e41a9902c27177517b5216d8e591c5dd3672710eeb57a5b73640b6b49590aeee

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

driver4vr-setup.exe
Size

43.3MB
MD5

f5008c8fd276499ece97684b0a017b85
SHA1

eb92df78711ae4abed2d50fa420bd33b36f46bed
SHA256

e41a9902c27177517b5216d8e591c5dd3672710eeb57a5b73640b6b49590aeee
SHA512

0a49a84cfef12ab2853191bb19e0e9de20966b810151f8e565f124f148cfa24f0cb274336348da20996a15d298eabaf30b82712ca33759064b0295ca7ba58fbd
SSDEEP

786432:s702wAPJDuZA+oHESD8ZLjIleSjI/BBjbZ1tWc4Df0Oo0tctwJlEEuFIkad:oVV5uZ4FIKebbrcce9FctOlrtks

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3808	driver4vr-setup.tmp
3692	Installer.exe
3008	Driver4VR.exe

Loads dropped DLL 11 IoCs

pid	Process
3692	Installer.exe
3692	Installer.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe
3008	Driver4VR.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Driver4VR\Driver4Lib.dll	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\libzmq-64.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-ROE9M.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\x64\is-F9P9C.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\steam_api64.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-G3L1E.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-FPNHC.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-KF30O.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\tracker\is-26BA9.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-AP78K.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Driver4VR.exe	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-J4HH6.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-9MHGU.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-9I7FA.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-G1BR8.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-1OQUL.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-679SP.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-TC4PS.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-1GRJC.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-IO4QN.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\tracker\is-V281T.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Driver4Lib1.dll	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\NuiSensor.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\is-15302.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\unins000.msg	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-6F3JP.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-2HS5V.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\x64\concrt140.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\bin\win64\is-G046V.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\RestSharp.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-UNEF4.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-TFBPT.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\tracker\is-9M1F7.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\x64\is-QJ9FU.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-JOFTO.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-JN2M2.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-F8U1H.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-7U387.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Microsoft.Kinect20.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-R3BKM.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-114ML.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\tracker\is-S8OC6.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\settings\is-PFKV8.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-9QMVQ.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-7GFD9.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\NoloClientLib.dll	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Driver4Lib3.exe	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-H0NKC.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-LPQ9L.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\is-0HKQI.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\x64\is-OB0GD.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Steamworks.NET.dll	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\HelixToolkit.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-K5IUC.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-5F9R0.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-4L5GN.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Microsoft.Kinect.Toolkit.Interaction.dll	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\is-QU1S5.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-H897O.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\x64\is-734VH.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-VRHLS.tmp	driver4vr-setup.tmp
File created	C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\input\tracker\is-MC6CH.tmp	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\Emgu.CV.UI.dll	driver4vr-setup.tmp
File opened for modification	C:\Program Files (x86)\Driver4VR\x64\msvcp140.dll	driver4vr-setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a50f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Driver4VR.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c000000010000000400000000080000040000000100000010000000d5e98140c51869fc462c8975620faa7803000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df11900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Driver4VR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	Driver4VR.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 0f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e2000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Driver4VR.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa7803000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df12000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	Driver4VR.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3808	driver4vr-setup.tmp
3808	driver4vr-setup.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	Driver4VR.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3808	driver4vr-setup.tmp
3008	Driver4VR.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 3808	208	driver4vr-setup.exe	92
PID 208 wrote to memory of 3808	208	driver4vr-setup.exe	92
PID 208 wrote to memory of 3808	208	driver4vr-setup.exe	92
PID 3808 wrote to memory of 3692	3808	driver4vr-setup.tmp	105
PID 3808 wrote to memory of 3692	3808	driver4vr-setup.tmp	105

C:\Users\Admin\AppData\Local\Temp\driver4vr-setup.exe
"C:\Users\Admin\AppData\Local\Temp\driver4vr-setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Users\Admin\AppData\Local\Temp\is-V16SD.tmp\driver4vr-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-V16SD.tmp\driver4vr-setup.tmp" /SL5="$60232,45134229,57856,C:\Users\Admin\AppData\Local\Temp\driver4vr-setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Program Files (x86)\Driver4VR\Installer.exe
    "C:\Program Files (x86)\Driver4VR\Installer.exe" /installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3692

C:\Program Files (x86)\Driver4VR\Driver4VR.exe
"C:\Program Files (x86)\Driver4VR\Driver4VR.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Driver4VR\Driver4Lib.dll

Filesize
3.7MB

MD5
b33661fa9f7b2a78f4944c5855153528

SHA1
bb2e3754ddf95896f5f47ad20e4b93471da5ddca

SHA256
261218b7ccf3cdb4878ad26222bdf119ab672cc7f26dfa8d14deee9efd3aaf51

SHA512
5b0ab95b63982ed9c1ee26870a04589079f2740a0efda4fac8c8f936e974b5d22f71ff1cbeba8b898d5ff394f58534fda4c2ccb018134214066dda1c11aef8f2

Download Submit
C:\Program Files (x86)\Driver4VR\Driver4Lib.dll

Filesize
4.1MB

MD5
8aa1c2eb55572b8e0fee3bd30dda9d9c

SHA1
bb0473cf0747db7206e020e176eecda93ce85ad9

SHA256
6bbb8d6eb89d1d4f3fd3c9e74b47e66016b29294ee055116baac5834efaa2c2b

SHA512
369c4b42bd0a01e7db25e9f737f98a8a1b2d95e833df21ed633b145b8b22fa9049771d50ac2060161985ebc28cc90844d623be3cc44bf990027d045fc13868f4

Download Submit
C:\Program Files (x86)\Driver4VR\Driver4Lib.dll

Filesize
3.8MB

MD5
d8ed40a95c368b21b125edd182254daf

SHA1
4e3c48d484f6b4a1adea5de455519c53cacc28bf

SHA256
63d8c4449ffbc4cc6681046714484d236596a640e53057973ea65472d65016f2

SHA512
251786bb9eea113d68c7c91d804a4576e741be6eb501e1d0e3b67a8bd91a82e6aeea7e6e132532318f0e5ab1f889580e75006280f3406855de101ad22bfb2ceb

Download Submit
C:\Program Files (x86)\Driver4VR\Driver4Lib2.dll

Filesize
185KB

MD5
60599998b17bd2b880757f4e09daa4d4

SHA1
f3e836cac13bb812c917b2dd1d9a0522622510e4

SHA256
53ace2e0b337a1db793a1c62ba3216af2407c353f382ef0e6986258b86965edd

SHA512
37573969efa5337ecae02cd152245297eed5c8f0b316d7a1704dfe1637345c3be8a36304d263ad269838877c8720eda739294912ebcbf544e81b9f0212eef740

Download Submit
C:\Program Files (x86)\Driver4VR\Driver4VR.exe

Filesize
48KB

MD5
72c3f5bf5c3dc58a2b583d17b78de551

SHA1
65697ec498b1cdb6391252ff6d63fabff0adce06

SHA256
24876e61a6936acebc086227cdd916f40d1d55813e61c2918e10d4d8e8cfdbb3

SHA512
f403a46ebd07f735d22bddcd2b65473e9d0328b3dc4b1809f20b6d8e58cf4e6e03404746423dcd12d85ce82e9407da429048f74b1e207fd3b85560ddc45949e5

Download Submit
C:\Program Files (x86)\Driver4VR\Emgu.CV.World.dll

Filesize
686KB

MD5
875652af2c5f9a4ceb31d6b5ec54c6f6

SHA1
31c7e2149afe6190ec26015771578914caa55ea3

SHA256
09edcc6e607476a417c80dc369da16dec005e50bec41cc56f325be1dcbd26e74

SHA512
782c82b536777f80e956dc296429b7c129227a32670e330cff41465a3ced7821f7e8ae8ccd60151b0e8774f3723ed433f42688698830370410cc580a0adda3ba

Download Submit
C:\Program Files (x86)\Driver4VR\Installer.exe

Filesize
156KB

MD5
958df4238ddb86a116acbfceb39c4c93

SHA1
2f89c0234eaafc94407db781f2253d77760e3e1b

SHA256
ab19f6647a0283f40f76a9d970ce7929907472a44689dcbc342c194e502e022e

SHA512
8ea0e6e9787541fa1980b96c048975921955bff7b0bd4cdf66a55c45ef19e17e472c2bc9caa9d0b7bcba1233b390066034d516cf050e8670f67a763b5cd321ed

Download Submit
C:\Program Files (x86)\Driver4VR\Newtonsoft.Json.dll

Filesize
638KB

MD5
f33cbe589b769956284868104686cc2d

SHA1
2fb0be100de03680fc4309c9fa5a29e69397a980

SHA256
973fd70ce48e5ac433a101b42871680c51e2feba2aeec3d400dea4115af3a278

SHA512
ffd65f6487bc71c967abcf90a666080c67b8db010d5282d2060c9d87a9828519a14f5d3a6fe76d81e1d3251c2104a2e9e6186af0effd5f331b1342682811ebf4

Download Submit
C:\Program Files (x86)\Driver4VR\RestSharp.dll

Filesize
177KB

MD5
5a498300ad5fca565ff423d220a4c051

SHA1
0439fe74ed57983e450079eef9ba9ad403700493

SHA256
d917f63fbe3c67683e50734a48d63c1884c7664cbe321f44261b70df209f4c91

SHA512
fe06193f46f2c114d31076c6fab563f46e10c7a961b3c61b311dcced18c91a282ef30fedd50993e25e7532457336001f93a94604a54e3a55f77845e7146ed012

Download Submit
C:\Program Files (x86)\Driver4VR\lib\drivers\driver4vr\resources\icons\is-6NT30.tmp

Filesize
370B

MD5
b34d3baddf9462c1770d3aeab97a0840

SHA1
995835b16dd0f66d12ba41380dce827ff64700d1

SHA256
7bb5a14c5e86a9c945a9705f6f5175a97b4247b55451b76cf088988a350572f8

SHA512
a029572aafcb7a11829f2451c881ca1783af2c2728bcf6bada3a15263bff9e48f9b4d63bee7c752a6efec58941efb4b7055de275f7b79a944efaab7ccdedc8b3

Download Submit
C:\Program Files (x86)\Driver4VR\x64\concrt140.dll

Filesize
327KB

MD5
d6c38108d2daaec744aefc990c228d6c

SHA1
19cfd6056af9529c1257ca62016733a8dfdd7b6a

SHA256
82897666d3489c1032c42ee6440645e44b3d850a89dc85a5f8baa28a867e3a8b

SHA512
d2b2e00b1f6aaba724fae7a0b06fb02b24780194d193dc82763f15a36a2c84828bc463b6fcef5a5df6ceb4f3ee16a5a71d5083a9767448136f9a5b889c3805ac

Download Submit
C:\Program Files (x86)\Driver4VR\x64\cvextern.dll

Filesize
1.4MB

MD5
08c4ea77bbeacac5c851a3cf8a985d9c

SHA1
3739f580e97ad52039150252c182a8af1af8577c

SHA256
8642346d9bd22296fd7059eba417abf45dac3481c6ebf7c5472b231bd2b5880c

SHA512
86a13cc9ec92192e78cce6037e292a549ba48782d7a320e891d302ce834d74e3778e25dee36fc9fcee7333ee4581a4b776a2dd6c64a3a1152d5b5bba43c3d67c

Download Submit
C:\Program Files (x86)\Driver4VR\x64\cvextern.dll

Filesize
1.5MB

MD5
09be773f70ee77ce8120d3db73bfc7e5

SHA1
3599a404dcf06834ce53c12ffb46be2e5de7e1b8

SHA256
4c343cca641ce890684cc5e0be7bc1e4b031912f62d2f95016a34a25a5b0af88

SHA512
911e3ea13a190ed99a70243a8b599ab419468c754b07466254b66c3f8adcf512d5c51b86e4d84459e73960e01e6184714a3f817b2e90d7127b0f709fc29ae836

Download Submit
C:\Program Files (x86)\Driver4VR\x64\msvcp140.dll

Filesize
605KB

MD5
18920afd13872383f9aa1893fce4a575

SHA1
74728ded8f77a8db172ddde019575c9c05dd675e

SHA256
aa0a585e4b6417669c2e4bad674b2c8c83584645d44c24d88915678c59d569ff

SHA512
08c8993d89c104ce80460a447fbbaf302c155444b9a72970e634c62dacfa2b0e12400c480677eaccc6487afd131db3451633db02e4bfc5e3ea8bbc20c458b859

Download Submit
C:\Program Files (x86)\Driver4VR\x64\opencv_videoio_ffmpeg411_64.dll

Filesize
1.7MB

MD5
675aafaa923810cc860f2de701ff2ca4

SHA1
bed528630b91d7d888b54a79e9b71c96ddb274b3

SHA256
e1cc01316b41d25ecdc1ea41d3f7a7fff3b95b121fba1a75c1e724091478c2b8

SHA512
0a3dbd00ea2398d8721a498df8e1ffef96efd1277c1d74ed61100dc26f737ba3d6f08726f7a3d83465d49962ac41a77a99ed80f4f48bf685ccfc10e289bdecc2

Download Submit
C:\Program Files (x86)\Driver4VR\x64\opencv_videoio_ffmpeg411_64.dll

Filesize
1.5MB

MD5
b1f93cb83faaa40271654517c326ee2e

SHA1
6dc99cf686b2af2f5f7469b2eab727338bc351e9

SHA256
f46505ee149e4327c323de832c623ac23b8376544b7891bfd8e30570a4f20858

SHA512
6d9fc52ab0a20cdecf4e1ece380b3623979b85a16dcb813ad3b4a8ba287f6048458c477bc1021529e178fb135884d18493b4d0fd1a969b412e7457fa02eff3e1

Download Submit
C:\Program Files (x86)\Driver4VR\x64\vcruntime140.dll

Filesize
83KB

MD5
3170dfbc38a0bb57382d898386f70ad4

SHA1
68615290fd840778498a42eaf9d28dc8c93b961d

SHA256
e4d5a1842d65e99581e52225e0af6455e078e95b3ea3d3b49f673e4d5168b82d

SHA512
69e71251e36e266bb2d1079cbf7a56a4db2efba54dc473eee4db7966af97c29dae977cdd75ea63818b2ac2cec1fb8af6b42b5d36732b9c0e2419fee138dad7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-V16SD.tmp\driver4vr-setup.tmp

Filesize
702KB

MD5
335e83c746fce622daee2dbeeb2d6220

SHA1
4d73b362a701fc579d0e786c67e690c6cef2581b

SHA256
5566d1e064e096636dd49f10643192d1cae01500e25774a1b4931568daf7c83c

SHA512
cda99c70c273e07bcc9e82621d0e2a899f74a5933c78f5b2bd89fc5edca51763b29b403a5077b641820bee32eb840678ed1b0dec505a010e57129cbb8aa41775

Download Submit
memory/208-246-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/208-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/208-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/208-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3008-281-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-282-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-295-0x00007FF940D60000-0x00007FF941821000-memory.dmp

Filesize
10.8MB

Download
memory/3008-294-0x0000000075780000-0x000000007744E000-memory.dmp

Filesize
28.8MB

Download
memory/3008-291-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-290-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-289-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-249-0x00000289C7410000-0x00000289C741E000-memory.dmp

Filesize
56KB

Download
memory/3008-250-0x00007FF940D60000-0x00007FF941821000-memory.dmp

Filesize
10.8MB

Download
memory/3008-251-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-288-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3008-286-0x00007FF940D60000-0x00007FF941821000-memory.dmp

Filesize
10.8MB

Download
memory/3008-285-0x00000289E8310000-0x00000289E8342000-memory.dmp

Filesize
200KB

Download
memory/3008-257-0x00000289E2520000-0x00000289E2DE6000-memory.dmp

Filesize
8.8MB

Download
memory/3008-283-0x0000000075780000-0x000000007744E000-memory.dmp

Filesize
28.8MB

Download
memory/3008-269-0x00000289E1D10000-0x00000289E1DC2000-memory.dmp

Filesize
712KB

Download
memory/3008-280-0x00000289E1AE0000-0x00000289E1AF0000-memory.dmp

Filesize
64KB

Download
memory/3692-232-0x00000207DF320000-0x00000207DF32E000-memory.dmp

Filesize
56KB

Download
memory/3692-226-0x00000207DF330000-0x00000207DF3D6000-memory.dmp

Filesize
664KB

Download
memory/3692-237-0x00007FF941AD0000-0x00007FF942591000-memory.dmp

Filesize
10.8MB

Download
memory/3692-231-0x00000207E2AA0000-0x00000207E2AD8000-memory.dmp

Filesize
224KB

Download
memory/3692-230-0x00000207C6680000-0x00000207C6690000-memory.dmp

Filesize
64KB

Download
memory/3692-227-0x00000207DF3E0000-0x00000207DF456000-memory.dmp

Filesize
472KB

Download
memory/3692-217-0x00000207C4A10000-0x00000207C4A3A000-memory.dmp

Filesize
168KB

Download
memory/3692-218-0x00007FF941AD0000-0x00007FF942591000-memory.dmp

Filesize
10.8MB

Download
memory/3692-229-0x00000207C6680000-0x00000207C6690000-memory.dmp

Filesize
64KB

Download
memory/3692-223-0x00000207DF240000-0x00000207DF274000-memory.dmp

Filesize
208KB

Download
memory/3692-228-0x00000207DF2D0000-0x00000207DF2D8000-memory.dmp

Filesize
32KB

Download
memory/3692-219-0x00000207C6680000-0x00000207C6690000-memory.dmp

Filesize
64KB

Download
memory/3692-224-0x00000207C65C0000-0x00000207C65C6000-memory.dmp

Filesize
24KB

Download
memory/3808-9-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3808-6-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3808-20-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3808-245-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3808-12-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3808-234-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download