Analysis
-
max time kernel
0s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 11:24
Behavioral task
behavioral1
Sample
343513825edec71fd57c1bde91a87bd4.exe
Resource
win7-20231129-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
343513825edec71fd57c1bde91a87bd4.exe
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
343513825edec71fd57c1bde91a87bd4.exe
-
Size
376KB
-
MD5
343513825edec71fd57c1bde91a87bd4
-
SHA1
15b82d33abb5e7139e8ae339e12980ca6b3cee9b
-
SHA256
34f5e1b4c6f7ed96641cea63cb21e2db3aab628b6c412b00d23213a0ba3b03f0
-
SHA512
772bad9d90f2bbfae7d1fca3a601d901770cc7582f011439ce76f868045c1b06372d43a246ed6152ae42864afb1bae844e2d57cf7f73e1463167189174c5f302
-
SSDEEP
6144:EY6RpfAn+s8e/g7zIiLNJjUB0qoRO3zE3FjWnf2Y5bwth/rW2lGvSO:l6RpfAnL/g7MiLNJjUBQqE3FSkDqjL
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
description ioc Process File opened for modification C:\Windows\System32\drivers\bthmodem.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\isapnp.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\megasr.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\MSTEE.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\nvdimm.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\IPMIDrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\lsi_sas3i.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\DRIVERS\NDProxy.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\lsi_sas2i.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\BthA2dp.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\sbp2port.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\acpipagr.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\asyncmac.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\atapi.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\buttonconverter.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\amdk8.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\mvumis.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\amdsata.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\ipnat.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\MSKSSRV.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\pnpmem.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\modem.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\PktMon.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\bcmfn2.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\circlass.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\dam.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\ipfltdrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\appid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\Drivers\Beep.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\hwpolicy.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\nvraid.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\DRIVERS\ramdisk.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\BthEnum.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\HidBatt.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\hidspi.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\lsi_sas.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\SerCx2.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\vms3cap.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\Acx01000.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\evbda.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\fdc.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\hvservice.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\raspptp.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\DRIVERS\rasacd.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\BTHport.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\cht4vx64.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\flpydisk.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\hidi2c.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\system32\drivers\qwavedrv.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\SmartSAMD.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\mlx4_bus.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\mshidkmdf.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\rdpvideominiport.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\sfloppy.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\drmkaud.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\iaLPSSi_I2C.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\intelpmax.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\DRIVERS\scfilter.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\acpipmi.sys 343513825edec71fd57c1bde91a87bd4.exe File opened for modification C:\Windows\System32\drivers\bxvbda.sys 343513825edec71fd57c1bde91a87bd4.exe -
resource yara_rule behavioral2/memory/3716-0-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect behavioral2/memory/3716-1-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect behavioral2/memory/3716-5-0x0000000000400000-0x000000000049B000-memory.dmp vmprotect -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys 343513825edec71fd57c1bde91a87bd4.exe