fc16a73ee55b2a601b923eabf03c28180a7345f2d4e1da7dcdc9716a03ed5aa6

Analysis

max time kernel
84s
max time network
89s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2024, 10:40

Target

res/driver/microsoft/umdf.exe
Size

745KB
MD5

9be4cbcfb03ac2695facd92654758e02
SHA1

019087567ca72942877198f8da61ff48848d4545
SHA256

f38ffdb1aa908e382d943b8bece1e2fbc2ca5f5a81f2a7d997f0aa95e487b300
SHA512

dfb74d483d770c049788712591d44543835a6c9ad043e81e1cd76fb8cf1d118a32fa8e58aaa06885ac59aafc31bb7357e5b6b488f499f5ed052aa0082b3c0434
SSDEEP

12288:8TsZ9XUdSQv06wUO8/txLx3i4tFG1UoFL9ZwfxKeYm18ed3PFeuAz4yE:8QZudRM1UO8/PL5iHjFDCZ39euz1

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5068	update.exe

Loads dropped DLL 2 IoCs

pid	Process
5068	update.exe
5068	update.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\setupapi.log	update.exe
File opened for modification	\??\c:\windows\Wudf01000Inst.log	update.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5068	update.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 5068	2268	umdf.exe	80
PID 2268 wrote to memory of 5068	2268	umdf.exe	80
PID 2268 wrote to memory of 5068	2268	umdf.exe	80

C:\Users\Admin\AppData\Local\Temp\res\driver\microsoft\umdf.exe
"C:\Users\Admin\AppData\Local\Temp\res\driver\microsoft\umdf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- \??\c:\7ffbdd120cdbf27a427cbacff1a093d5\update\update.exe
  c:\7ffbdd120cdbf27a427cbacff1a093d5\update\update.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:5068

C:\7ffbdd120cdbf27a427cbacff1a093d5\update\updspapi.dll

Filesize
370KB

MD5
e7838da61860dab7a231074e9e854dfe

SHA1
ac23a0a3ba6ef35a36f655269819399f91e58d2b

SHA256
966b56a5618d10cfde641cc7b416b99ae173759eaeb3ac57c94d957dd22fa288

SHA512
4a8c7ff8518220f8dedb46d1272b9e27205d7725797c58c9099bae3a53746fb3790b5e68adc044ad85e1dfd64f5c16d98536d7827aa73e7197adff91e8c8d4c0

Download Submit
\??\c:\7ffbdd120cdbf27a427cbacff1a093d5\update\update.exe

Filesize
724KB

MD5
b9fa27bea6b6fb59cd79aa46e58f9176

SHA1
fe65b899ed5a8c095a7e6a996e48fab5097482a0

SHA256
12f4bcba366c909145ade38924aacc11bc12d8696c37bb05567055fab81c70ef

SHA512
45f7152ba7b878b470048be07eae9e4e9daf8bcba8a2ad989b2aa9479ee1e38c335ae98387d687fc57ffb015c9530798bbb2f80e04f90defe7404b0103085bb7

Download Submit
\??\c:\7ffbdd120cdbf27a427cbacff1a093d5\update\update.inf

Filesize
4KB

MD5
1b93e9813405ef9f7f281f5073a49468

SHA1
b6921f3df1d359e39a598c8b610a44ea4d3c37f0

SHA256
ffc28d798a5aa92516f5552bd4b4537d2c7e3d42393acac604b14a1a7c577804

SHA512
480cd9dc8241db9e65656c049d45c154d4646358498c31302c79ee25bdd1f125e7f49affc2ecf9392e94b45b93eff2cef49d394b6e71ef1d72bac2bd7aab0697

Download Submit
memory/5068-25-0x0000000000710000-0x000000000076E000-memory.dmp

Filesize
376KB

Download