667680ed1ff0817662c17

Analysis

max time kernel
148s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

210f3938e0a2d2fb66a66f3f2abeab12.exe
Size

36KB
MD5

210f3938e0a2d2fb66a66f3f2abeab12
SHA1

2a6207bbd9389de80261732789d6ab7aae188a8a
SHA256

73e65cc1d77e63701e503ab1f89d5d383182d2a4e50667680ed1ff0817662c17
SHA512

052d3ec7d4c7d9410c63ee7a0ea1e1d3766b9fe4d0cb4ae40eee147910b72e2e849f9b951f30824d6fe279d537ca337c73713d2411ab89f4e8cf3303846fe94b
SSDEEP

768:9spSP6kfzKI4oBmjyLZa4kgT767omhRfFtnMWzp0N4HX8CLj4hwxK:CpSDzK+I4Tu7ZjFtnKN438CQhwxK

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\megasas.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\atapi.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\iagpio.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\mshidkmdf.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\MSPCLOCK.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\pcmcia.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\portcfg.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\WinUSB.SYS	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\HyperVideo.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\SerCx.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\MTConfig.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\NetAdapterCx.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\AgileVpn.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\TsUsbGD.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\WdmCompanionFilter.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\hidir.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\mshidumdf.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\percsas2i.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\sdbus.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\WpdUpFltr.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\acpitime.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\iaLPSSi_GPIO.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\modem.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\Drivers\UcmTcpciCx.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\winmad.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\WudfPf.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\MbbCx.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\MSPQM.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DRIVERS\ndiswan.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\rdpdr.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\umpass.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\UsbHub3.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\1394ohci.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\ndiswan.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\amdi2c.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sss.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\MegaSas2i.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\hvservice.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\mausbip.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\msiscsi.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\SpatialGraphFilter.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\uaspstor.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\evbda.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sas.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\AcpiDev.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\hidinterrupt.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\amdsata.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\Drivers\mshwnclx.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\MSTEE.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DRIVERS\raspppoe.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\storufs.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\buttonconverter.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\cht4vx64.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\vmgencounter.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\storvsc.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\vpci.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\HpSAMD.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\bridge.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\USBXHCI.SYS	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\applockerfltr.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\PktMon.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\drivers\terminpt.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\system32\drivers\appid.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys	210f3938e0a2d2fb66a66f3f2abeab12.exe

C:\Users\Admin\AppData\Local\Temp\210f3938e0a2d2fb66a66f3f2abeab12.exe
"C:\Users\Admin\AppData\Local\Temp\210f3938e0a2d2fb66a66f3f2abeab12.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2828-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2828-1-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2828-3-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2828-2-0x0000000074DE0000-0x0000000074FF5000-memory.dmp

Filesize
2.1MB

Download
memory/2828-6-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2828-7-0x0000000074DE0000-0x0000000074FF5000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads