Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3Driver/2K_...er.sys
windows7-x64
1Driver/2K_...er.sys
windows10-2004-x64
1Driver/Vis...er.sys
windows7-x64
1Driver/Vis...er.sys
windows10-2004-x64
1Driver/Win...er.sys
windows7-x64
1Driver/Win...er.sys
windows10-2004-x64
1Driver/ins...er.exe
windows7-x64
5Driver/ins...er.exe
windows10-2004-x64
5Driver/ins...64.exe
windows7-x64
1Driver/ins...64.exe
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 04:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Driver/2K_XP_COM/usbser.sys
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Driver/2K_XP_COM/usbser.sys
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
Driver/Vista/usbser.sys
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
Driver/Vista/usbser.sys
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
Driver/Win7/usbser.sys
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
Driver/Win7/usbser.sys
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
Driver/install_driver.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral8
Sample
Driver/install_driver.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral9
Sample
Driver/installdrv64.exe
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
Driver/installdrv64.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Driver/install_driver.exe
-
Size
622KB
-
MD5
66519e67c90c3f2b86ee443e3b41415f
-
SHA1
a09a2fbf06fefe6dfd85fc4c69008ade42b432c9
-
SHA256
958d60178914ac74e36c4218279eec2b18760bab0ab97e7fed18005a691a4ba6
-
SHA512
5dce8fc0404b539862d16db51c35b0bb70d6db0877046a6903ba83ae65e11c185eab100e73e1bf7972d420723710e5d76af94c3ad3de50452b8034e678c7cac4
-
SSDEEP
12288:byfUVjJQKXxXjjAZkU5UUXiy8Xtd9AsyG5/tAp3fLO6EwgbA6:byU82bU/Xiy8ZFAp3fLOH
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 21 IoCs
description ioc Process File opened for modification C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\SET3C2F.tmp backgroundTaskHost.exe File created C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\SET3C2F.tmp backgroundTaskHost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\usb2ser_Win764.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\SET3BB1.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\usb2ser_Win764.inf DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\SET3C2E.tmp backgroundTaskHost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\usbser.sys backgroundTaskHost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55} backgroundTaskHost.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\SET3C6E.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\SET3C6E.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\usbser.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\SET3C2E.tmp backgroundTaskHost.exe File created C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\SET3BB2.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\SET3C6D.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\SET3C6D.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6aa9f2a6-088e-d94f-b012-9a580154bf56}\usbser.sys DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\SET3BB1.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8a9ca293-cd55-5844-9dc8-f9edcb60b017}\SET3BB2.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{ed10fc54-53e5-5c4f-ae57-4fa02aeccd55}\usb2ser_Win764.inf backgroundTaskHost.exe -
Drops file in Windows directory 8 IoCs
description ioc Process File opened for modification C:\Windows\INF\setupapi.dev.log installdrv64.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log install_driver.exe File opened for modification C:\Windows\INF\setupapi.dev.log installdrv64.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log installdrv64.exe File opened for modification C:\Windows\INF\setupapi.dev.log backgroundTaskHost.exe -
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags installdrv64.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs installdrv64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 installdrv64.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeAuditPrivilege 4804 svchost.exe Token: SeSecurityPrivilege 4804 svchost.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2496 install_driver.exe 2496 install_driver.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2496 wrote to memory of 4716 2496 install_driver.exe 32 PID 2496 wrote to memory of 4716 2496 install_driver.exe 32 PID 4804 wrote to memory of 3500 4804 svchost.exe 21 PID 4804 wrote to memory of 3500 4804 svchost.exe 21 PID 2496 wrote to memory of 3624 2496 install_driver.exe 28 PID 2496 wrote to memory of 3624 2496 install_driver.exe 28 PID 4804 wrote to memory of 2176 4804 svchost.exe 110 PID 4804 wrote to memory of 2176 4804 svchost.exe 110 PID 2496 wrote to memory of 4928 2496 install_driver.exe 26 PID 2496 wrote to memory of 4928 2496 install_driver.exe 26 PID 4804 wrote to memory of 3200 4804 svchost.exe 24 PID 4804 wrote to memory of 3200 4804 svchost.exe 24
Processes
-
C:\Users\Admin\AppData\Local\Temp\Driver\install_driver.exe"C:\Users\Admin\AppData\Local\Temp\Driver\install_driver.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Users\Admin\AppData\Local\Temp\Driver\installdrv64.exeinstalldrv64.exe UpdateDriverForPlugAndPlayDevices USB\Vid_0e8d&Pid_0023&MI_02 "C:\Users\Admin\AppData\Local\Temp\Driver\Win7\usb2ser_Win764.inf"2⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4928
-
-
C:\Users\Admin\AppData\Local\Temp\Driver\installdrv64.exeinstalldrv64.exe UpdateDriverForPlugAndPlayDevices USB\Vid_0e8d&Pid_0023&MI_00 "C:\Users\Admin\AppData\Local\Temp\Driver\Win7\usb2ser_Win764.inf"2⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:3624
-
-
C:\Users\Admin\AppData\Local\Temp\Driver\installdrv64.exeinstalldrv64.exe UpdateDriverForPlugAndPlayDevices USB\Vid_0e8d&Pid_0003 "C:\Users\Admin\AppData\Local\Temp\Driver\Win7\usb2ser_Win764.inf"2⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4716
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{54a7fdc8-e32c-ac47-ad92-858322ab798b}\usb2ser_Win764.inf" "9" "4fdf53997" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\Win7"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3500
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b4daec0a-b6ca-0044-8c52-55852946a319}\usb2ser_Win764.inf" "9" "4fdf53997" "0000000000000168" "WinSta0\Default" "0000000000000144" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\Win7"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:3200
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c8bab828-ea1b-2d49-bd7c-2143360c173d}\usb2ser_Win764.inf" "9" "4fdf53997" "0000000000000164" "WinSta0\Default" "0000000000000168" "208" "C:\Users\Admin\AppData\Local\Temp\Driver\Win7"1⤵PID:2176
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4804
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2176
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD549106ee29074e6a3d3ac9e24c6d791d8
SHA154b690cfd6b81b556239bc6409c408d26d9fafc6
SHA256b96b19a92e720f284741f8a2dcb30a9423ad58ba8f795d4f2e30403ceef20099
SHA512e6737b08ee1bdfcce4b59a02fa53507f894c8bc285e71e4fe8130e0046ff098847a245b1299f3f6120fa8ec54a53bb531f999eb6043aaaf4e499b97a8ac87a69
-
Filesize
3KB
MD5bccc7e837e3c0105830295b7a772d40f
SHA1230e7173e5bd5631c78fd86d29602fe969805e9b
SHA256e3063428ed325a2c570677182ffb9df3c0821a706cd9f754ea5150aeaa98ac2e
SHA512eac0d13d56c83c9a1a492a79273a7952e00b2c631e77cd3a8895c496e8895d5f943521584aec10a8132ebb93f808539acf37ebf1da385ed336f8d3c9c7217122
-
Filesize
7KB
MD5916153992d59f8d93e6d1c0cf08a3a06
SHA1dc38d428091d7801d482de519498541c3a209e34
SHA256c422129074f85c7d3d1ddcabc0b31015cb83d4f96041ed10840ceeb56e59b3d7
SHA512d3506734c75412fe66a3745e770b9e62a7e6bd18d77704ddb684434cb82820a346a1390e8aa92c13b49c3b1fed11cbee4235cf04442dca570a4e13126add44e3