Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 17:47

General

  • Target

    Marfrig/CP210x_VCP_Windows/CP210xVCPInstaller_x64.exe

  • Size

    655KB

  • MD5

    b3766c35b387ae1a624fc5e83a01e224

  • SHA1

    764c64bc23c7700dd07daebd968ce73154860964

  • SHA256

    cdd0b13eefadc1ad1fd815d188c377671c46a6822ee95590aca19f83b112c5f5

  • SHA512

    a2e3027513a90f9a9c6f42ab2a077b06e19b5d3ffe8cf1a09baedf9acd98651658a1daffbce56681f97b51048df8dfa2a92ee8c13f0666128fb2e777b7e473eb

  • SSDEEP

    6144:ssW7OzpPId26dQcEaUrPvwgwkRVagRoOQTiHaQsVIhVLpHf2mmP:YIId79EaUTvwieMowXzZ2tP

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 24 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Marfrig\CP210x_VCP_Windows\CP210xVCPInstaller_x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Marfrig\CP210x_VCP_Windows\CP210xVCPInstaller_x64.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2428
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{404b4df7-34ac-33b3-e049-3f4646fc7c19}\slabvcp.inf" "9" "64aaf301b" "0000000000000574" "WinSta0\Default" "0000000000000564" "208" "c:\users\admin\appdata\local\temp\marfrig\cp210x_vcp_windows"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{404B4~1\x64\WdfCoinstaller01009.dll

    Filesize

    1.6MB

    MD5

    4da5da193e0e4f86f6f8fd43ef25329a

    SHA1

    68a44d37ff535a2c454f2440e1429833a1c6d810

    SHA256

    18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

    SHA512

    b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

  • C:\Users\Admin\AppData\Local\Temp\{404B4~1\x64\silabenm.sys

    Filesize

    26KB

    MD5

    7799106fee728b907a86d9c9751e02d5

    SHA1

    f35320e535159d43b598c7c11684db05be4196a6

    SHA256

    ee85e8d3cf3819db28221bfc103de8df0e14e1878cecf54e8cd8c161b0e0af3c

    SHA512

    f91af958adf1b808fc6c30aa7fe9c6cf8c5c2a041327693403d9a12a06e7c5084d203433ba2d0917a3fc1a064626bce89526c5fb4b951f0a4aa07e84d237a99c

  • C:\Users\Admin\AppData\Local\Temp\{404B4~1\x64\silabser.sys

    Filesize

    71KB

    MD5

    447209c314e6e0d26e01962075802b18

    SHA1

    dd8af2e3aa38d2d6971568ebf2cf41848e0091f5

    SHA256

    ab1ac5854eb0edf66025609cf9cb5639014c264327f4dee1223bf7f6e1bd2d15

    SHA512

    e2f8470c31496d1547cf930dd32805407722f81f6846e4257bf28ce37bf635f8eda07a19e99fcbe10aad939e7912fed4aba098b58cccc66217f2965bf4d10c73

  • C:\Users\Admin\AppData\Local\Temp\{404b4df7-34ac-33b3-e049-3f4646fc7c19}\slabvcp.cat

    Filesize

    10KB

    MD5

    d1b527f83fced2a644fb7c99f8068547

    SHA1

    ff9526c4d1a623cbd079ed8287bbd2a60871e281

    SHA256

    e1e39974fd56e36204ab94693324019da45bea4816cc675ce45741cec63a143b

    SHA512

    39f624e3da7194a159056e9afa3d4cce8aa914f25a5d3047bea67617e5f6646d3d6ece9a35ac23fc782d0c62f470e99c930f68d44a6718d06885c3d0997b1275

  • C:\Users\Admin\AppData\Local\Temp\{404b4df7-34ac-33b3-e049-3f4646fc7c19}\slabvcp.inf

    Filesize

    4KB

    MD5

    3334197755fbbeeeb24b819a7288279c

    SHA1

    d680dee0f68d64ec53d0c5769879d15d387054cc

    SHA256

    453bfbe522e771db12c4dd0099a3e72f77916708440e7d7bbda429c7bbcb274e

    SHA512

    35b7a2f269929833f5db8e87217e8ab04a15dcbd4404a1c656ab7735b78784b5736412c78eb69087e7436cff62b0fd567d3b874d9f08ef296d0ea1912a062124

  • C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_neutral_39c892a42bf3fc8d\slabvcp.PNF

    Filesize

    15KB

    MD5

    2f83ec91a3db2ca874f6fdef977d2d1d

    SHA1

    425d569753b0dbb417ea208180b9e388237592d8

    SHA256

    466d1d278befa7a91ee48bde5ae80b9fa61a2c445ea2f98963b58994b01d9a19

    SHA512

    e373632a67249ab69f9fc34e8a1964438643e661d8059fb06f7fb99ea5d0da6c146e3081ca8da80e2a73b69c5e7bb077995bc526d1e578add3484d8c5aef05af