File name:

CDM21228_Setup.exe

Full analysis: https://app.any.run/tasks/37ffe155-72af-489e-a812-4e0471d51f16
Verdict: Malicious activity
Analysis date: December 01, 2023, 15:19:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

7ACD865CF6180D0D099B74D5BAB70FEB

SHA1:

C44678C7459798C800332273C74049CEA204A604

SHA256:

15C30AA807D3763DE63B383533D197C218066EEFC979B3611CA200F09B9CB7EE

SSDEEP:

49152:bFcT+BU13Gb6zv50SYIC06A0D7Uy25CHP8M7c4EfSHA8JO8Pz1bCP:bla2uLySrC03U7UkPRoz/keP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CDM21228_Setup.exe (PID: 124)
      • dpinst-x86.exe (PID: 3784)
      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • CDM21228_Setup.exe (PID: 124)

    • Drops a system driver (possible attempt to evade defenses)

      • CDM21228_Setup.exe (PID: 124)
      • dpinst-x86.exe (PID: 3784)
      • drvinst.exe (PID: 3892)
      • drvinst.exe (PID: 1036)

    • Creates files in the driver directory

      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

  • INFO

    • Checks supported languages

      • dp-chooser.exe (PID: 1116)
      • CDM21228_Setup.exe (PID: 124)
      • dpinst-x86.exe (PID: 3784)
      • wmpnscfg.exe (PID: 1344)
      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1344)

    • Create files in a temporary directory

      • CDM21228_Setup.exe (PID: 124)
      • dpinst-x86.exe (PID: 3784)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1344)
      • dpinst-x86.exe (PID: 3784)
      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)

    • Reads the machine GUID from the registry

      • dpinst-x86.exe (PID: 3784)
      • drvinst.exe (PID: 1036)
      • drvinst.exe (PID: 3892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:02:15 11:04:57+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 24064
InitializedDataSize: 66560
UninitializedDataSize: -
EntryPoint: 0x6700
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
7
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cdm21228_setup.exe dp-chooser.exe no specs dpinst-x86.exe no specs wmpnscfg.exe no specs drvinst.exe no specs drvinst.exe no specs cdm21228_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\Desktop\CDM21228_Setup.exe" C:\Users\admin\Desktop\CDM21228_Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\desktop\cdm21228_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
844"C:\Users\admin\Desktop\CDM21228_Setup.exe" C:\Users\admin\Desktop\CDM21228_Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\cdm21228_setup.exe
c:\windows\system32\ntdll.dll
1036DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{0c4f515b-267a-35ec-55e4-0c5b786ca525}\ftdibus.inf" "0" "657f6b0d3" "000004AC" "WinSta0\Default" "000005B4" "208" "c:\users\admin\appdata\local\temp\ftdi-driver"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1116C:\Users\admin\AppData\Local\Temp\FTDI-Driver\dp-chooser.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\dp-chooser.exeCDM21228_Setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\ftdi-driver\dp-chooser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1344"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3784C:\Users\admin\AppData\Local\Temp\FTDI-Driver\dpinst-x86.exe /saC:\Users\admin\AppData\Local\Temp\FTDI-Driver\dpinst-x86.exedp-chooser.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
512
Version:
2.1
Modules
Images
c:\users\admin\appdata\local\temp\ftdi-driver\dpinst-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3892DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{46d3bad7-d030-37a7-f37d-fe689c654537}\ftdiport.inf" "0" "6960183e3" "000005B4" "WinSta0\Default" "00000074" "208" "c:\users\admin\appdata\local\temp\ftdi-driver"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
5 996
Read events
5 960
Write events
36
Delete events
0

Modification events

(PID) Process:(3784) dpinst-x86.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1036) drvinst.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3892) drvinst.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
47
Suspicious files
27
Text files
17
Unknown types
0

Dropped files

PID
Process
Filename
Type
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\ftd2xx.htext
MD5:D00E424FB587281C98E0CD1D420A007C
SHA256:CF2AD290C68137373B26629BF9FEED6F4847F4E9E5CDE4B980A212CEBEB4FF6A
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\amd64\ftd2xx.libbinary
MD5:D8B31806632C9E2DC4BB79E87C98C0B2
SHA256:260A37AA3966AEEE901DC8819C98E47BF47E61D5F724472559D33B55F4F9C271
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\ftdiport.catbinary
MD5:9FE33A9197449575EA9EE89A9E142B58
SHA256:05BA91C12BE023F7C5833D77130EFC859A0AE516F96704FE8062C4796F6B9FEF
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\amd64\ftd2xx64.dllexecutable
MD5:7832F9DF38BF967E60EE067A780D0201
SHA256:9C282C4580AAC9388ADADF8C2D9794CCA2F953AF36331AEDF814E936CFED97AD
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FE64E8.tmptext
MD5:82AAF5AEFD34F841608B8800C5D623FB
SHA256:9DC2D32D67B04567EE1C2EC9A4623571B6439A0DDF8D7D1B0F8A8F42D972F0EB
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\amd64\ftlang.dllexecutable
MD5:8BB75F1ED68C88D6B32C67E86BBB66E4
SHA256:84B22F61827D448946977B259CE06B0A8E83BC1DC7B9D8A208D3E32525F08507
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\dp-chooser.exeexecutable
MD5:2882BCB2DD015D77040C45898FF62FEE
SHA256:25EA433BDC5ACBF075FFF60A5BA554B337A84BF9E60471AAB246FDA7472AC291
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exeexecutable
MD5:BE3C79033FA8302002D9D3A6752F2263
SHA256:181BF85D3B5900FF8ABED34BC415AFC37FC322D9D7702E14D144F96A908F5CAB
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\amd64\ftdibus.sysexecutable
MD5:D5F53AFCD0D6E0A2925BFFF9E2605552
SHA256:8C494A63B270D8605AB9A4AD7D5AE074F7D466D64ADBA36F5E559210ECB35617
124CDM21228_Setup.exeC:\Users\admin\AppData\Local\Temp\FTDI-Driver\ftdibus.catbinary
MD5:3CA2599748CC29523831EACE03806D8C
SHA256:51E4DE8D95DE60A7B20B516192F9A3EF26D9FF5AFDE04032F92D6F6E5288E657
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CDM21228_Setup.exe