URL: | https://www.drivereasy.com/DriverEasy_Setup.exe |
Full analysis: | https://app.any.run/tasks/4dbbedf4-53e6-4e7c-830e-b9235819e4ae |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 17:51:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | DCA3C52DDB173BD1578108950FAAFF0C |
SHA1: | 4B1FD922DE143415428E55ACCE132F4A02D28BEA |
SHA256: | 15E59A8D7F2840C4A34F4F09E295922EFC1380DC0A89902B3AB6C16E9DDF155D |
SSDEEP: | 3:N8DSLaW5yTJWkA:2OLmTUkA |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1188 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2784 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1188 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1316 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe | iexplore.exe | |
User: admin Company: Easeware Integrity Level: MEDIUM Description: Driver Easy Setup Exit code: 0 Version: 5.6.13.33482 | ||||
2892 | "C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp" /SL5="$301C2,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" | C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp | — | DriverEasy_Setup[1].exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
1600 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2 | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe | DriverEasy_Setup[1].tmp | |
User: admin Company: Easeware Integrity Level: HIGH Description: Driver Easy Setup Exit code: 0 Version: 5.6.13.33482 | ||||
3396 | "C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp" /SL5="$4016A,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2 | C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp | DriverEasy_Setup[1].exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
600 | "C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe" | C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe | — | DriverEasy_Setup[1].tmp |
User: admin Company: Easeware Integrity Level: HIGH Description: Easeware.CheckScheduledScan Exit code: 0 Version: 1.0.1.0 | ||||
4032 | "C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy en | C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe | — | DriverEasy_Setup[1].tmp |
User: admin Company: Easeware Integrity Level: HIGH Description: Easeware.ConfigLanguageFromSetup Exit code: 0 Version: 1.0.4.0 | ||||
2928 | "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe" | C:\Program Files\Easeware\DriverEasy\DriverEasy.exe | DriverEasy_Setup[1].tmp | |
User: admin Company: Easeware Integrity Level: HIGH Description: DriverEasy Version: 5.6.13 | ||||
2868 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | — | DriverEasy_Setup[1].tmp |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1188 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1188 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1188 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF0201948ECDBE6DEA.TMP | — | |
MD5:— | SHA256:— | |||
1188 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF7DE74E5054216962.TMP | — | |
MD5:— | SHA256:— | |||
1188 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{59096A3B-152C-11EA-AB41-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
1188 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120220191203\index.dat | dat | |
MD5:D99A036D3EEA93CBF6CF38F3EF553448 | SHA256:AD2D96F4CA39ABCC3378636145FAD84083D62D745258A41D4D498BC445D48C22 | |||
2784 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:2291FEDF2D3C85FCD3F341095E5FBF62 | SHA256:A96BE42B99F1976B4F9917DBEDB86C3AF5C16AC920048F2C8BD22AE7D04C56D7 | |||
2784 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203\index.dat | dat | |
MD5:E9AAE0C454F20C7330D2CE24CD62B8E4 | SHA256:A08A8E7EB5EC5B3E6321DD79962564ACC4EEC6EAAF7DB2AA7DDF3E4BF4DD2B00 | |||
2784 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJUD179F\DriverEasy_Setup[1].exe | executable | |
MD5:692997612608AC134F18650F902770A3 | SHA256:88534080A4D86D01F71822F15C34DAB4AFD8294B45090D5F317D7DAA3B051132 | |||
2784 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:54B955DE6277880C46F631AA72C38648 | SHA256:B5469F232AE7A52EBEE2AD5979EB32E6B8ACD9B038DD32D81955170264406A88 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2928 | DriverEasy.exe | GET | 200 | 2.16.106.201:80 | http://cdn.drivereasy.com/version.html | unknown | text | 415 b | suspicious |
1188 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1188 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2928 | DriverEasy.exe | 172.217.16.142:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2728 | iexplore.exe | 216.58.205.232:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
2728 | iexplore.exe | 172.217.16.142:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
2728 | iexplore.exe | 172.217.22.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2784 | iexplore.exe | 2.16.106.201:80 | cdn.drivereasy.com | Akamai International B.V. | — | whitelisted |
2728 | iexplore.exe | 167.114.130.158:443 | www.drivereasy.com | OVH SAS | CA | malicious |
2728 | iexplore.exe | 184.30.208.49:443 | images.drivereasy.com | Akamai International B.V. | NL | unknown |
2784 | iexplore.exe | 167.114.130.158:443 | www.drivereasy.com | OVH SAS | CA | malicious |
2728 | iexplore.exe | 172.217.22.99:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.drivereasy.com |
| unknown |
cdn.drivereasy.com |
| suspicious |
www.google-analytics.com |
| whitelisted |
images.drivereasy.com |
| suspicious |
fonts.googleapis.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.youtube.com |
| whitelisted |
s.ytimg.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2784 | iexplore.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |