Overview

overview

7

Static

static

3

XMT2_Win_S...28.exe

windows11-21h2-x64

7

res/driver...09.dll

windows11-21h2-x64

1

res/driver...09.dll

windows11-21h2-x64

1

res/driver...r2.dll

windows11-21h2-x64

3

res/driver...09.dll

windows11-21h2-x64

1

res/driver...09.dll

windows11-21h2-x64

1

res/driver...r2.dll

windows11-21h2-x64

1

res/driver...09.dll

windows11-21h2-x64

1

res/driver...09.dll

windows11-21h2-x64

1

res/driver...r2.dll

windows11-21h2-x64

3

res/driver...df.exe

windows11-21h2-x64

7

res/driver...11.exe

windows11-21h2-x64

7

res/driver...07.dll

windows11-21h2-x64

4

res/driver...07.dll

windows11-21h2-x64

1

res/driver...er.dll

windows11-21h2-x64

4

res/driver...07.dll

windows11-21h2-x64

4

res/driver...07.dll

windows11-21h2-x64

1

res/driver...er.dll

windows11-21h2-x64

4

res/driver...er.dll

windows11-21h2-x64

1

res/driver...er.sys

windows11-21h2-x64

1

res/driver...er.sys

windows11-21h2-x64

1

res/driver...er.dll

windows11-21h2-x64

1

res/driver...er.sys

windows11-21h2-x64

1

res/tools/...pi.dll

windows11-21h2-x64

3

res/tools/...pi.dll

windows11-21h2-x64

3

res/tools/...ib.dll

windows11-21h2-x64

1

res/tools/...ib.dll

windows11-21h2-x64

1

res/tools/adb.exe

windows11-21h2-x64

1

res/tools/driver.exe

windows11-21h2-x64

1

res/tools/...ot.exe

windows11-21h2-x64

1

res/tools/...-1.dll

windows11-21h2-x64

1

res/tools/mtp.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-03-2024 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    res/tools/driver.exe

  • Size

    31KB

  • MD5

    c93912ed7bdf6df07a1695a523fa7efc

  • SHA1

    07bac4cc4a725e8610f0677f76648c3d0396797b

  • SHA256

    7ec9fbf33602023f850ec3a7210165a56eb791c3cca5892b2be949cc71e57d01

  • SHA512

    2575a38418a0ba6d49cfe17ceee8a7ff80db9553cb6aa5357ddf786da0f7c3c16d8f3a9e7dc902d404b4bc00ab076067b22e2af488ea62d8b7828178e913fd46

  • SSDEEP

    768:P25YioRO5ApDRmiJS3AJDbyovvnxQU2KHR:l9RO5IDU0SQJDRp28

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\res\tools\driver.exe
    "C:\Users\Admin\AppData\Local\Temp\res\tools\driver.exe"
    1⤵
      PID:488
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1316
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      PID:3352

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/488-2-0x00007FFC42E20000-0x00007FFC437C1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/488-1-0x00007FFC42E20000-0x00007FFC437C1000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/488-3-0x00007FFC42E20000-0x00007FFC437C1000-memory.dmp

      Filesize

      9.6MB

      Download