Overview

overview

7

Static

static

3

driver-mag...-0.exe

windows7-x64

7

driver-mag...-0.exe

windows10-2004-x64

7

Resubmissions

12-02-2024 20:06

240212-yvjapabd8w 7

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    driver-magician-6-0.exe

  • Size

    5.9MB

  • MD5

    17fc5c203f4e8b3e3b7a463fd939f57a

  • SHA1

    12ec48b63e89cb78fb47571e9c27b0a4e562bc82

  • SHA256

    b5b23f72ca2b97b42bc66040ffcfcddb8e5cf0e164464a5631ef2dd8f017985b

  • SHA512

    3ebfd9444dac6becfafcdf060bf543e2ab6765c2f9e6b78b7877fc21afea3e2e8ca6f21045baaa8f66ae0571ab688b4efcb177fb0dbc6c5839ceb4c9452a3de3

  • SSDEEP

    98304:FkLyusBFthivcrmEtw2r9mfuNy/wSuoAcu3lumwIICdSvOFg4XYq:GyusBnUvcyEO2hmf2K/AGmwIIESvOFgm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\driver-magician-6-0.exe
    "C:\Users\Admin\AppData\Local\Temp\driver-magician-6-0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Users\Admin\AppData\Local\Temp\is-0RJ4K.tmp\driver-magician-6-0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0RJ4K.tmp\driver-magician-6-0.tmp" /SL5="$401EC,5248154,781312,C:\Users\Admin\AppData\Local\Temp\driver-magician-6-0.exe"
      2⤵
      • Executes dropped EXE
      PID:4972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0RJ4K.tmp\driver-magician-6-0.tmp
    Filesize

    3.0MB

    MD5

    0e02525d17fac66dbcc6a0015193cddc

    SHA1

    ef45af9e44ebd24f045a6c0dfcab237d597e8b98

    SHA256

    7807003ff76c839400f8c386d1f9b00b236534a5cb376a4cdf0b0316e3ef5e20

    SHA512

    988236d11b3685ae36f2f68d47df25c8d8aa1f02fd15042a0832b03741e8a9564062b77d7ab46441d3ac856791fc038457f504b2c2134a9e263e220ed50db1b0

    Download Submit

  • memory/1372-1-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/1372-8-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4972-6-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4972-9-0x0000000000400000-0x0000000000708000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4972-12-0x0000000002800000-0x0000000002801000-memory.dmp

    Filesize

    4KB

    Download