Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 11:24
Behavioral task
behavioral1
Sample
343513825edec71fd57c1bde91a87bd4.exe
Resource
win7-20231129-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
343513825edec71fd57c1bde91a87bd4.exe
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
343513825edec71fd57c1bde91a87bd4.exe
-
Size
376KB
-
MD5
343513825edec71fd57c1bde91a87bd4
-
SHA1
15b82d33abb5e7139e8ae339e12980ca6b3cee9b
-
SHA256
34f5e1b4c6f7ed96641cea63cb21e2db3aab628b6c412b00d23213a0ba3b03f0
-
SHA512
772bad9d90f2bbfae7d1fca3a601d901770cc7582f011439ce76f868045c1b06372d43a246ed6152ae42864afb1bae844e2d57cf7f73e1463167189174c5f302
-
SSDEEP
6144:EY6RpfAn+s8e/g7zIiLNJjUB0qoRO3zE3FjWnf2Y5bwth/rW2lGvSO:l6RpfAnL/g7MiLNJjUBQqE3FSkDqjL
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\arc.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\nwifi.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\hwpolicy.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\volmgrx.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\msdsm.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\mshidkmdf.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\Drivers\secdrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\stexstor.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\evbda.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\sermouse.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\lltdio.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\tcpipreg.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\vsmraid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\fdc.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\intelppm.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\modem.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\nfrd960.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\nvraid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\hidir.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\ipfltdrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\MSKSSRV.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\DRIVERS\netbt.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\tsusbhub.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\usbuhci.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\amdide.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\amdsbs.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\isapnp.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\nvstor.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\tdpipe.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\kbdhid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\MSPQM.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\rdpvideominiport.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\Wdf01000.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\ql2300.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\wmiacpi.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\pacer.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\agp440.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\asyncmac.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\errdev.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\ndisuio.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\pcmcia.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\usbccgp.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\qwavedrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\sffp_sd.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\sisraid4.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\storvsc.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\tsusbflt.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\appid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\Drivers\BrUsbMdm.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\circlass.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\VMBusHID.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\1394ohci.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\elxstor.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\processr.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\ql40xx.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\DRIVERS\scfilter.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\drmkaud.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\hcw85cir.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\uagp35.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\USBSTOR.SYS 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\peauth.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\sbp2port.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\serial.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\tdtcp.sys 343513825edec71fd57c1bde91a87bd4.exe -
resource yara_rule behavioral1/memory/2136-1-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect behavioral1/memory/2136-0-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect behavioral1/memory/2136-8-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 343513825edec71fd57c1bde91a87bd4.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main 343513825edec71fd57c1bde91a87bd4.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2136 343513825edec71fd57c1bde91a87bd4.exe 2136 343513825edec71fd57c1bde91a87bd4.exe