Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Cleaning_Tool_for_Driver_Select1.17.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.98342273968473
Filename:	Cleaning_Tool_for_Driver_Select1.17.exe
Filesize:	3557750
MD5:	d8033e46e8fd5800faf43f49946e1124
SHA1:	f7f2edb906f8e2083065ffa55cabdce2f4e6fe4a
SHA256:	44130cd628112217e7c3e6026f08b1f1731997e783ea219b6cd327f48d02dc0f
SHA512:	83b738d98836dcf3d911cc3e40dbf13ba4468947888c1dd5019fbd3f76229024ff5b5bd69f1e0db228b1d305b679ccf63df38e9fe1ea2da334afd2776539983b
SSDEEP:	49152:mrRkAoNRaQ2Q/a/iHvoKhWjVJ1ZIHJdLC7S0ts0DA/0rGQnxVb81XxVpVS8b:dkQ4CvoxjVaHJRyS0trU/0lnxVMtVS0
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............._..._..._..._..._..._..._..._..._..._..._..._..._..._6.._..._..._..._..._..._..._."b_..._...^..._^.._..._Rich..._.......

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary	System Information Discovery
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\Desktop\DriverSelect_CleaningTool.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\Desktop\DriverSelect_CleaningTool.exe
Category:	dropped
Dump:	DriverSelect_CleaningTool.exe.1.dr
ID:	dr_1
Target ID:	1
Process:	C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.541942120675922
Encrypted:	false
Ssdeep:	98304:vXUrAXzej9flfuDt1gKHo5gWYjJFnjr7wPjK+sDPv5+e+pTnRac:MUQlm+coKjr+av5+e9c
Size:	3487384
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

C:\Users\user\Desktop\DriverSelect_CleaningTool.pdf

PDF document, version 1.5 (zip deflate encoded)

dropped

Details

File:	C:\Users\user\Desktop\DriverSelect_CleaningTool.pdf
Category:	dropped
Dump:	DriverSelect_CleaningTool.pdf.1.dr
ID:	dr_0
Target ID:	1
Process:	C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
Type:	PDF document, version 1.5 (zip deflate encoded)
Entropy:	7.9992631997122094
Encrypted:	true
Ssdeep:	49152:0ocRKsReVl/aaUvK8c7RDsVMEMHsycTixdL:bsgZUvrc7RDpHsycTixt
Size:	2231145
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary	Masquerading

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

"C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7532
Target ID:	1
Parent PID:	4056
Name:	Cleaning_Tool_for_Driver_Select1.17.exe
Path:	C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
Commandline:	"C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe"
Size:	3557750
MD5:	D8033E46E8FD5800FAF43F49946E1124
Time:	10:31:48
Date:	04/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	249856
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample reads its own file content	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

Memdumps

Base Address

Regiontype

Protect

Malicious

8CF000

stack

page read and write

98000

stack

page read and write

2A23000

heap

page read and write

434000

unkown

page write copy

22DE000

stack

page read and write

4B70000

direct allocation

page read and write

2350000

heap

page read and write

2270000

heap

page read and write

460A000

heap

page read and write

28DE000

stack

page read and write

4E10000

direct allocation

page read and write

401000

unkown

page execute read

29DF000

stack

page read and write

3E00000

trusted library allocation

page read and write

6B7000

heap

page read and write

2A62000

heap

page read and write

4C90000

heap

page read and write

6BD000

heap

page read and write

2A22000

heap

page read and write

4C91000

heap

page read and write

1F0000

heap

page read and write

4CD0000

heap

page read and write

42D000

unkown

page readonly

401000

unkown

page execute read

4C11000

heap

page read and write

434000

unkown

page read and write

2180000

heap

page read and write

2353000

heap

page read and write

19C000

stack

page read and write

2B70000

heap

page read and write

57E000

stack

page read and write

4B6D000

direct allocation

page read and write

69E000

heap

page read and write

535000

heap

page read and write

6CE000

heap

page read and write

400000

unkown

page readonly

6E1000

heap

page read and write

6E1000

heap

page read and write

2AA2000

heap

page read and write

47E2000

direct allocation

page read and write

4C91000

heap

page read and write

29E1000

heap

page read and write

2A22000

heap

page read and write

6DE000

heap

page read and write

400000

unkown

page readonly

2A63000

heap

page read and write

6C5000

heap

page read and write

21B5000

heap

page read and write

7CE000

stack

page read and write

6E1000

heap

page read and write

43A000

unkown

page readonly

4D10000

heap

page read and write

6C1000

heap

page read and write

29E0000

heap

page read and write

510000

heap

page read and write

69A000

heap

page read and write

21B0000

heap

page read and write

6C6000

heap

page read and write

21BA000

heap

page read and write

47E0000

direct allocation

page read and write

47ED000

direct allocation

page read and write

530000

heap

page read and write

67F000

stack

page read and write

6C5000

heap

page read and write

6CB000

heap

page read and write

4C10000

heap

page read and write

29E3000

heap

page read and write

47F0000

direct allocation

page read and write

4860000

direct allocation

page read and write

4C50000

heap

page read and write

279F000

stack

page read and write

43A000

unkown

page readonly

6C1000

heap

page read and write

6C9000

heap

page read and write

690000

heap

page read and write

2A63000

heap

page read and write

4B62000

direct allocation

page read and write

6CE000

heap

page read and write

2170000

heap

page read and write

42D000

unkown

page readonly

4C11000

heap

page read and write

2180000

heap

page read and write

There are 72 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Cleaning_Tool_for_Driver_Select1.17.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportCleaning_Tool_for_Driver_Select1.17.exe

Files

Processes

Memdumps

IOC Report
Cleaning_Tool_for_Driver_Select1.17.exe