Windows Analysis Report
IEW113_2311a.exe

Overview

General Information

Sample name: IEW113_2311a.exe
Analysis ID: 1540035
MD5: 1bb2447f9ae84781bcfa73eda1606d72
SHA1: 6c875dd5404a67ceb1d3aee207be4286cbd8dd93
SHA256: 45f839521bdf4ebfeb32d8dd17ea33133e3c7ae67c6859380bea02cf56cf30f6
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Compliance

Score: 49
Range: 0 - 100

Signatures

Creates files in the system32 config directory
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the driver directory
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Driver Install by pnputil.exe
Sigma detected: Suspicious Execution From GUID Like Folder Names
Stores files to the Windows start menu directory
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Compliance
barindex
Uses 32bit PE files
Source: IEW113_2311a.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\default.jpg Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\EULA.rtf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Webcam.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\webcam_help.ico Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\imagingedgewebcam.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\ImagingEdgeWebcamLauncher.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\License.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_USB.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\libusb-1.0.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_WIA.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjCore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\mfc140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\mfcm140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\USBReset.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\EULA.rtf Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\License.txt Jump to behavior
Source: IEW113_2311a.exe Static PE information: certificate valid
Source: IEW113_2311a.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: SetupIEW.msi.0.dr, 3b1c81.msi.3.dr
Source: Binary string: MFCM140U.amd64.pdb source: mfcm140u.dll.3.dr
Source: Binary string: msvcp140.amd64.pdb source: msvcp140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Installer\Installer\bin\x64\Release\IDCCustomProc\IDCCustomProc.pdb source: SetupIEW.msi.0.dr, MSI239A.tmp.3.dr, MSI1F71.tmp.3.dr, MSIF12C.tmp.2.dr, MSI1E56.tmp.3.dr, MSIF18A.tmp.2.dr, 3b1c81.msi.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_WIA.pdb source: Lja_PTP_WIA.dll.3.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr
Source: Binary string: msvcp140.amd64.pdbGCTL source: msvcp140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_WIA.pdb>*$GCTL source: Lja_PTP_WIA.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\obj\x64\Release\x64\Release\ImagingEdgeWebcamLauncher.pdb source: ImagingEdgeWebcamLauncher.exe.3.dr
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Installer\Installer\bin\x64\Release\IDCCustomProc\IDCCustomProc.pdbG5#GCTL source: SetupIEW.msi.0.dr, MSI239A.tmp.3.dr, MSI1F71.tmp.3.dr, MSIF12C.tmp.2.dr, MSI1E56.tmp.3.dr, MSIF18A.tmp.2.dr, 3b1c81.msi.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam.pdb source: pnputil.exe, 0000000B.00000002.4180572792.0000023325EA7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1880800954.000001DD9B391000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876395031.000001DD9AE6D000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam.dll.3.dr, SET27EC.tmp.13.dr, SET2618.tmp.11.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_USB.pdb source: Lja_PTP_USB.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam_Driver.pdb source: pnputil.exe, 0000000B.00000002.4180572792.0000023325E2D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.4180561913.000001DD9AEF0000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam_Driver.dll.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.3.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_USB.pdb?+#GCTL source: Lja_PTP_USB.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjCore.pdb source: LjCore.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\USBReset.pdb source: USBReset.exe.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\Webcam.pdb3.*GCTL source: Webcam.exe.3.dr
Source: Binary string: PackmanExtractor.pdb source: IEW113_2311a.exe
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam.pdbee source: pnputil.exe, 0000000B.00000002.4180572792.0000023325EA7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1880800954.000001DD9B391000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876395031.000001DD9AE6D000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam.dll.3.dr, SET27EC.tmp.13.dr, SET2618.tmp.11.dr
Source: Binary string: C:\Users\SDNA\Desktop\libusb\libusb\lib\Release\libusb-1.0.pdb source: libusb-1.0.dll.3.dr
Source: Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\Webcam.pdb source: Webcam.exe.3.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1B2C0 FindFirstFileW,FindClose, 0_2_00D1B2C0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1E890 GetSystemTime,SystemTimeToFileTime,FindFirstFileW,FindNextFileW,FindClose,GetLastError, 0_2_00D1E890
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D15BD0 FindFirstFileW,CompareStringW,FindNextFileW,GetLastError,FindClose,CompareStringW, 0_2_00D15BD0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1B350 _wcsrchr,FindFirstFileW,DeleteFileW,GetLastError,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW, 0_2_00D1B350
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D24350 _wcsrchr,FindFirstFileW,FindNextFileW,GetLastError, 0_2_00D24350
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 198.187.3.20.in-addr.arpa replaycode: Name error (3)
Source: unknown DNS traffic detected: query: 56.163.245.4.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 0000000E.00000002.4181972577.00000221F9679000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0DO
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: drvinst.exe, 0000000D.00000003.1877018608.000001DD9AE6A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876427804.000001DD9AE6A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCer
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.4180898661.00000221F9467000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876395031.000001DD9AE6D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1882608934.00000221F943D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.4180898661.00000221F9425000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.4180898661.00000221F9467000.00000004.00000020.00020000.00000000.sdmp, IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl:
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crlB
Source: rundll32.exe, 0000000E.00000002.4180898661.00000221F93F7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crlE4
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crlH
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crlV
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crln
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crlt
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: LjCore.dll.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl9
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlH
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlq
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: libusb-1.0.dll.3.dr String found in binary or memory: http://libusb.info
Source: libusb-1.0.dll.3.dr String found in binary or memory: http://libusb.infoneed
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, MSI1F71.tmp.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: drvinst.exe, 0000000D.00000002.4180561913.000001DD9AE93000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: drvinst.exe, 0000000D.00000003.1879279442.000001DD9AEAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comB
Source: drvinst.exe, 0000000D.00000003.1881142044.000001DD9AEA6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digice
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: http://wixtoolset.org
Source: IEW113_2311a.exe, libusb-1.0.dll.3.dr, SetupIEW.msi.0.dr, SET25F7.tmp.11.dr, ImagingEdgeWebcam_Driver.dll.3.dr, ImagingEdgeWebcam.dll.3.dr, imagingedgewebcam.cat.3.dr, SET27EC.tmp.13.dr, ImagingEdgeWebcamLauncher.exe.3.dr, Webcam.exe.3.dr, Lja_PTP_USB.dll.3.dr, SET27DC.tmp.13.dr, SET2618.tmp.11.dr, Lja_PTP_WIA.dll.3.dr, 3b1c81.msi.3.dr, USBReset.exe.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr, LjCore.dll.3.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: libusb-1.0.dll.3.dr String found in binary or memory: http://www.gnu.org/licenses/lgpl-2.1.htmlF
Source: License.txt.3.dr String found in binary or memory: https://github.com/microsoft/Windows-driver-samples)
Source: SetupIEW.msi.0.dr, 3b1c81.msi.3.dr String found in binary or memory: https://oss.sony.net/Products/Linux/
Source: MSI1F71.tmp.3.dr String found in binary or memory: https://support.d-imaging.sony.co.jp/app/webcam/l/instruction/index.php
Source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr String found in binary or memory: https://www.digicert.com/CPS0
Drops certificate files (DER)
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\SET25F7.tmp Jump to dropped file
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam.cat (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27DC.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat (copy) Jump to dropped file
Creates files inside the driver directory
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803} Jump to behavior
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3b1c81.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1E56.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1EC5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{77F8518A-144A-4DB2-80EB-C544B68375EE} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1F71.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1F92.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI239A.tmp Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\INF\c_camera.PNF Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1E56.tmp Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2A360 0_2_00D2A360
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D15480 0_2_00D15480
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D20AC0 0_2_00D20AC0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D35070 0_2_00D35070
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D3A172 0_2_00D3A172
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D3E27B 0_2_00D3E27B
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2BED0 0_2_00D2BED0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D32EAF 0_2_00D32EAF
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: String function: 00D42480 appears 39 times
Sample file is different than original file name gathered from version info
Source: IEW113_2311a.exe, 00000000.00000002.4182134713.0000000000D57000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamePackmanExtractor.exe. vs IEW113_2311a.exe
Source: IEW113_2311a.exe, 00000001.00000002.4180804615.0000000000D57000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamePackmanExtractor.exe. vs IEW113_2311a.exe
Source: IEW113_2311a.exe Binary or memory string: OriginalFilenamePackmanExtractor.exe. vs IEW113_2311a.exe
Uses 32bit PE files
Source: IEW113_2311a.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: sus24.evad.winEXE@22/71@2/0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1A830 GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceExW,GetModuleFileNameW, 0_2_00D1A830
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2BED0 ResetEvent,WaitForMultipleObjects,ResetEvent,CreateToolhelp32Snapshot,GetLastError,WaitForMultipleObjects,ResetEvent,WaitForSingleObject,Process32FirstW,Process32NextW,CloseHandle,__dtol3,__dtol3,EnterCriticalSection,CloseHandle,LeaveCriticalSection,WaitForMultipleObjects,EnterCriticalSection,LeaveCriticalSection,WaitForMultipleObjects,WaitForMultipleObjects,WaitForMultipleObjects,ResetEvent,EnterCriticalSection,LeaveCriticalSection,SetEvent,ResetEvent,ResetEvent,CloseHandle, 0_2_00D2BED0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D21BF0 GetWindowLongW,SetWindowLongW,SetWindowLongW,SetWindowLongW,SetWindowPos,GetSystemMenu,EnableMenuItem,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,LoadImageW,LoadImageW,LoadImageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetDlgItem,GetDlgItem,IsWindow,SendMessageW,SendMessageW,CoCreateInstance,KiUserCallbackDispatcher,SetTimer,ShowWindow,SetForegroundWindow,ResetEvent, 0_2_00D21BF0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D235D0 CreateCompatibleDC,EnumFontFamiliesExW,DeleteDC,FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalFree,GlobalUnlock,GlobalUnlock, 0_2_00D235D0
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7988:120:WilError_03
Source: C:\Users\user\Desktop\IEW113_2311a.exe File created: C:\Users\user\AppData\Local\Temp\SPackTool Jump to behavior
Source: IEW113_2311a.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\IEW113_2311a.exe File read: C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Support\Settings.ini Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{94bae122-cba7-1d4a-abe9-55200fb5c9ba} Global\{f15111e6-e2a2-7143-bb08-c644d6dcff21} C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.inf C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat
Source: C:\Users\user\Desktop\IEW113_2311a.exe File read: C:\Users\user\Desktop\IEW113_2311a.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\IEW113_2311a.exe "C:\Users\user\Desktop\IEW113_2311a.exe"
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Users\user\Desktop\IEW113_2311a.exe "C:\Users\user\Desktop\IEW113_2311a.exe" -run {192AB307-8DDD-45B1-BC93-D10838BCC13F} 0|Yes|No|C:\Windows\System32\msiexec.exe /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 87308A77B4DC65560968A93A1904E71A C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 026172C647FCA3CC45C109DD1CF65201
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1F622DA67DE9472AD76099B184CCC342
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 41D4778385EEC697935AEB0EB737BBE8 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\cmd.exe cmd /c pnputil /add-driver "C:\Program Files\Sony\Imaging Edge Webcam\Driver\*.inf" /install
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\pnputil.exe pnputil /add-driver "C:\Program Files\Sony\Imaging Edge Webcam\Driver\*.inf" /install
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam_Driver.inf" "9" "40c79f59f" "000000000000015C" "WinSta0\Default" "0000000000000168" "208" "C:\Program Files\Sony\Imaging Edge Webcam\Driver"
Source: C:\Windows\System32\drvinst.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{94bae122-cba7-1d4a-abe9-55200fb5c9ba} Global\{f15111e6-e2a2-7143-bb08-c644d6dcff21} C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.inf C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Users\user\Desktop\IEW113_2311a.exe "C:\Users\user\Desktop\IEW113_2311a.exe" -run {192AB307-8DDD-45B1-BC93-D10838BCC13F} 0|Yes|No|C:\Windows\System32\msiexec.exe /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 87308A77B4DC65560968A93A1904E71A C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 026172C647FCA3CC45C109DD1CF65201 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1F622DA67DE9472AD76099B184CCC342 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 41D4778385EEC697935AEB0EB737BBE8 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\cmd.exe cmd /c pnputil /add-driver "C:\Program Files\Sony\Imaging Edge Webcam\Driver\*.inf" /install Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\pnputil.exe pnputil /add-driver "C:\Program Files\Sony\Imaging Edge Webcam\Driver\*.inf" /install Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{94bae122-cba7-1d4a-abe9-55200fb5c9ba} Global\{f15111e6-e2a2-7143-bb08-c644d6dcff21} C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.inf C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: drvsetup.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\pnputil.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: pnpui.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe File written: C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Support\Settings.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: Agree
Source: C:\Windows\System32\msiexec.exe Automated click: Next
Source: C:\Windows\System32\msiexec.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: C:\Windows\System32\rundll32.exe Automated click: Install
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\default.jpg Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\EULA.rtf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Webcam.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\webcam_help.ico Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\imagingedgewebcam.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.inf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\ImagingEdgeWebcamLauncher.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\License.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_USB.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\libusb-1.0.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_WIA.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\LjCore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\msvcp140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\mfc140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\mfcm140u.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Sony\Imaging Edge Webcam\USBReset.exe Jump to behavior
Source: IEW113_2311a.exe Static PE information: certificate valid
Source: IEW113_2311a.exe Static file information: File size 5302512 > 1048576
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: IEW113_2311a.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: IEW113_2311a.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: SetupIEW.msi.0.dr, 3b1c81.msi.3.dr
Source: Binary string: MFCM140U.amd64.pdb source: mfcm140u.dll.3.dr
Source: Binary string: msvcp140.amd64.pdb source: msvcp140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Installer\Installer\bin\x64\Release\IDCCustomProc\IDCCustomProc.pdb source: SetupIEW.msi.0.dr, MSI239A.tmp.3.dr, MSI1F71.tmp.3.dr, MSIF12C.tmp.2.dr, MSI1E56.tmp.3.dr, MSIF18A.tmp.2.dr, 3b1c81.msi.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_WIA.pdb source: Lja_PTP_WIA.dll.3.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MSI1F92.tmp.3.dr, SetupIEW.msi.0.dr, MSI1F71.tmp.3.dr, MSI1EC5.tmp.3.dr, 3b1c81.msi.3.dr
Source: Binary string: msvcp140.amd64.pdbGCTL source: msvcp140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_WIA.pdb>*$GCTL source: Lja_PTP_WIA.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\obj\x64\Release\x64\Release\ImagingEdgeWebcamLauncher.pdb source: ImagingEdgeWebcamLauncher.exe.3.dr
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Installer\Installer\bin\x64\Release\IDCCustomProc\IDCCustomProc.pdbG5#GCTL source: SetupIEW.msi.0.dr, MSI239A.tmp.3.dr, MSI1F71.tmp.3.dr, MSIF12C.tmp.2.dr, MSI1E56.tmp.3.dr, MSIF18A.tmp.2.dr, 3b1c81.msi.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam.pdb source: pnputil.exe, 0000000B.00000002.4180572792.0000023325EA7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1880800954.000001DD9B391000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876395031.000001DD9AE6D000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam.dll.3.dr, SET27EC.tmp.13.dr, SET2618.tmp.11.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_USB.pdb source: Lja_PTP_USB.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam_Driver.pdb source: pnputil.exe, 0000000B.00000002.4180572792.0000023325E2D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.4180561913.000001DD9AEF0000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam_Driver.dll.3.dr, SET27FD.tmp.13.dr, SET2638.tmp.11.dr
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.3.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjAdapter\Lja_PTP_USB.pdb?+#GCTL source: Lja_PTP_USB.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\LjCore.pdb source: LjCore.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\USBReset.pdb source: USBReset.exe.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\Webcam.pdb3.*GCTL source: Webcam.exe.3.dr
Source: Binary string: PackmanExtractor.pdb source: IEW113_2311a.exe
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\Driver\ImagingEdgeWebcam.pdbee source: pnputil.exe, 0000000B.00000002.4180572792.0000023325EA7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1880800954.000001DD9B391000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1876395031.000001DD9AE6D000.00000004.00000020.00020000.00000000.sdmp, ImagingEdgeWebcam.dll.3.dr, SET27EC.tmp.13.dr, SET2618.tmp.11.dr
Source: Binary string: C:\Users\SDNA\Desktop\libusb\libusb\lib\Release\libusb-1.0.pdb source: libusb-1.0.dll.3.dr
Source: Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.3.dr
Source: Binary string: D:\ohshima\sony\iew\IEW_win\Application\bin\x64\Release\App\Webcam.pdb source: Webcam.exe.3.dr
Source: IEW113_2311a.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: IEW113_2311a.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: IEW113_2311a.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: IEW113_2311a.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: IEW113_2311a.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Binary contains a suspicious time stamp
Source: ImagingEdgeWebcamLauncher.exe.3.dr Static PE information: 0xE7A7E0D0 [Fri Feb 27 02:09:20 2093 UTC]
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D11120 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z,GetSystemDirectoryW,LoadLibraryW,GetProcAddress, 0_2_00D11120
PE file contains sections with non-standard names
Source: ImagingEdgeWebcam.dll.3.dr Static PE information: section name: _RDATA
Source: ImagingEdgeWebcam_Driver.dll.3.dr Static PE information: section name: _RDATA
Source: msvcp140.dll.3.dr Static PE information: section name: .didat
Source: mfc140u.dll.3.dr Static PE information: section name: .didat
Source: mfcm140u.dll.3.dr Static PE information: section name: .nep
Source: SET2618.tmp.11.dr Static PE information: section name: _RDATA
Source: SET2638.tmp.11.dr Static PE information: section name: _RDATA
Source: SET27EC.tmp.13.dr Static PE information: section name: _RDATA
Source: SET27FD.tmp.13.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D424C6 push ecx; ret 0_2_00D424D9

Persistence and Installation Behavior
barindex
Creates files in the system32 config directory
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db Jump to behavior
Source: C:\Windows\System32\rundll32.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db Jump to behavior
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_USB.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\LjCore.dll Jump to dropped file
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\SET2638.tmp Jump to dropped file
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam_Driver.dll (copy) Jump to dropped file
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam.dll (copy) Jump to dropped file
Source: C:\Windows\System32\pnputil.exe File created: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\SET2618.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIF12C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\USBReset.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSIF18A.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\mfc140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\libusb-1.0.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27FD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_WIA.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\msvcp140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI239A.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\ImagingEdgeWebcamLauncher.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1E56.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1F92.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\mfcm140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\Webcam.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\vcruntime140.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1EC5.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27EC.tmp Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI239A.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1E56.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1F92.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1EC5.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27EC.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27FD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\EULA.rtf Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\Sony\Imaging Edge Webcam\License.txt Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imaging Edge Webcam Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D20AC0 KiUserCallbackDispatcher,ShowWindow,IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetModuleHandleW,GetProcAddress,GetCommandLineW,SetEvent,SetWindowTextW,SetDlgItemTextW,SetDlgItemTextW,SendMessageW,KillTimer,IsWindow,KiUserCallbackDispatcher,GetSystemMenu,EnableMenuItem,SetDlgItemTextW,ShowWindow,ShowWindow,IsWindow,EnableWindow,GetSystemMenu,EnableMenuItem,SetDlgItemTextW,IsWindow,EnableWindow,GetSystemMenu,EnableMenuItem,SetDlgItemTextW,ShowWindow,SetEvent, 0_2_00D20AC0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\pnputil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\pnputil.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: IEW113_2311a.exe Binary or memory string: UA0UALPK.DLLUSP10.DLLVERSION.DLLUSER32.DLLOLE32.DLLOLEAUT32.DLLMSVCRT.DLLSHLWAPI.DLLGDI32.DLLURLMON.DLLWININET.DLLIMAGEHLP.DLLWLDAP32.DLLCRYPT32.DLLIMM32.DLLCOMRES.DLLXPSP2RES.DLLWS2HELP.DLLCABINET.DLLSAMLIB.DLLUXTHEME.DLLMSCTF.DLLMSASN1.DLLCLBCATQ.DLLNETAPI32.DLLRSAENH.DLLAPPHELP.DLLMSXML3.DLLSETUPAPI.DLLMSCTFIME.IMEIMJP81.IMEIMJP81K.DLLIMJP9K.DLLIMJP10K.DLLIMJP12K.DLLIMJP14K.DLL..\IME\IMJP8_1\DICTS\IMJPCD.DICWINTRUST.DLLRICHED20.DLLCRYPTUI.DLLSHDOCVW.DLLMLANG.DLLWS2_32.DLLUSERENV.DLLPSAPI.DLLSENSAPI.DLLWINHTTP.DLLCRYPTNET.DLLWBEM\WBEMCOMN.DLLWBEM\WBEMPROX.DLLWBEM\WBEMSVC.DLLMSVCP60.DLLDNSAPI.DLLNTDSAPI.DLLHNETCFG.DLLWINMM.DLLRTUTILS.DLLTAPI32.DLLRASMAN.DLLRASAPI32.DLLWBEM\FASTPROX.DLLNTMARTA.DLLRASADHLP.DLLMPR.DLLCOMDLG32.DLLSHDOCLC.DLLCSCDLL.DLLBROWSEUI.DLLATL.DLLNTSHRUI.DLLLINKINFO.DLLDRPROV.DLLMYDOCS.DLLCSCUI.DLLNETRAP.DLLNETUI0.DLLNETUI1.DLLNTLANMAN.DLLDAVCLNT.DLLSHGINA.DLLODBCINT.DLLODBC32.DLLMSGINA.DLLWINSTA.DLLMSTASK.DLLWSOCK32.DLLWEBCHECK.DLLOCCACHE.DLLADSLDPC.DLLACTIVEDS.DLLTWEXT.DLLWIASHEXT.DLLBCRYPT.DLLNSI.DLLIME\SHARED\IMETIP.DLLIME\SHARED\IMECFM.DLLIME\IMEJP10\IMJPAPI.DLLIME\SHARED\IMJKAPI.DLLIME\SHARED\IMEAPIS.DLLIERTUTIL.DLLPROPSYS.DLLOLEACC.DLLIME\IMEJP10\IMJPTIP.DLLSLC.DLLGPAPI.DLLNCRYPT.DLLWINNSI.DLLDHCPCSVC6.DLLDHCPCSVC.DLLIPHLPAPI.DLLNORMALIZ.DLLWINDOWSCODECS.DLLDUSER.DLLXMLLITE.DLLCSCAPI.DLLPORTABLEDEVICEAPI.DLLWMASF.DLLNETWORKITEMFACTORY.DLLNPMPROXY.DLLACTXPRXY.DLLMSSPRXY.DLLNETWORKEXPLORER.DLLWPDSHEXT.DLLWMVCORE.DLLAUDIODEV.DLLFIREWALLAPI.DLLDTSH.DLLSXS.DLLEXPLORERFRAME.DLLIEFRAME.DLLDWMAPI.DLLCRYPTBASE.DLLCRYPTSP.DLLRPCRTREMOTE.DLLWBEMCOMN.DLLPROFAPI.DLLSSPICLI.DLLDUI70.DLLEXPLORERFRAME.DLLDEVOBJ.DLLCFGMGR32.DLLAUTHZ.DLLPEERDIST.DLLWEBIO.DLLSECUR32.DLLEHSTORSHELL.DLLNETUTILS.DLLMSXML6.DLLWKSCLI.DLLEHSTORAPI.DLLSRVCLI.DLLSAMCLI.DLLSEARCHFOLDER.DLLSTRUCTUREDQUERY.DLLMAPI32.DLLTQUERY.DLLDAVHLPR.DLLMSSVP.DLLAPI-MS-WIN-CORE-SYNCH-L1-2-0.DLLAPI-MS-WIN-CORE-FIBERS-L1-1-1.DLLAPI-MS-WIN-CORE-LOCALIZATION-L1-2-1.DLLAPI-MS-WIN-APPMODEL-RUNTIME-L1-1-1.DLLEXT-MS-WIN-KERNEL32-PACKAGE-CURRENT-L1-1-0.DLLIMAGERES.DLLMSFTE.DLLMSTRACER.DLLSETDEFAULTDLLDIRECTORIES
Source: IEW113_2311a.exe, 00000000.00000002.4182035078.0000000000D47000.00000002.00000001.01000000.00000003.sdmp, IEW113_2311a.exe, 00000000.00000000.1705523045.0000000000D47000.00000002.00000001.01000000.00000003.sdmp, IEW113_2311a.exe, 00000001.00000000.1729480468.0000000000D47000.00000002.00000001.01000000.00000003.sdmp, IEW113_2311a.exe, 00000001.00000002.4180630000.0000000000D47000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: LPK.DLLUSP10.DLLVERSION.DLLUSER32.DLLOLE32.DLLOLEAUT32.DLLMSVCRT.DLLSHLWAPI.DLLGDI32.DLLURLMON.DLLWININET.DLLIMAGEHLP.DLLWLDAP32.DLLCRYPT32.DLLIMM32.DLLCOMRES.DLLXPSP2RES.DLLWS2HELP.DLLCABINET.DLLSAMLIB.DLLUXTHEME.DLLMSCTF.DLLMSASN1.DLLCLBCATQ.DLLNETAPI32.DLLRSAENH.DLLAPPHELP.DLLMSXML3.DLLSETUPAPI.DLLMSCTFIME.IMEIMJP81.IMEIMJP81K.DLLIMJP9K.DLLIMJP10K.DLLIMJP12K.DLLIMJP14K.DLL..\IME\IMJP8_1\DICTS\IMJPCD.DICWINTRUST.DLLRICHED20.DLLCRYPTUI.DLLSHDOCVW.DLLMLANG.DLLWS2_32.DLLUSERENV.DLLPSAPI.DLLSENSAPI.DLLWINHTTP.DLLCRYPTNET.DLLWBEM\WBEMCOMN.DLLWBEM\WBEMPROX.DLLWBEM\WBEMSVC.DLLMSVCP60.DLLDNSAPI.DLLNTDSAPI.DLLHNETCFG.DLLWINMM.DLLRTUTILS.DLLTAPI32.DLLRASMAN.DLLRASAPI32.DLLWBEM\FASTPROX.DLLNTMARTA.DLLRASADHLP.DLLMPR.DLLCOMDLG32.DLLSHDOCLC.DLLCSCDLL.DLLBROWSEUI.DLLATL.DLLNTSHRUI.DLLLINKINFO.DLLDRPROV.DLLMYDOCS.DLLCSCUI.DLLNETRAP.DLLNETUI0.DLLNETUI1.DLLNTLANMAN.DLLDAVCLNT.DLLSHGINA.DLLODBCINT.DLLODBC32.DLLMSGINA.DLLWINSTA.DLLMSTASK.DLLWSOCK32.DLLWEBCHECK.DLLOCCACHE.DLLADSLDPC.DLLACTIVEDS.DLLTWEXT.DLLWIASHEXT.DLLBCRYPT.DLLNSI.DLLIME\SHARED\IMETIP.DLLIME\SHARED\IMECFM.DLLIME\IMEJP10\IMJPAPI.DLLIME\SHARED\IMJKAPI.DLLIME\SHARED\IMEAPIS.DLLIERTUTIL.DLLPROPSYS.DLLOLEACC.DLLIME\IMEJP10\IMJPTIP.DLLSLC.DLLGPAPI.DLLNCRYPT.DLLWINNSI.DLLDHCPCSVC6.DLLDHCPCSVC.DLLIPHLPAPI.DLLNORMALIZ.DLLWINDOWSCODECS.DLLDUSER.DLLXMLLITE.DLLCSCAPI.DLLPORTABLEDEVICEAPI.DLLWMASF.DLLNETWORKITEMFACTORY.DLLNPMPROXY.DLLACTXPRXY.DLLMSSPRXY.DLLNETWORKEXPLORER.DLLWPDSHEXT.DLLWMVCORE.DLLAUDIODEV.DLLFIREWALLAPI.DLLDTSH.DLLSXS.DLLEXPLORERFRAME.DLLIEFRAME.DLLDWMAPI.DLLCRYPTBASE.DLLCRYPTSP.DLLRPCRTREMOTE.DLLWBEMCOMN.DLLPROFAPI.DLLSSPICLI.DLLDUI70.DLLEXPLORERFRAME.DLLDEVOBJ.DLLCFGMGR32.DLLAUTHZ.DLLPEERDIST.DLLWEBIO.DLLSECUR32.DLLEHSTORSHELL.DLLNETUTILS.DLLMSXML6.DLLWKSCLI.DLLEHSTORAPI.DLLSRVCLI.DLLSAMCLI.DLLSEARCHFOLDER.DLLSTRUCTUREDQUERY.DLLMAPI32.DLLTQUERY.DLLDAVHLPR.DLLMSSVP.DLLAPI-MS-WIN-CORE-SYNCH-L1-2-0.DLLAPI-MS-WIN-CORE-FIBERS-L1-1-1.DLLAPI-MS-WIN-CORE-LOCALIZATION-L1-2-1.DLLAPI-MS-WIN-APPMODEL-RUNTIME-L1-1-1.DLLEXT-MS-WIN-KERNEL32-PACKAGE-CURRENT-L1-1-0.DLLIMAGERES.DLLMSFTE.DLLMSTRACER.DLLSETDEFAULTDLLDIRECTORIES
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_USB.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\LjCore.dll Jump to dropped file
Source: C:\Windows\System32\pnputil.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\SET2638.tmp Jump to dropped file
Source: C:\Windows\System32\pnputil.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam_Driver.dll (copy) Jump to dropped file
Source: C:\Windows\System32\pnputil.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\ImagingEdgeWebcam.dll (copy) Jump to dropped file
Source: C:\Windows\System32\pnputil.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\SET2618.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF12C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\USBReset.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF18A.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\mfc140u.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\libusb-1.0.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27FD.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\LjAdapter\Lja_PTP_WIA.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI239A.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam_Driver.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\ImagingEdgeWebcamLauncher.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\Driver\ImagingEdgeWebcam.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam_Driver.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1E56.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1F92.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\mfcm140u.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\Sony\Imaging Edge Webcam\Webcam.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1EC5.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\SET27EC.tmp Jump to dropped file
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\IEW113_2311a.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1B2C0 FindFirstFileW,FindClose, 0_2_00D1B2C0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1E890 GetSystemTime,SystemTimeToFileTime,FindFirstFileW,FindNextFileW,FindClose,GetLastError, 0_2_00D1E890
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D15BD0 FindFirstFileW,CompareStringW,FindNextFileW,GetLastError,FindClose,CompareStringW, 0_2_00D15BD0
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1B350 _wcsrchr,FindFirstFileW,DeleteFileW,GetLastError,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW, 0_2_00D1B350
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D24350 _wcsrchr,FindFirstFileW,FindNextFileW,GetLastError, 0_2_00D24350
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D42E23 VirtualQuery,GetSystemInfo, 0_2_00D42E23
Source: setupapi.dev.log.11.dr Binary or memory string: sig: Key = vmci.inf
Source: setupapi.dev.log.11.dr Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.11.dr Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.11.dr Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.11.dr Binary or memory string: inf: {Add Service: vmci}
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Created new service 'vmci'.
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Service Name = vmci
Source: setupapi.dev.log.11.dr Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.11.dr Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.11.dr Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.11.dr Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: setupapi.dev.log.11.dr Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.11.dr Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: setupapi.dev.log.11.dr Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: setupapi.dev.log.11.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: IEW113_2311a.exe, 00000000.00000002.4180646421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\iasQ
Source: setupapi.dev.log.11.dr Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: setupapi.dev.log.11.dr Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setupapi.dev.log.11.dr Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: setupapi.dev.log.11.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: setupapi.dev.log.11.dr Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: setupapi.dev.log.11.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: setupapi.dev.log.11.dr Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.11.dr Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: setupapi.dev.log.11.dr Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: setupapi.dev.log.11.dr Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.11.dr Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setupapi.dev.log.11.dr Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.11.dr Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D42292 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00D42292
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D11120 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z,GetSystemDirectoryW,LoadLibraryW,GetProcAddress, 0_2_00D11120
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D38357 mov eax, dword ptr fs:[00000030h] 0_2_00D38357
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2E688 mov esi, dword ptr fs:[00000030h] 0_2_00D2E688
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2E57D GetProcessHeap,HeapAlloc,InterlockedPopEntrySList,VirtualAlloc,RaiseException,InterlockedPopEntrySList,VirtualFree,InterlockedPushEntrySList, 0_2_00D2E57D
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D42292 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00D42292
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D42428 SetUnhandledExceptionFilter, 0_2_00D42428
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D41CAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00D41CAC
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2ED34 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00D2ED34
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1B740 CreateEventW,PathFindExtensionW,CompareStringW,CompareStringW,CompareStringW,GetModuleFileNameW,PostMessageW,ShellExecuteExW,GetProcessId,AllowSetForegroundWindow,WaitForInputIdle,AllowSetForegroundWindow,PostMessageW,WaitForMultipleObjects,SetEvent,GetLastError,GetExitCodeProcess,CloseHandle,GetLastError,PostMessageW,CloseHandle, 0_2_00D1B740
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Users\user\Desktop\IEW113_2311a.exe "C:\Users\user\Desktop\IEW113_2311a.exe" -run {192AB307-8DDD-45B1-BC93-D10838BCC13F} 0|Yes|No|C:\Windows\System32\msiexec.exe /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i C:\Users\user\AppData\Local\Temp\SPackTool\{89B93025-7962-486C-9882-CB09CA156C38}\Package\SetupIEW.msi Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\pnputil.exe pnputil /add-driver "C:\Program Files\Sony\Imaging Edge Webcam\Driver\*.inf" /install Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: unknown Process created: C:\Windows\System32\drvinst.exe drvinst.exe "4" "0" "c:\users\user\appdata\local\temp\{62ac3150-e217-504f-99b6-ba32b85dda90}\imagingedgewebcam_driver.inf" "9" "40c79f59f" "000000000000015c" "winsta0\default" "0000000000000168" "208" "c:\program files\sony\imaging edge webcam\driver"
Source: C:\Windows\System32\drvinst.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{94bae122-cba7-1d4a-abe9-55200fb5c9ba} global\{f15111e6-e2a2-7143-bb08-c644d6dcff21} c:\windows\system32\driverstore\temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\imagingedgewebcam_driver.inf c:\windows\system32\driverstore\temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\imagingedgewebcam.cat
Source: C:\Windows\System32\drvinst.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{94bae122-cba7-1d4a-abe9-55200fb5c9ba} global\{f15111e6-e2a2-7143-bb08-c644d6dcff21} c:\windows\system32\driverstore\temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\imagingedgewebcam_driver.inf c:\windows\system32\driverstore\temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\imagingedgewebcam.cat Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D2A360 OpenEventW,GetCurrentProcessId,InitializeCriticalSectionAndSpinCount,GetLastError,CreateEventW,CreateEventW,CreateEventW,CreateEventW,GetModuleFileNameW,ResetEvent,GetLastError,GetLastError,GetLastError,ShellExecuteExW,GetLastError,GetProcAddress,FreeLibrary,GetProcessId,AllowSetForegroundWindow,WaitForInputIdle,AllowSetForegroundWindow,GetTickCount,WaitForMultipleObjects,GetExitCodeProcess,CloseHandle,WaitForSingleObject,WaitForSingleObject,SetEvent,WaitForSingleObject,GetTickCount,WaitForSingleObject,WaitForSingleObject,GetTickCount,SetEvent,SetEvent,SetEvent,SetEvent,SetEvent,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteCriticalSection,GetModuleFileNameW,GetTimeFormatW,GetDateFormatW,GetCurrentProcess,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GlobalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,LookupAccountSidW,GetLastError,FreeSid,GlobalFree,GetCurrentProcess,CloseHandle,CoInitializeEx,GetActiveWindow,SetLastError,GetCurrentProcess,FlushInstructionCache,GetCurrentThreadId,EnterCriticalSection,LeaveCriticalSection,GlobalLock,DialogBoxIndirectParamW,GlobalUnlock,GlobalFree,GlobalFree, 0_2_00D2A360
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D420FB cpuid 0_2_00D420FB
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: GetLocaleInfoW,GetLocaleInfoW, 0_2_00D27420
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{3347bb72-55b2-694f-9e55-f9870c8dc803}\ImagingEdgeWebcam.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D1E890 GetSystemTime,SystemTimeToFileTime,FindFirstFileW,FindNextFileW,FindClose,GetLastError, 0_2_00D1E890
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D15730 GetSecurityDescriptorDacl,CreateWellKnownSid,CreateWellKnownSid,CreateWellKnownSid,GetUserNameW,LookupAccountNameW,GetAce,EqualSid,LocalFree, 0_2_00D15730
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D26160 GetVersionExW,GetModuleFileNameW,PathFileExistsW, 0_2_00D26160
Source: C:\Windows\System32\drvinst.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\IEW113_2311a.exe Code function: 0_2_00D12BA0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, 0_2_00D12BA0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540035 Sample: IEW113_2311a.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 24 68 56.163.245.4.in-addr.arpa 2->68 70 198.187.3.20.in-addr.arpa 2->70 72 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->72 9 msiexec.exe 39 44 2->9         started        12 drvinst.exe 9 2->12         started        14 IEW113_2311a.exe 9 2->14         started        signatures3 process4 file5 52 C:\Windows\Installer\MSI239A.tmp, PE32+ 9->52 dropped 54 C:\Windows\Installer\MSI1F92.tmp, PE32 9->54 dropped 56 C:\Windows\Installer\MSI1EC5.tmp, PE32 9->56 dropped 66 14 other files (none is malicious) 9->66 dropped 17 msiexec.exe 9->17         started        19 msiexec.exe 9->19         started        21 msiexec.exe 9->21         started        23 msiexec.exe 9->23         started        58 C:\Windows\System32\...\SET27FD.tmp, PE32+ 12->58 dropped 60 C:\Windows\System32\...\SET27EC.tmp, PE32+ 12->60 dropped 62 C:\...\ImagingEdgeWebcam_Driver.dll (copy), PE32+ 12->62 dropped 64 C:\Windows\...\ImagingEdgeWebcam.dll (copy), PE32+ 12->64 dropped 25 rundll32.exe 22 12->25         started        76 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 14->76 28 IEW113_2311a.exe 1 14->28         started        signatures6 process7 signatures8 30 cmd.exe 1 17->30         started        74 Creates files in the system32 config directory 25->74 32 msiexec.exe 7 28->32         started        process9 file10 35 pnputil.exe 1 10 30->35         started        38 conhost.exe 30->38         started        40 C:\Users\user\AppData\Local\...\MSIF18A.tmp, PE32+ 32->40 dropped 42 C:\Users\user\AppData\Local\...\MSIF12C.tmp, PE32+ 32->42 dropped process11 file12 44 C:\Users\user\AppData\Local\...\SET2638.tmp, PE32+ 35->44 dropped 46 C:\Users\user\AppData\Local\...\SET2618.tmp, PE32+ 35->46 dropped 48 C:\...\ImagingEdgeWebcam_Driver.dll (copy), PE32+ 35->48 dropped 50 C:\Users\...\ImagingEdgeWebcam.dll (copy), PE32+ 35->50 dropped
No contacted IP infos

Contacted Domains

Name IP Active
56.163.245.4.in-addr.arpa unknown unknown
198.187.3.20.in-addr.arpa unknown unknown