a8664afe17ba2a3b2112b41eb89334f86b4f921b5937e775f74098eb9f2af80b

Analysis

max time kernel
92s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

2.7MB
MD5

64114d2eeef70df310f2ea1fc34c232f
SHA1

3851fc1b1715a7052587bd430aa18b9aadad4b1b
SHA256

4e09d9006a6b4d57933df47e3b586859b8b790e8cade3869e8ed1eee8ca40ce1
SHA512

55a12e1627a1ee9a2680fbbca86813559caca3c6072d513658b685fefb435026db23a35dba1958ba6ec791f186072769d312b65dfd72ec242213d91c8ac7b767
SSDEEP

49152:FilF+Szj4hhTOAu6Z87PEhwGKJeEH5DgbbkvRJgZ:8l8I2OA/OcnKxH5MbkRqZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3892	setup.tmp
2788	DriverTuner.exe

Loads dropped DLL 7 IoCs

pid	Process
2788	DriverTuner.exe
2788	DriverTuner.exe
2788	DriverTuner.exe
2788	DriverTuner.exe
2788	DriverTuner.exe
2788	DriverTuner.exe
2788	DriverTuner.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 20 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_c46fb1889d563881\volmgr.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_429878ca49a21d99\pci.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_585900615f764770\usbport.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_b9219faf432b1e25\cdrom.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_4930e9ac235a7d97\cpu.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_702fdf2336d2162d\input.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_c5faa879d518215d\printqueue.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_963e5f90c3cb96e2\spaceport.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_46a68184927df9e8\disk.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_5653ba7de4b18c6f\monitor.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_e61357c1a331ecc4\hdaudio.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_d0a32e9741bbe0f8\hal.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_cf61c05bbeae918c\audioendpoint.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	DriverTuner.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_1493e724f07f9b39\vhdmp.PNF	DriverTuner.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DriverTuner\is-760L3.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-6LIOQ.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-VR95H.tmp	setup.tmp
File opened for modification	C:\Program Files (x86)\DriverTuner\unins000.dat	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-OR94S.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-V5VA4.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-ARGJG.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-VPPHN.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-3R1UO.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-5EQJD.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\update\is-RQ101.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\update\is-G769E.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\unins000.dat	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-6UREK.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\is-0PVJK.tmp	setup.tmp
File created	C:\Program Files (x86)\DriverTuner\update\is-PGL3D.tmp	setup.tmp

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fsreplication.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fssystem.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	DriverTuner.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_primitive.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_mcx.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_swcomponent.PNF	DriverTuner.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_volume.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	DriverTuner.exe
File created	C:\Windows\INF\rawsilo.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsencryption.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_camera.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_holographic.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_smrvolume.PNF	DriverTuner.exe
File created	C:\Windows\INF\miradisp.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_extension.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_scmdisk.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_nvmedisk.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_netdriver.PNF	DriverTuner.exe
File created	C:\Windows\INF\wsdprint.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_ucm.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_apo.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsundelete.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_proximity.PNF	DriverTuner.exe
File created	C:\Windows\INF\oposdrv.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fscompression.PNF	DriverTuner.exe
File created	C:\Windows\INF\dc1-controller.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_smrdisk.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fshsm.PNF	DriverTuner.exe
File created	C:\Windows\INF\xusb22.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_monitor.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_display.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_scmvolume.PNF	DriverTuner.exe
File created	C:\Windows\INF\rdcameradriver.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_firmware.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	DriverTuner.exe
File created	C:\Windows\INF\remoteposdrv.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_sslaccel.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_diskdrive.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_media.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_linedisplay.PNF	DriverTuner.exe
File created	C:\Windows\INF\c_processor.PNF	DriverTuner.exe
File created	C:\Windows\INF\ts_generic.PNF	DriverTuner.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverTuner.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003\	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003\	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver	DriverTuner.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DriverTuner.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DriverTuner.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1852	schtasks.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3892	setup.tmp
2788	DriverTuner.exe
2788	DriverTuner.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2788	DriverTuner.exe
2788	DriverTuner.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 3892	2268	setup.exe	81
PID 2268 wrote to memory of 3892	2268	setup.exe	81
PID 2268 wrote to memory of 3892	2268	setup.exe	81
PID 3892 wrote to memory of 4232	3892	setup.tmp	84
PID 3892 wrote to memory of 4232	3892	setup.tmp	84
PID 3892 wrote to memory of 4232	3892	setup.tmp	84
PID 3892 wrote to memory of 1852	3892	setup.tmp	85
PID 3892 wrote to memory of 1852	3892	setup.tmp	85
PID 3892 wrote to memory of 1852	3892	setup.tmp	85
PID 3892 wrote to memory of 2788	3892	setup.tmp	88
PID 3892 wrote to memory of 2788	3892	setup.tmp	88
PID 3892 wrote to memory of 2788	3892	setup.tmp	88

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\is-RP43J.tmp\setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RP43J.tmp\setup.tmp" /SL5="$4024C,2370600,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Delete /F /TN "DriverTuner Startup"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4232
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Create /SC ONLOGON /TN "DriverTuner Startup" /TR "'C:\Program Files (x86)\DriverTuner\DriverTuner.exe' --boot"
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:1852
- - C:\Program Files (x86)\DriverTuner\DriverTuner.exe
    "C:\Program Files (x86)\DriverTuner\DriverTuner.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DriverTuner\DriverTuner.exe

Filesize
10.1MB

MD5
975246772f1df05d167c5ce9e477c750

SHA1
70945257232292a26dd05800ffc96dac574bbbaf

SHA256
f007fe3a81d759dcb1ba3cd550e4bf94de46beb1f83a61022aba00c93e67bc0e

SHA512
c83eb224a1eb4c6b23e6d3d6ba2e16182b7c76c6cf9ab32a8d478e856162ba708d88798144ce8d278954285c240a8d90e98141829c885c655e9d9c1e9901f646

Download Submit
C:\Program Files (x86)\DriverTuner\MSVCP100.dll

Filesize
411KB

MD5
108bc9e7fa969af0ff88b56156af4259

SHA1
3683a665d5a15b945d62745c3ae64038d5d2918e

SHA256
d0045c4197b95a153f0e016a1e9b860e57107307a54cadf90b913f59a37622e8

SHA512
bd414151718a13fabd8d76cd3146a7dbc817ae6ee3791f4f13c2827b7f6b361308a69d498436c3c36bf43771b159e2172d8d5e2062c179941f6b3a3c8bd24f0d

Download Submit
C:\Program Files (x86)\DriverTuner\language.ini

Filesize
89KB

MD5
e882ea4db8038bfc59c4f9651ec7cdfb

SHA1
46f66bfeb08b02bb0a9229a0e49abddc91687094

SHA256
e2b4dbac5a5fb1d5b0438a595961d3245fb64409d609b1e5dc4754472c041a3b

SHA512
57b3a6cb6b1ab2dc04d95cd9ffcf072944a02412a1bfefe58c03b22a837ac5611536391c4a8c38b1a2bc3060643b0454e14539c8b2880ef5328e78251c657ca7

Download Submit
C:\Program Files (x86)\DriverTuner\libcurlds.dll

Filesize
346KB

MD5
e2c7ec09480a01267efb23c71d875196

SHA1
30b368fa85284f0262bfec718d38547af7a30761

SHA256
1f393727f678d35c58d98b56891d0d8fe76736ba9746a6931bbe6d1aabb9adb0

SHA512
76163ac1e42bd43e08e974406b459b4432d3a2fce340464ca8c1386e3c61bc7d4028f3750d6cf09bbed309b4cc593ee00483782fe204905a404e5145c003bc53

Download Submit
C:\Program Files (x86)\DriverTuner\msvcr100.dll

Filesize
751KB

MD5
91d114d13079f75d859f8c94667fe8d0

SHA1
128a08ee420fcca2b5a02f7d1e07995bdcf211c0

SHA256
1d471b672bde77ec58d8e50bb6c0d6dce26cb37e2d92dd0c992f86112f8fcdd9

SHA512
809f19263a1aa66e7b0a3f68f55ef9185a73be6358c38a0094e721095ebc592ac12fc3928c0aa8a2d8dee5b545486fc39dcec5be86cb8268e5cdbb43c82c116c

Download Submit
C:\Program Files (x86)\DriverTuner\zlibwapi.dll

Filesize
90KB

MD5
33c80755de4de6b6470a1004658efda2

SHA1
7cc916e5787300093e1910e97d15a88feb2b050f

SHA256
218897a19abf4eb5f28d6042060d36b8e6bb0cb20417d6595bd44ab0edf7e0c2

SHA512
9254c5eb6fbc5a21d12c8e82914e2cb7a1c3382afeef0322500f0e91042e245f0e2a77ca6efc6376ff9c0532df4b72ee2d52d473a1ebbda5f20cff3afa44f8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RP43J.tmp\setup.tmp

Filesize
1.1MB

MD5
b277e6ac242fcbc37f4d03e1528949c1

SHA1
2602407044a6bad216d3856eaf8fb990e0f1094f

SHA256
9461ae8a13a57c0d8490916dc1e1bb20cb0c171b9852d0846a03c4c4d212f204

SHA512
80d8b934ff63e4a7df3dabb9e6435c2d5ea542624b238be8a27b53c63be8dc244d46d4d9db1950b6d67d91dde12f3d819e7e4453536595d6385c65d2c6bbf5f7

Download Submit
memory/2268-12-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2268-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/2268-78-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2268-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3892-14-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3892-7-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3892-60-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3892-77-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads