8cc97f60bfb223bd7345687dd64dd68e89d879f1d895c8df771aa8c425899dc4

General

Target

Driver/install_driver.exe
Size

622KB
MD5

66519e67c90c3f2b86ee443e3b41415f
SHA1

a09a2fbf06fefe6dfd85fc4c69008ade42b432c9
SHA256

958d60178914ac74e36c4218279eec2b18760bab0ab97e7fed18005a691a4ba6
SHA512

5dce8fc0404b539862d16db51c35b0bb70d6db0877046a6903ba83ae65e11c185eab100e73e1bf7972d420723710e5d76af94c3ad3de50452b8034e678c7cac4
SSDEEP

12288:byfUVjJQKXxXjjAZkU5UUXiy8Xtd9AsyG5/tAp3fLO6EwgbA6:byU82bU/Xiy8ZFAp3fLOH

Score

5^/10

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\usb2ser_Win764.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\usbser.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344B.tmp	DrvInst.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	installdrv64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	install_driver.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2736	rundll32.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2436	install_driver.exe
2436	install_driver.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 3044	2436	install_driver.exe	29
PID 2436 wrote to memory of 3044	2436	install_driver.exe	29
PID 2436 wrote to memory of 3044	2436	install_driver.exe	29
PID 2436 wrote to memory of 3044	2436	install_driver.exe	29
PID 2820 wrote to memory of 2736	2820	DrvInst.exe	31
PID 2820 wrote to memory of 2736	2820	DrvInst.exe	31
PID 2820 wrote to memory of 2736	2820	DrvInst.exe	31

C:\Users\Admin\AppData\Local\Temp\Driver\install_driver.exe
"C:\Users\Admin\AppData\Local\Temp\Driver\install_driver.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\Driver\installdrv64.exe
  installdrv64.exe UpdateDriverForPlugAndPlayDevices USB\Vid_0e8d&Pid_0003 "C:\Users\Admin\AppData\Local\Temp\Driver\Win7\usb2ser_Win764.inf"
  2⤵
  - Drops file in Windows directory
  PID:3044

C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344A.tmp

Filesize
25KB

MD5
49106ee29074e6a3d3ac9e24c6d791d8

SHA1
54b690cfd6b81b556239bc6409c408d26d9fafc6

SHA256
b96b19a92e720f284741f8a2dcb30a9423ad58ba8f795d4f2e30403ceef20099

SHA512
e6737b08ee1bdfcce4b59a02fa53507f894c8bc285e71e4fe8130e0046ff098847a245b1299f3f6120fa8ec54a53bb531f999eb6043aaaf4e499b97a8ac87a69

Download Submit
C:\Windows\System32\DriverStore\Temp\{1f259e9d-80b9-1566-d92f-014fa1eb0209}\SET344B.tmp

Filesize
3KB

MD5
bccc7e837e3c0105830295b7a772d40f

SHA1
230e7173e5bd5631c78fd86d29602fe969805e9b

SHA256
e3063428ed325a2c570677182ffb9df3c0821a706cd9f754ea5150aeaa98ac2e

SHA512
eac0d13d56c83c9a1a492a79273a7952e00b2c631e77cd3a8895c496e8895d5f943521584aec10a8132ebb93f808539acf37ebf1da385ed336f8d3c9c7217122

Download Submit
memory/2736-16-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download