22fcd1135d289183f47075179d795c790b1bc87aa812828fa78c3436c6a31b3a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Driver para joystick Dynacom.exe
Size

1.3MB
MD5

816202a764307c3471ff45f838d3f6ec
SHA1

a4ab7e412c38ff2e9a4df4c9bcbf0f518128bd0f
SHA256

22fcd1135d289183f47075179d795c790b1bc87aa812828fa78c3436c6a31b3a
SHA512

d2cf033bb24c0a05bea375b586893aea7d4b119b708a8e446dc713edd943131dd90f5289b0d5e8fdeeb1d6a7e05717e08d28772e3e4ca8544c5e991c090a56a7
SSDEEP

24576:X8UHC488zAtxibCSsvteuda8zKYmnvGNwqlw:X8UHC4ZzAObzIteuUNYmvv

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2144	setup.exe
2604	setup.exe

Loads dropped DLL 17 IoCs

pid	Process
2888	Driver para joystick Dynacom.exe
2144	setup.exe
2144	setup.exe
2144	setup.exe
2144	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe
2604	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\temp.000	setup.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\IGdi.dll	setup.exe
File opened for modification	C:\Program Files (x86)\USB Vibration	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\__tmp_rar_sfx_access_check_259394250	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab	Driver para joystick Dynacom.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDA9.tmp\temp.000	setup.exe
File opened for modification	C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab	Driver para joystick Dynacom.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2888 wrote to memory of 2144	2888	Driver para joystick Dynacom.exe	28
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29
PID 2144 wrote to memory of 2604	2144	setup.exe	29

C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe
"C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
  "C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
    -deleter
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr

Filesize
19KB

MD5
020b00fd3e241dd9d6031cba5cfe1f28

SHA1
76e1167fdb86059fc7cdede944ec26135721d78d

SHA256
7946c7dd11cb411e22d31deac4530f88700315c464c19694e55009666bcfa440

SHA512
bd9d3a2b2a00621220eb7f7f51459c194efe2a007ff960ce5f46533c130e5cce5bb0704b1d85ba254a63bb578f800dc7395b8c784e974bf976114ec182e1560a

Download Submit
C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab

Filesize
215KB

MD5
c7c8eaa4f694cb30b6cd4fb6917f8380

SHA1
2810ab477fec2b957d9c7448173da0cdf3bb2cb4

SHA256
fab2395277f6bc0b93f372e4462d2eb9c663aa2d8806b59bfea001ed86d951d2

SHA512
476252c65d80df962d8febd84d4922e4ba0f1a1519e63d19ef12e8c0690485d5d23d09867eae3f10d625576b60cff8f36ace3c03f99cdf1a62db4e9a48b90802

Download Submit
C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab

Filesize
386KB

MD5
feebebfdb673bba2beca3f83263faaa3

SHA1
6cf32a42b95b3497f2731f2b22136dea9ba69489

SHA256
7a81f54a1f3f087fc2a3d7c25898744a59f189572c979bb8a811a1eb09eec00d

SHA512
f0fc304ad3e69ff013f8a1c8f249a5d6190fc76ea257d4ec7512ef490ce572ca16b2005665361aff59f9968e09c96edc143cf862cb6c194c40b39d528f68b707

Download Submit
C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot

Filesize
326KB

MD5
b957e3c1f4781fb85d25e56dcad80d21

SHA1
71a116100ce724ddea6e81bf278b664bace6f14f

SHA256
fd4199c6c2156c6bcef909d3f62b23868d7499498311d32ff02302f6aaed9aa7

SHA512
f5ea6a11ad27a68913f22a775df8493e0f75cbfd3ed5020ed3c00b73d5c504e17182ed283793ccc8381d4bc72f1f9cb6448ee1b6b2411945b42ce9a49a47a8ad

Download Submit
C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini

Filesize
339B

MD5
6c08a7927a5eea663151d9f10ed91150

SHA1
037b5f53c22f21eeeb872e1ef962609a5fa267f3

SHA256
77f2b866810ba3d6e1161587b84b74c9d84fb2a574a0b244489ba69433275d9b

SHA512
f079961786eba59eddde954adcff92dd94cdc5fc14bcb0d61d1bac7976eb6427dd3fc824e8c5bc6c616b03bf60f32153adf7941a00d68f396cbfc28fd058da0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isdelet.ini

Filesize
153B

MD5
b059897b995acf946a3b4199f5f1d2f7

SHA1
1b08a954602acce8b93b8269e930d009b0bf9fd5

SHA256
a216f7b418f1a73e2e99bf9102fabb62e7b151246d0251159e2b6aee250add2c

SHA512
7e0d645cbd668b44463e18276d8a0fe92b4125a234479a1d71807a8012457e56252cb7b22cae5349e23394c2d6aaabeac6b7678e720bf917b3d5d139c19b7ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\setDBA.tmp

Filesize
145KB

MD5
323bff0939ec825e28d947af65a5eda1

SHA1
19c8d64eab423beda776febdffb4fe07036757ff

SHA256
cece9a446492277c62f3eddf049bc57504c5ab77554b7e25377d8e43c7f2c856

SHA512
c62c2e6cc34abe5c618fc3ebea27566d6a7396ccaa753f07e7f2adb3ca404649a167f8a3f1108dfeb1fccf653c186bba0bc6b6e88ff59c1bc350a4e66c1cde18

Download Submit
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp

Filesize
620KB

MD5
734bfdc5269c9f5d3cb5c70c3b1fb7cd

SHA1
8430a0e5dc8d4b85ff107d176e8c8c9b3ac05dc7

SHA256
cf45dc216ad13041c81911c9c1f5367e17a63e10bdf8065e6e2341cd5e114028

SHA512
625014078f8924aed95d36f3e2276d6568c7d51b5b70865f5a85dc53d12bfc89547550e325cfddec909a678bcf41c79baeb4f12b090e5b2ac81d86918a3b5403

Download Submit
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\IGdi.dll

Filesize
156KB

MD5
98098911f534ffb8b4b70101dc4ccf86

SHA1
22e40b9f75ad1e1b7340a86d8dc7ccb299e4212a

SHA256
e7b19016e5a2b337728a31998c1a0b3f7a724a323025751c5fcaad6b52e3b31a

SHA512
b35becbf4d9735b87fc67dbfeb316f4c9f0946fabf6341f950aa60a1766b3a102613e7fffde607f7ff5fd5fb6de56dacba52ac65be14e3c79be65d5a991f95b3

Download Submit
\Program Files (x86)\USB Vibration\7906\setup\setup.exe

Filesize
95KB

MD5
d92301094eedaab094578d63397c8b50

SHA1
a4991b322310eaaa857f1a826a9120c37daba1fe

SHA256
a807f2a847619f728590ab27c8ddfd15d406d08f1a0fb27e1d5ca92e3c247357

SHA512
193369846b4fdfb99b80ad35345eea2df331959e68171eae6a7ad8c12cb9616a8e2d4191797eae82349d6890e45d729ad7160763d973898f2646d3563635e8b8

Download Submit
\Users\Admin\AppData\Local\Temp\ispD0B.tmp\Setup.dll

Filesize
264KB

MD5
7f0e7fc1dc4b20bab20497d670761c6e

SHA1
16f2795a58ffb8481e1258d6e4e026bff56c9d90

SHA256
5a45fb7bba2bc79cbc66e657ce56b110538d5537b59ecf320baa053beea6d1e6

SHA512
c07d887dd73d24fae0c40ff511e3ffeeb2622d074e3224bad30416837e149ba96e49252436ea27612da7697d491b3af8b7e323da08b453ca708461c0722eafe3

Download Submit
\Users\Admin\AppData\Local\Temp\ispDDA.tmp\_Setup.dll

Filesize
152KB

MD5
028076a4fbf8fa58f18a60e3a5240e0a

SHA1
e88dbf4140ea02b812794158defd9518cbaae76b

SHA256
594820df4a61a930bcbbea6681361b173334ff925e4bcad138d48aaa36bc3b8d

SHA512
698178f9eb18ba9ae7d72168dbf3f803231aff16b2ac3d857105a55439e5ed5ed9190c384a3d5b430a00a87ab7a2ad31120bb9b39569ac6587f46137a0c23d7f

Download Submit
memory/2888-25-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download