analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://drp.su/en

Full analysis: https://app.any.run/tasks/e0ae837d-224a-416d-be8c-0361e80a68fb
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Analysis date: February 21, 2020, 20:39:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
adware
loader
Indicators:
MD5:

CBFD8C60BF77D1488BEE9CF40A4E6648

SHA1:

D3222CE06647A25B7B4E481166AA577A4155861A

SHA256:

0B4D4E7D02450B3018E5AD2719B69B4CF9E97FF4DC2AA6387E8177A43DD587E3

SSDEEP:

3:N8PVLWW:2tL/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 2012)
      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • driverpack-wget.exe (PID: 3968)
      • driverpack-wget.exe (PID: 3560)
      • driverpack-wget.exe (PID: 3488)
      • driverpack-wget.exe (PID: 3364)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 820)
      • driverpack-wget.exe (PID: 2380)
      • driverpack-wget.exe (PID: 2560)
      • driverpack-wget.exe (PID: 3032)
      • driverpack-wget.exe (PID: 2480)
      • driverpack-wget.exe (PID: 3044)
      • driverpack-wget.exe (PID: 3040)
      • driverpack-wget.exe (PID: 2744)
      • driverpack-wget.exe (PID: 2500)
      • driverpack-wget.exe (PID: 2432)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 2856)
      • driverpack-wget.exe (PID: 944)
      • driverpack-wget.exe (PID: 2680)
      • driverpack-wget.exe (PID: 1860)
      • driverpack-wget.exe (PID: 1632)
      • driverpack-wget.exe (PID: 1520)
      • driverpack-wget.exe (PID: 2160)
      • driverpack-wget.exe (PID: 3468)
      • driverpack-wget.exe (PID: 3272)
      • driverpack-wget.exe (PID: 3500)
      • driverpack-wget.exe (PID: 2808)
      • driverpack-wget.exe (PID: 2184)
      • driverpack-wget.exe (PID: 580)
      • driverpack-wget.exe (PID: 2552)
      • driverpack-wget.exe (PID: 3736)
      • driverpack-wget.exe (PID: 2916)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 3980)
      • driverpack-wget.exe (PID: 2656)
      • driverpack-wget.exe (PID: 3452)
      • driverpack-wget.exe (PID: 3988)
      • aria2c.exe (PID: 3092)
      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3064)
      • aria2c.exe (PID: 4084)
      • driverpack-wget.exe (PID: 180)
      • driverpack-wget.exe (PID: 3604)
      • driverpack-wget.exe (PID: 3552)
      • driverpack-wget.exe (PID: 3172)
      • driverpack-wget.exe (PID: 872)
      • driverpack-wget.exe (PID: 2508)
      • driverpack-wget.exe (PID: 3824)
      • driverpack-wget.exe (PID: 316)
      • driverpack-wget.exe (PID: 4356)
      • driverpack-wget.exe (PID: 4244)
      • driverpack-wget.exe (PID: 6028)
      • driverpack-wget.exe (PID: 3988)
      • driverpack-wget.exe (PID: 5676)
      • driverpack-wget.exe (PID: 4308)
      • driverpack-wget.exe (PID: 5044)
      • driverpack-wget.exe (PID: 4928)
      • driverpack-wget.exe (PID: 5060)
      • driverpack-wget.exe (PID: 4976)
      • driverpack-wget.exe (PID: 5504)
      • driverpack-wget.exe (PID: 6072)
      • driverpack-wget.exe (PID: 1732)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 5544)
      • driverpack-wget.exe (PID: 4860)
      • driverpack-wget.exe (PID: 6112)
      • driverpack-wget.exe (PID: 2236)
      • driverpack-wget.exe (PID: 5072)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 6064)
      • driverpack-wget.exe (PID: 4484)
      • driverpack-wget.exe (PID: 4176)
      • driverpack-wget.exe (PID: 2364)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5056)
      • driverpack-wget.exe (PID: 5304)
      • driverpack-wget.exe (PID: 4732)
      • driverpack-wget.exe (PID: 5644)
      • driverpack-wget.exe (PID: 5976)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 5872)
      • driverpack-wget.exe (PID: 5004)
      • driverpack-wget.exe (PID: 5352)
      • driverpack-wget.exe (PID: 4972)
      • driverpack-wget.exe (PID: 5220)
      • driverpack-wget.exe (PID: 4344)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 4384)
      • driverpack-wget.exe (PID: 4892)
      • driverpack-wget.exe (PID: 5916)
      • driverpack-wget.exe (PID: 5972)
      • driverpack-wget.exe (PID: 4200)
      • driverpack-wget.exe (PID: 5176)
      • driverpack-wget.exe (PID: 5768)
      • driverpack-wget.exe (PID: 852)
      • driverpack-wget.exe (PID: 1688)
      • driverpack-wget.exe (PID: 4708)
      • driverpack-wget.exe (PID: 4552)
      • driverpack-wget.exe (PID: 5844)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-7za.exe (PID: 2352)
      • driverpack-7za.exe (PID: 5968)
      • driverpack-wget.exe (PID: 5212)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 5160)
      • devcon.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4796)
      • driverpack-wget.exe (PID: 3512)
      • driverpack-wget.exe (PID: 1792)
      • driverpack-wget.exe (PID: 5780)
      • driverpack-wget.exe (PID: 5320)
      • driverpack-wget.exe (PID: 4004)
      • driverpack-wget.exe (PID: 5396)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 5864)
      • driverpack-wget.exe (PID: 4108)
      • driverpack-wget.exe (PID: 3924)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 5484)
      • driverpack-wget.exe (PID: 4432)
      • driverpack-wget.exe (PID: 4116)
      • driverpack-wget.exe (PID: 5480)
      • driverpack-wget.exe (PID: 5660)
      • driverpack-wget.exe (PID: 5048)
      • driverpack-wget.exe (PID: 2424)
      • driverpack-wget.exe (PID: 5620)
      • driverpack-wget.exe (PID: 3204)
      • driverpack-wget.exe (PID: 572)
      • driverpack-wget.exe (PID: 2012)
      • driverpack-wget.exe (PID: 3816)
      • driverpack-wget.exe (PID: 2280)
      • driverpack-wget.exe (PID: 5020)
      • driverpack-wget.exe (PID: 4772)
      • driverpack-wget.exe (PID: 6380)
      • driverpack-wget.exe (PID: 6860)
      • driverpack-wget.exe (PID: 7336)
      • driverpack-wget.exe (PID: 912)
      • driverpack-wget.exe (PID: 6528)
      • driverpack-wget.exe (PID: 6584)
      • driverpack-wget.exe (PID: 6692)
      • driverpack-wget.exe (PID: 7328)
      • driverpack-wget.exe (PID: 2668)
      • driverpack-wget.exe (PID: 2464)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 6436)
      • driverpack-wget.exe (PID: 1888)
      • driverpack-wget.exe (PID: 6376)
      • driverpack-wget.exe (PID: 7848)
      • driverpack-wget.exe (PID: 6524)
      • driverpack-wget.exe (PID: 7356)
      • driverpack-wget.exe (PID: 4008)
      • driverpack-wget.exe (PID: 6444)
      • driverpack-wget.exe (PID: 5144)
      • driverpack-wget.exe (PID: 7048)
      • driverpack-wget.exe (PID: 7868)
      • driverpack-wget.exe (PID: 6484)
      • driverpack-wget.exe (PID: 7420)
      • driverpack-wget.exe (PID: 7836)
      • driverpack-wget.exe (PID: 7680)
      • driverpack-wget.exe (PID: 5308)
      • DirectX.exe (PID: 7028)
      • driverpack-wget.exe (PID: 7980)
      • driverpack-wget.exe (PID: 7344)
      • driverpack-wget.exe (PID: 6284)
      • RuntimePack.exe (PID: 6932)
      • driverpack-wget.exe (PID: 7488)
      • driverpack-wget.exe (PID: 2352)
      • driverpack-wget.exe (PID: 6200)
      • driverpack-wget.exe (PID: 6560)
      • driverpack-wget.exe (PID: 4876)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 7972)
      • driverpack-wget.exe (PID: 7164)
      • driverpack-wget.exe (PID: 5992)
      • driverpack-wget.exe (PID: 7808)
      • driverpack-wget.exe (PID: 1300)
      • driverpack-wget.exe (PID: 8056)
      • driverpack-wget.exe (PID: 7496)
      • driverpack-wget.exe (PID: 6656)
      • driverpack-wget.exe (PID: 7068)
    • Loads dropped or rewritten executable

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • DrvInst.exe (PID: 6972)
      • devcon.exe (PID: 4252)
      • regsvr32.exe (PID: 7764)
      • regsvr32.exe (PID: 7696)
      • regsvr32.exe (PID: 7492)
      • regsvr32.exe (PID: 6648)
      • regsvr32.exe (PID: 7444)
      • regsvr32.exe (PID: 7688)
      • regsvr32.exe (PID: 8132)
      • regsvr32.exe (PID: 7864)
      • regsvr32.exe (PID: 7628)
      • regsvr32.exe (PID: 7388)
      • regsvr32.exe (PID: 5760)
      • DirectX.exe (PID: 7028)
      • regsvr32.exe (PID: 7020)
      • regsvr32.exe (PID: 7564)
      • regsvr32.exe (PID: 7276)
      • regsvr32.exe (PID: 6232)
    • Executes PowerShell scripts

      • cmd.exe (PID: 2580)
    • Starts Visual C# compiler

      • powershell.exe (PID: 2672)
    • Downloads executable files from the Internet

      • mshta.exe (PID: 2628)
      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3064)
    • Changes internet zones settings

      • mshta.exe (PID: 2628)
    • Changes settings of System certificates

      • mshta.exe (PID: 2628)
      • devcon.exe (PID: 4252)
    • Registers / Runs the DLL via REGSVR32.EXE

      • cmd.exe (PID: 6908)
      • RuntimePack.exe (PID: 6932)
      • DirectX.exe (PID: 7028)
    • Changes the autorun value in the registry

      • mshta.exe (PID: 2628)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3100)
      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
      • mshta.exe (PID: 2628)
      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3064)
      • driverpack-7za.exe (PID: 5968)
      • devcon.exe (PID: 4252)
      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
      • RuntimePack.exe (PID: 6932)
      • xcopy.exe (PID: 6264)
      • xcopy.exe (PID: 6984)
      • DirectX.exe (PID: 7028)
    • Uses REG.EXE to modify Windows registry

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
    • Starts MSHTA.EXE for opening HTA or HTMLS files

      • DriverPack-17-Online_389680771.1582317589.exe (PID: 3928)
    • Reads Internet Cache Settings

      • mshta.exe (PID: 2628)
    • Creates files in the user directory

      • mshta.exe (PID: 2628)
      • cmd.exe (PID: 2580)
      • cmd.exe (PID: 4092)
      • powershell.exe (PID: 2672)
      • cmd.exe (PID: 1712)
      • driverpack-wget.exe (PID: 3968)
      • driverpack-wget.exe (PID: 3128)
      • driverpack-wget.exe (PID: 2560)
      • driverpack-wget.exe (PID: 2380)
      • cmd.exe (PID: 3704)
      • driverpack-wget.exe (PID: 820)
      • driverpack-wget.exe (PID: 3560)
      • driverpack-wget.exe (PID: 3364)
      • driverpack-wget.exe (PID: 3488)
      • cmd.exe (PID: 340)
      • cmd.exe (PID: 2520)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 3608)
      • cmd.exe (PID: 2976)
      • cmd.exe (PID: 2788)
      • driverpack-wget.exe (PID: 3032)
      • cmd.exe (PID: 536)
      • driverpack-wget.exe (PID: 2480)
      • cmd.exe (PID: 2716)
      • cmd.exe (PID: 3344)
      • driverpack-wget.exe (PID: 3044)
      • cmd.exe (PID: 2484)
      • driverpack-wget.exe (PID: 2500)
      • cmd.exe (PID: 2468)
      • driverpack-wget.exe (PID: 2432)
      • cmd.exe (PID: 1876)
      • driverpack-wget.exe (PID: 2744)
      • cmd.exe (PID: 3436)
      • driverpack-wget.exe (PID: 3040)
      • cmd.exe (PID: 3916)
      • driverpack-wget.exe (PID: 2856)
      • driverpack-wget.exe (PID: 1860)
      • driverpack-wget.exe (PID: 944)
      • driverpack-wget.exe (PID: 2692)
      • driverpack-wget.exe (PID: 2680)
      • cmd.exe (PID: 2540)
      • cmd.exe (PID: 1780)
      • cmd.exe (PID: 4040)
      • cmd.exe (PID: 3728)
      • cmd.exe (PID: 3708)
      • cmd.exe (PID: 1064)
      • driverpack-wget.exe (PID: 2160)
      • cmd.exe (PID: 2904)
      • driverpack-wget.exe (PID: 1632)
      • cmd.exe (PID: 2888)
      • cmd.exe (PID: 1836)
      • cmd.exe (PID: 2212)
      • driverpack-wget.exe (PID: 3272)
      • cmd.exe (PID: 3232)
      • driverpack-wget.exe (PID: 3468)
      • driverpack-wget.exe (PID: 2808)
      • cmd.exe (PID: 2412)
      • driverpack-wget.exe (PID: 3500)
      • driverpack-wget.exe (PID: 2184)
      • driverpack-wget.exe (PID: 2552)
      • cmd.exe (PID: 308)
      • driverpack-wget.exe (PID: 580)
      • cmd.exe (PID: 2900)
      • cmd.exe (PID: 440)
      • driverpack-wget.exe (PID: 3736)
      • cmd.exe (PID: 2272)
      • cmd.exe (PID: 3592)
      • driverpack-wget.exe (PID: 2916)
      • driverpack-wget.exe (PID: 3980)
      • cmd.exe (PID: 2392)
      • driverpack-wget.exe (PID: 2228)
      • driverpack-wget.exe (PID: 3988)
      • driverpack-wget.exe (PID: 3452)
      • cmd.exe (PID: 2144)
      • cmd.exe (PID: 3836)
      • cmd.exe (PID: 3828)
      • driverpack-wget.exe (PID: 2656)
      • cmd.exe (PID: 1092)
      • cmd.exe (PID: 3664)
      • cmd.exe (PID: 1948)
      • driverpack-wget.exe (PID: 3552)
      • cmd.exe (PID: 2376)
      • cmd.exe (PID: 2808)
      • aria2c.exe (PID: 3092)
      • driverpack-wget.exe (PID: 180)
      • aria2c.exe (PID: 2568)
      • driverpack-wget.exe (PID: 3172)
      • cmd.exe (PID: 2864)
      • aria2c.exe (PID: 4084)
      • aria2c.exe (PID: 3064)
      • driverpack-wget.exe (PID: 3604)
      • cmd.exe (PID: 3944)
      • driverpack-wget.exe (PID: 872)
      • driverpack-wget.exe (PID: 3824)
      • cmd.exe (PID: 832)
      • driverpack-wget.exe (PID: 2508)
      • cmd.exe (PID: 3568)
      • cmd.exe (PID: 608)
      • cmd.exe (PID: 2232)
      • driverpack-wget.exe (PID: 316)
      • driverpack-wget.exe (PID: 4356)
      • driverpack-wget.exe (PID: 5676)
      • driverpack-wget.exe (PID: 4244)
      • cmd.exe (PID: 4476)
      • cmd.exe (PID: 4792)
      • cmd.exe (PID: 2800)
      • driverpack-wget.exe (PID: 4308)
      • cmd.exe (PID: 4728)
      • cmd.exe (PID: 540)
      • cmd.exe (PID: 5224)
      • driverpack-wget.exe (PID: 6028)
      • driverpack-wget.exe (PID: 3988)
      • cmd.exe (PID: 5116)
      • driverpack-wget.exe (PID: 4976)
      • driverpack-wget.exe (PID: 5060)
      • cmd.exe (PID: 4516)
      • driverpack-wget.exe (PID: 4928)
      • driverpack-wget.exe (PID: 5504)
      • cmd.exe (PID: 4184)
      • driverpack-wget.exe (PID: 5044)
      • cmd.exe (PID: 5668)
      • cmd.exe (PID: 5576)
      • cmd.exe (PID: 5820)
      • driverpack-wget.exe (PID: 6072)
      • driverpack-wget.exe (PID: 4484)
      • driverpack-wget.exe (PID: 1732)
      • cmd.exe (PID: 5032)
      • cmd.exe (PID: 4804)
      • cmd.exe (PID: 4572)
      • driverpack-wget.exe (PID: 5084)
      • driverpack-wget.exe (PID: 5544)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 6092)
      • driverpack-wget.exe (PID: 4860)
      • driverpack-wget.exe (PID: 4732)
      • cmd.exe (PID: 5500)
      • driverpack-wget.exe (PID: 5072)
      • driverpack-wget.exe (PID: 2236)
      • cmd.exe (PID: 3776)
      • cmd.exe (PID: 5980)
      • driverpack-wget.exe (PID: 6112)
      • cmd.exe (PID: 4136)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 4176)
      • cmd.exe (PID: 5184)
      • cmd.exe (PID: 4260)
      • driverpack-wget.exe (PID: 6064)
      • cmd.exe (PID: 5132)
      • cmd.exe (PID: 5104)
      • driverpack-wget.exe (PID: 2364)
      • cmd.exe (PID: 5488)
      • driverpack-wget.exe (PID: 5424)
      • driverpack-wget.exe (PID: 5056)
      • cmd.exe (PID: 3516)
      • cmd.exe (PID: 5360)
      • cmd.exe (PID: 4120)
      • driverpack-wget.exe (PID: 5352)
      • driverpack-wget.exe (PID: 5304)
      • driverpack-wget.exe (PID: 5976)
      • cmd.exe (PID: 4924)
      • cmd.exe (PID: 4328)
      • driverpack-wget.exe (PID: 5220)
      • driverpack-wget.exe (PID: 5872)
      • cmd.exe (PID: 5496)
      • driverpack-wget.exe (PID: 5004)
      • driverpack-wget.exe (PID: 5644)
      • cmd.exe (PID: 4020)
      • cmd.exe (PID: 4400)
      • driverpack-wget.exe (PID: 4428)
      • cmd.exe (PID: 6124)
      • cmd.exe (PID: 4812)
      • driverpack-wget.exe (PID: 4500)
      • driverpack-wget.exe (PID: 4972)
      • cmd.exe (PID: 6056)
      • cmd.exe (PID: 5928)
      • driverpack-wget.exe (PID: 4384)
      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 5816)
      • driverpack-wget.exe (PID: 4344)
      • driverpack-wget.exe (PID: 5972)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 5472)
      • cmd.exe (PID: 4856)
      • driverpack-wget.exe (PID: 4200)
      • driverpack-wget.exe (PID: 5176)
      • cmd.exe (PID: 4036)
      • driverpack-wget.exe (PID: 1688)
      • driverpack-wget.exe (PID: 5768)
      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 5156)
      • cmd.exe (PID: 5648)
      • cmd.exe (PID: 5596)
      • cmd.exe (PID: 3404)
      • cmd.exe (PID: 4396)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 3732)
      • driverpack-wget.exe (PID: 5844)
      • cmd.exe (PID: 5356)
      • driverpack-wget.exe (PID: 4536)
      • driverpack-wget.exe (PID: 4552)
      • cmd.exe (PID: 1944)
      • cmd.exe (PID: 4624)
      • cmd.exe (PID: 4160)
      • driverpack-wget.exe (PID: 5160)
      • cmd.exe (PID: 5948)
      • driverpack-wget.exe (PID: 5916)
      • cmd.exe (PID: 2472)
      • driverpack-wget.exe (PID: 4892)
      • cmd.exe (PID: 3444)
      • driverpack-wget.exe (PID: 5212)
      • cmd.exe (PID: 5300)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 4796)
      • cmd.exe (PID: 6060)
      • driverpack-wget.exe (PID: 2424)
      • driverpack-wget.exe (PID: 5620)
      • driverpack-wget.exe (PID: 3512)
      • driverpack-wget.exe (PID: 1792)
      • driverpack-wget.exe (PID: 5780)
      • driverpack-wget.exe (PID: 852)
      • driverpack-wget.exe (PID: 5320)
      • cmd.exe (PID: 4804)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 4248)
      • cmd.exe (PID: 1740)
      • driverpack-wget.exe (PID: 5520)
      • cmd.exe (PID: 4680)
      • cmd.exe (PID: 5584)
      • driverpack-wget.exe (PID: 912)
      • driverpack-wget.exe (PID: 4004)
      • driverpack-wget.exe (PID: 5864)
      • cmd.exe (PID: 4156)
      • cmd.exe (PID: 5756)
      • cmd.exe (PID: 5476)
      • driverpack-wget.exe (PID: 5396)
      • cmd.exe (PID: 4284)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 2092)
      • driverpack-wget.exe (PID: 4108)
      • driverpack-wget.exe (PID: 3924)
      • driverpack-wget.exe (PID: 5484)
      • cmd.exe (PID: 6140)
      • cmd.exe (PID: 5884)
      • cmd.exe (PID: 4672)
      • cmd.exe (PID: 1900)
      • cmd.exe (PID: 5272)
      • driverpack-wget.exe (PID: 4432)
      • driverpack-wget.exe (PID: 4116)
      • driverpack-wget.exe (PID: 5020)
      • cmd.exe (PID: 2744)
      • cmd.exe (PID: 4548)
      • driverpack-wget.exe (PID: 2280)
      • driverpack-wget.exe (PID: 5480)
      • driverpack-wget.exe (PID: 4772)
      • driverpack-wget.exe (PID: 5048)
      • cmd.exe (PID: 2340)
      • cmd.exe (PID: 2752)
      • driverpack-wget.exe (PID: 5660)
      • cmd.exe (PID: 4720)
      • cmd.exe (PID: 5740)
      • cmd.exe (PID: 5168)
      • cmd.exe (PID: 4440)
      • driverpack-wget.exe (PID: 572)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 2012)
      • driverpack-wget.exe (PID: 3204)
      • driverpack-wget.exe (PID: 3816)
      • cmd.exe (PID: 5088)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 528)
      • driverpack-wget.exe (PID: 2668)
      • driverpack-wget.exe (PID: 6380)
      • cmd.exe (PID: 5260)
      • driverpack-wget.exe (PID: 7336)
      • cmd.exe (PID: 604)
      • cmd.exe (PID: 6036)
      • driverpack-wget.exe (PID: 6584)
      • cmd.exe (PID: 4648)
      • cmd.exe (PID: 4140)
      • driverpack-wget.exe (PID: 6528)
      • driverpack-wget.exe (PID: 6860)
      • driverpack-wget.exe (PID: 6692)
      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 2644)
      • driverpack-wget.exe (PID: 2464)
      • cmd.exe (PID: 2060)
      • driverpack-wget.exe (PID: 7328)
      • cmd.exe (PID: 6884)
      • cmd.exe (PID: 7212)
      • cmd.exe (PID: 7108)
      • driverpack-wget.exe (PID: 6436)
      • cmd.exe (PID: 6464)
      • cmd.exe (PID: 6948)
      • driverpack-wget.exe (PID: 7848)
      • driverpack-wget.exe (PID: 6376)
      • driverpack-wget.exe (PID: 7420)
      • driverpack-wget.exe (PID: 1888)
      • cmd.exe (PID: 6272)
      • driverpack-wget.exe (PID: 7356)
      • driverpack-wget.exe (PID: 6444)
      • driverpack-wget.exe (PID: 4008)
      • driverpack-wget.exe (PID: 7048)
      • cmd.exe (PID: 6988)
      • cmd.exe (PID: 7280)
      • driverpack-wget.exe (PID: 5144)
      • cmd.exe (PID: 6532)
      • cmd.exe (PID: 6572)
      • cmd.exe (PID: 6872)
      • cmd.exe (PID: 7476)
      • cmd.exe (PID: 6856)
      • driverpack-wget.exe (PID: 7836)
      • driverpack-wget.exe (PID: 6484)
      • cmd.exe (PID: 5984)
      • driverpack-wget.exe (PID: 7868)
      • driverpack-wget.exe (PID: 7680)
      • cmd.exe (PID: 6616)
      • cmd.exe (PID: 7208)
      • driverpack-wget.exe (PID: 5308)
      • cmd.exe (PID: 6448)
      • cmd.exe (PID: 5252)
      • cmd.exe (PID: 7612)
      • driverpack-wget.exe (PID: 7344)
      • cmd.exe (PID: 6844)
      • driverpack-wget.exe (PID: 7980)
      • cmd.exe (PID: 4984)
      • driverpack-wget.exe (PID: 6284)
      • driverpack-wget.exe (PID: 2352)
      • driverpack-wget.exe (PID: 6560)
      • driverpack-wget.exe (PID: 7488)
      • driverpack-wget.exe (PID: 6200)
      • driverpack-wget.exe (PID: 4876)
      • cmd.exe (PID: 6348)
      • cmd.exe (PID: 8040)
      • cmd.exe (PID: 6236)
      • driverpack-wget.exe (PID: 4584)
      • cmd.exe (PID: 6664)
      • cmd.exe (PID: 6400)
      • driverpack-wget.exe (PID: 7972)
      • cmd.exe (PID: 6368)
      • cmd.exe (PID: 8008)
      • driverpack-wget.exe (PID: 7164)
      • driverpack-wget.exe (PID: 5992)
      • driverpack-wget.exe (PID: 7808)
      • driverpack-wget.exe (PID: 1300)
      • driverpack-wget.exe (PID: 8056)
      • cmd.exe (PID: 7248)
      • cmd.exe (PID: 7648)
      • cmd.exe (PID: 6796)
      • cmd.exe (PID: 7952)
      • driverpack-wget.exe (PID: 6656)
      • driverpack-wget.exe (PID: 7496)
      • cmd.exe (PID: 7224)
      • cmd.exe (PID: 7236)
      • cmd.exe (PID: 6888)
      • driverpack-wget.exe (PID: 7068)
      • cmd.exe (PID: 6620)
      • cmd.exe (PID: 6212)
      • cmd.exe (PID: 7140)
      • DriverPack-Alice.exe (PID: 3392)
    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 1712)
      • cmd.exe (PID: 4092)
      • cmd.exe (PID: 3728)
      • mshta.exe (PID: 2628)
    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 2628)
      • cmd.exe (PID: 2232)
      • RuntimePack.exe (PID: 6932)
    • Uses RUNDLL32.EXE to load library

      • mshta.exe (PID: 2628)
      • DrvInst.exe (PID: 4916)
    • Starts application with an unusual extension

      • cmd.exe (PID: 3728)
      • cmd.exe (PID: 2232)
    • Starts SC.EXE for service management

      • cmd.exe (PID: 2904)
    • Executed as Windows Service

      • vssvc.exe (PID: 332)
    • Executed via COM

      • DllHost.exe (PID: 2868)
      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
    • Adds / modifies Windows certificates

      • mshta.exe (PID: 2628)
      • devcon.exe (PID: 4252)
    • Application launched itself

      • cmd.exe (PID: 2232)
    • Uses TASKLIST.EXE to query information about running processes

      • cmd.exe (PID: 2232)
    • Creates files in the driver directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
    • Creates files in the Windows directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
      • xcopy.exe (PID: 6264)
      • xcopy.exe (PID: 6984)
      • cmd.exe (PID: 6908)
      • DirectX.exe (PID: 7028)
    • Removes files from Windows directory

      • DrvInst.exe (PID: 4916)
      • DrvInst.exe (PID: 6972)
    • Creates COM task schedule object

      • regsvr32.exe (PID: 6360)
      • regsvr32.exe (PID: 3736)
      • regsvr32.exe (PID: 7952)
      • regsvr32.exe (PID: 3680)
      • regsvr32.exe (PID: 6260)
      • regsvr32.exe (PID: 8116)
      • regsvr32.exe (PID: 6588)
      • regsvr32.exe (PID: 7284)
      • regsvr32.exe (PID: 7176)
      • regsvr32.exe (PID: 4832)
      • regsvr32.exe (PID: 7992)
      • regsvr32.exe (PID: 3308)
      • regsvr32.exe (PID: 3620)
      • regsvr32.exe (PID: 6152)
      • regsvr32.exe (PID: 6280)
      • regsvr32.exe (PID: 1536)
      • regsvr32.exe (PID: 8004)
      • regsvr32.exe (PID: 6432)
      • regsvr32.exe (PID: 6768)
      • regsvr32.exe (PID: 7584)
      • regsvr32.exe (PID: 7504)
      • regsvr32.exe (PID: 3860)
      • regsvr32.exe (PID: 7088)
      • regsvr32.exe (PID: 3748)
      • regsvr32.exe (PID: 7040)
      • regsvr32.exe (PID: 6716)
      • regsvr32.exe (PID: 6176)
      • regsvr32.exe (PID: 7696)
  • INFO

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3100)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 576)
      • iexplore.exe (PID: 3100)
    • Changes internet zones settings

      • iexplore.exe (PID: 3100)
    • Reads internet explorer settings

      • iexplore.exe (PID: 576)
      • mshta.exe (PID: 2628)
    • Creates files in the user directory

      • iexplore.exe (PID: 576)
      • iexplore.exe (PID: 3100)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3100)
      • mshta.exe (PID: 2628)
    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 332)
    • Reads the hosts file

      • aria2c.exe (PID: 2568)
      • aria2c.exe (PID: 3092)
      • aria2c.exe (PID: 4084)
      • aria2c.exe (PID: 3064)
    • Searches for installed software

      • DrvInst.exe (PID: 4916)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3100)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3100)
    • Dropped object may contain Bitcoin addresses

      • DriverPack-Alice.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
692
Monitored processes
454
Malicious processes
48
Suspicious processes
76

Behavior graph

Click at the process to see the details
drop and start drop and start start iexplore.exe iexplore.exe driverpack-17-online_389680771.1582317589.exe no specs driverpack-17-online_389680771.1582317589.exe reg.exe no specs mshta.exe cmd.exe no specs powershell.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs csc.exe netsh.exe no specs cvtres.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs chcp.com no specs netsh.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs sc.exe no specs driverpack-wget.exe driverpack-wget.exe vssvc.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs wmic.exe no specs cmd.exe no specs driverpack-wget.exe SPPSurrogate no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe aria2c.exe cmd.exe no specs cmd.exe no specs aria2c.exe aria2c.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs chcp.com no specs tasklist.exe no specs cmd.exe no specs timeout.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-7za.exe no specs findstr.exe no specs driverpack-7za.exe find.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe devcon.exe drvinst.exe cmd.exe no specs driverpack-wget.exe rundll32.exe no specs rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe drvinst.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-alice.exe no specs directx.exe runtimepack.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs xcopy.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs xcopy.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs regsvr32.exe no specs cmd.exe no specs regsvr32.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs cmd.exe no specs regsvr32.exe no specs driverpack-wget.exe driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs regsvr32.exe no specs driverpack-wget.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs netsh.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3100"C:\Program Files\Internet Explorer\iexplore.exe" https://drp.su/enC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
576"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3100 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2012"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\DriverPack-17-Online_389680771.1582317589.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\DriverPack-17-Online_389680771.1582317589.exeiexplore.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
3928"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\DriverPack-17-Online_389680771.1582317589.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\DriverPack-17-Online_389680771.1582317589.exe
iexplore.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
2896C:\Windows\system32\reg.exe import "C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\Tools\patch.reg"C:\Windows\system32\reg.exeDriverPack-17-Online_389680771.1582317589.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2628C:\Windows\system32\mshta.exe "C:\Users\admin\AppData\Local\Temp\DriverPack-20200221204024\run.hta" --sfx "DriverPack-17-Online_389680771.1582317589.exe"C:\Windows\system32\mshta.exe
DriverPack-17-Online_389680771.1582317589.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft (R) HTML Application host
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2580"C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.k6wn282o.ywjj3.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.k6wn282o.ywjj3.stdout.log" 2> "C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.k6wn282o.ywjj3.stderr.log"C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2672powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.k6wn282o.ywjj3.cmd.txt' -Wait | Invoke-Expression" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
4092"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\admin\AppData\Roaming\DRPSu\temp\run_command_28592.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2660netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" C:\Windows\system32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
13 393
Read events
4 369
Write events
0
Delete events
0

Modification events

No data
Executable files
183
Suspicious files
117
Text files
2 236
Unknown types
237

Dropped files

PID
Process
Filename
Type
576iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab716F.tmp
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7170.tmp
MD5:
SHA256:
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\landing-feature-1[1].pngimage
MD5:C57B24C9145DB8645C9D12DFE814AEA8
SHA256:B260E3B5889ED4CD5AC0A5E55072C7BD21DD5E9858FF54296AF089B071D7FC0A
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:E5B4C4B7635BED65B43081B67A098BF2
SHA256:DC5E2574546F7BD8398B294686B305348047FEC459F929B13BE913E8A0E0F8E0
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\95EC1D62778E6B45297114DE13BE5B23der
MD5:B5F4D9578A0832A6388692B98D3A90C8
SHA256:72DC5E925E1AE0B4BEADC877B30E6FB673BD00E611301578D0B39A2AFA32E9FA
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bder
MD5:16351BC92441876E7107DB335595D0FF
SHA256:37D89976D154109BEF1DAA2212444E1CEA676F942BF08BC00EEAF9C30633259E
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\landing-feature-3[1].pngimage
MD5:BB8494CCC7A20B8453307F51F7108A14
SHA256:64CB46632BF1573AE7EFF46C061584F6F64D5431B0404D829BAAF1EB64A135B7
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\en[1].htmhtml
MD5:24A9C71D2F3C4D21E2A418CDAF86549C
SHA256:14B94681C53276231EBC73DFD5A16779CB10E67DACA4B710CADA3C422F1175F9
576iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main.fb80d5681c14a6d3b712[1].csstext
MD5:0580B9ADF1F01FFB4E33E3D22D01A446
SHA256:B4ADFA40BEEFA45F968F3480300E535AE9F513655F700E0153BE3F3812B596FC
576iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9Bbinary
MD5:5E58BBF971DB5DF597C009F852C8AC1D
SHA256:A87A9B162DCC03A37D35779BB40B3E82CF157482C4F062B3E2E160EB64BC5448
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 085
TCP/UDP connections
575
DNS requests
63
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECECSrjihwEqjJtbw07DaD9QU%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
576
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGbFlJeGAf%2B1AgAAAABXm8I%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
576
iexplore.exe
GET
200
72.21.91.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D
US
der
471 b
whitelisted
576
iexplore.exe
GET
200
172.217.16.163:80
http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCgdZM8AVzzKAgAAAAALnDU
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
576
iexplore.exe
172.217.16.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
576
iexplore.exe
172.217.23.174:443
www.youtube.com
Google Inc.
US
whitelisted
576
iexplore.exe
72.21.91.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
576
iexplore.exe
151.139.128.14:80
ocsp.usertrust.com
Highwinds Network Group, Inc.
US
suspicious
576
iexplore.exe
37.9.8.76:443
drp.su
Dominanta CTV Ltd
RU
suspicious
576
iexplore.exe
172.217.22.40:443
www.googletagmanager.com
Google Inc.
US
whitelisted
576
iexplore.exe
81.19.89.16:443
counter.rambler.ru
Rambler Internet Holding LLC
RU
unknown
576
iexplore.exe
172.217.22.110:443
s.ytimg.com
Google Inc.
US
whitelisted
576
iexplore.exe
93.184.220.29:80
status.rapidssl.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
576
iexplore.exe
216.58.205.228:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
drp.su
  • 37.9.8.76
  • 178.162.207.43
  • 87.117.235.117
  • 82.145.55.129
suspicious
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
ocsp.sectigo.com
  • 151.139.128.14
whitelisted
www.youtube.com
  • 172.217.23.174
  • 172.217.16.206
  • 172.217.23.142
  • 216.58.205.238
  • 172.217.18.14
  • 216.58.207.46
  • 216.58.207.78
  • 172.217.22.14
  • 172.217.16.174
  • 216.58.208.46
  • 216.58.210.14
  • 172.217.23.110
  • 172.217.18.110
  • 172.217.16.142
  • 172.217.22.78
  • 172.217.21.206
whitelisted
counter.rambler.ru
  • 81.19.89.16
  • 81.19.89.18
  • 81.19.89.17
whitelisted
www.googletagmanager.com
  • 172.217.22.40
whitelisted
ocsp.digicert.com
  • 72.21.91.29
whitelisted
ocsp.pki.goog
  • 172.217.16.163
whitelisted
status.rapidssl.com
  • 93.184.220.29
shared
s.ytimg.com
  • 172.217.22.110
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
576
iexplore.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
576
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
576
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2628
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2628
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
15 ETPRO signatures available at the full report
Process
Message
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144