4b56fa87d34225e44b825af88cf63a3a48dd5f93532198b18a308590973f0d2e

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cf3655eb503f3792a808839d0e1d975.exe
Size

56KB
MD5

7cf3655eb503f3792a808839d0e1d975
SHA1

20e54e2f6a425c8ba6dc20e3973213776b13febe
SHA256

4b56fa87d34225e44b825af88cf63a3a48dd5f93532198b18a308590973f0d2e
SHA512

889c7aa78bf80e8dece3481ead98a9a808e1f79c1c339bab62e4c3be7c6a3327bb13f4af949cec90340f98357ff76d37afedd8c67b55bdb29da8a0bd37331c48
SSDEEP

1536:mPMaB+7ppcq/QdnKVK68w4MIRKIFDFPCKpso7dxX:mEaB+1PoKV+w4MvcLzH

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\pcmcia.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\SDFRd.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\sermouse.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\vhf.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\HpSAMD.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\mausbhost.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\ndisuio.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DRIVERS\rasacd.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\scmbus.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\tsusbflt.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\vmgid.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\hidinterrupt.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\percsas2i.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\ibbus.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\Drivers\MsRPC.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\portcfg.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\WpdUpFltr.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\DRIVERS\nwifi.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\stornvme.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\ufxsynopsys.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\xinputhid.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\evbda.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\SerCx.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\vpci.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\Drivers\Beep.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DRIVERS\NDProxy.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\qwavedrv.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\winmad.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\bxvbda.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\MSKSSRV.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\udecx.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\BthEnum.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\intelpmax.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sas3i.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sss.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\MSPCLOCK.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\sdstor.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\fdc.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\msgpiowin32.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\MSTEE.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\serial.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\Synth3dVsc.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\hidspi.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\sbp2port.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\usbprint.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\mvumis.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\applockerfltr.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\Drivers\UcmCx.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\urscx01000.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DRIVERS\wanarp.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\cht4sx64.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\mausbip.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\megasr.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\nvraid.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\stexstor.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\tunnel.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\Drivers\UcmTcpciCx.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\system32\drivers\usbaudio.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\hidir.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\mshidumdf.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\usbaudio2.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\drivers\winverbs.sys	7cf3655eb503f3792a808839d0e1d975.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys	7cf3655eb503f3792a808839d0e1d975.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys	7cf3655eb503f3792a808839d0e1d975.exe

C:\Users\Admin\AppData\Local\Temp\7cf3655eb503f3792a808839d0e1d975.exe
"C:\Users\Admin\AppData\Local\Temp\7cf3655eb503f3792a808839d0e1d975.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2264-3-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2264-2-0x0000000000480000-0x0000000000486000-memory.dmp

Filesize
24KB

Download
memory/2264-1-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2264-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads