analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.drivereasy.com/DriverEasy_Setup.exe

Full analysis: https://app.any.run/tasks/4dbbedf4-53e6-4e7c-830e-b9235819e4ae
Verdict: Malicious activity
Analysis date: December 02, 2019, 17:51:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

DCA3C52DDB173BD1578108950FAAFF0C

SHA1:

4B1FD922DE143415428E55ACCE132F4A02D28BEA

SHA256:

15E59A8D7F2840C4A34F4F09E295922EFC1380DC0A89902B3AB6C16E9DDF155D

SSDEEP:

3:N8DSLaW5yTJWkA:2OLmTUkA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DriverEasy_Setup[1].exe (PID: 1600)
      • DriverEasy_Setup[1].exe (PID: 1316)
      • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)
      • Easeware.CheckScheduledScan.exe (PID: 600)
      • DriverEasy.exe (PID: 2928)

    • Loads the Task Scheduler DLL interface

      • Easeware.CheckScheduledScan.exe (PID: 600)

    • Loads dropped or rewritten executable

      • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)
      • DriverEasy.exe (PID: 2928)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DriverEasy_Setup[1].exe (PID: 1600)
      • DriverEasy_Setup[1].exe (PID: 1316)
      • iexplore.exe (PID: 1188)
      • iexplore.exe (PID: 2784)
      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Reads Windows owner or organization settings

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Reads the Windows organization settings

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Creates files in the Windows directory

      • Easeware.CheckScheduledScan.exe (PID: 600)

    • Creates files in the user directory

      • Easeware.ConfigLanguageFromSetup.exe (PID: 4032)

    • Reads Environment values

      • DriverEasy.exe (PID: 2928)

    • Starts Internet Explorer

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Uses NETSH.EXE for network configuration

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Reads the machine GUID from the registry

      • DriverEasy.exe (PID: 2928)

  • INFO

    • Application was dropped or rewritten from another process

      • DriverEasy_Setup[1].tmp (PID: 3396)
      • DriverEasy_Setup[1].tmp (PID: 2892)

    • Changes internet zones settings

      • iexplore.exe (PID: 1188)
      • iexplore.exe (PID: 2868)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1188)
      • iexplore.exe (PID: 2784)
      • iexplore.exe (PID: 2728)

    • Application launched itself

      • iexplore.exe (PID: 1188)
      • iexplore.exe (PID: 2868)

    • Creates files in the program directory

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Loads dropped or rewritten executable

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Creates a software uninstall entry

      • DriverEasy_Setup[1].tmp (PID: 3396)

    • Reads settings of System Certificates

      • DriverEasy.exe (PID: 2928)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2728)

    • Creates files in the user directory

      • iexplore.exe (PID: 2728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
52
Monitored processes
12
Malicious processes
3
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe drivereasy_setup[1].exe drivereasy_setup[1].tmp no specs drivereasy_setup[1].exe drivereasy_setup[1].tmp easeware.checkscheduledscan.exe no specs easeware.configlanguagefromsetup.exe no specs drivereasy.exe iexplore.exe no specs iexplore.exe netsh.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1188"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2784"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1188 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
1316"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe
iexplore.exe
User:
admin
Company:
Easeware
Integrity Level:
MEDIUM
Description:
Driver Easy Setup
Exit code:
0
Version:
5.6.13.33482
2892"C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmp" /SL5="$301C2,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" C:\Users\admin\AppData\Local\Temp\is-5KBQN.tmp\DriverEasy_Setup[1].tmpDriverEasy_Setup[1].exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
1600"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe
DriverEasy_Setup[1].tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Driver Easy Setup
Exit code:
0
Version:
5.6.13.33482
3396"C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp" /SL5="$4016A,4268077,997888,C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\DriverEasy_Setup[1].exe" /SPAWNWND=$3018A /NOTIFYWND=$301C2 C:\Users\admin\AppData\Local\Temp\is-0LNDC.tmp\DriverEasy_Setup[1].tmp
DriverEasy_Setup[1].exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
600"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe" -create "Driver Easy Scheduled Scan" "C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exeDriverEasy_Setup[1].tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Easeware.CheckScheduledScan
Exit code:
0
Version:
1.0.1.0
4032"C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe" DriverEasy enC:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exeDriverEasy_Setup[1].tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
Easeware.ConfigLanguageFromSetup
Exit code:
0
Version:
1.0.4.0
2928"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe"C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
DriverEasy_Setup[1].tmp
User:
admin
Company:
Easeware
Integrity Level:
HIGH
Description:
DriverEasy
Version:
5.6.13
2868"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exeDriverEasy_Setup[1].tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
2 767
Read events
2 517
Write events
0
Delete events
0

Modification events

No data
Executable files
19
Suspicious files
3
Text files
82
Unknown types
15

Dropped files

PID
Process
Filename
Type
1188iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
1188iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
1188iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF0201948ECDBE6DEA.TMP
MD5:
SHA256:
1188iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF7DE74E5054216962.TMP
MD5:
SHA256:
1188iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{59096A3B-152C-11EA-AB41-5254004A04AF}.dat
MD5:
SHA256:
1188iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019120220191203\index.datdat
MD5:D99A036D3EEA93CBF6CF38F3EF553448
SHA256:AD2D96F4CA39ABCC3378636145FAD84083D62D745258A41D4D498BC445D48C22
2784iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:2291FEDF2D3C85FCD3F341095E5FBF62
SHA256:A96BE42B99F1976B4F9917DBEDB86C3AF5C16AC920048F2C8BD22AE7D04C56D7
2784iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019120220191203\index.datdat
MD5:E9AAE0C454F20C7330D2CE24CD62B8E4
SHA256:A08A8E7EB5EC5B3E6321DD79962564ACC4EEC6EAAF7DB2AA7DDF3E4BF4DD2B00
2784iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OJUD179F\DriverEasy_Setup[1].exeexecutable
MD5:692997612608AC134F18650F902770A3
SHA256:88534080A4D86D01F71822F15C34DAB4AFD8294B45090D5F317D7DAA3B051132
2784iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:54B955DE6277880C46F631AA72C38648
SHA256:B5469F232AE7A52EBEE2AD5979EB32E6B8ACD9B038DD32D81955170264406A88
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
31
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2928
DriverEasy.exe
GET
200
2.16.106.201:80
http://cdn.drivereasy.com/version.html
unknown
text
415 b
suspicious
1188
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1188
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2928
DriverEasy.exe
172.217.16.142:443
www.google-analytics.com
Google Inc.
US
whitelisted
2728
iexplore.exe
216.58.205.232:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2728
iexplore.exe
172.217.16.142:443
www.google-analytics.com
Google Inc.
US
whitelisted
2728
iexplore.exe
172.217.22.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2784
iexplore.exe
2.16.106.201:80
cdn.drivereasy.com
Akamai International B.V.
whitelisted
2728
iexplore.exe
167.114.130.158:443
www.drivereasy.com
OVH SAS
CA
malicious
2728
iexplore.exe
184.30.208.49:443
images.drivereasy.com
Akamai International B.V.
NL
unknown
2784
iexplore.exe
167.114.130.158:443
www.drivereasy.com
OVH SAS
CA
malicious
2728
iexplore.exe
172.217.22.99:443
fonts.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.drivereasy.com
  • 167.114.130.158
unknown
cdn.drivereasy.com
  • 2.16.106.201
  • 2.16.106.187
suspicious
www.google-analytics.com
  • 172.217.16.142
whitelisted
images.drivereasy.com
  • 184.30.208.49
suspicious
fonts.googleapis.com
  • 172.217.22.10
whitelisted
www.googletagmanager.com
  • 216.58.205.232
whitelisted
fonts.gstatic.com
  • 172.217.22.99
whitelisted
www.youtube.com
  • 172.217.23.142
  • 172.217.18.14
  • 172.217.18.174
  • 216.58.206.14
  • 216.58.207.46
  • 216.58.207.78
  • 172.217.23.110
  • 172.217.16.142
  • 216.58.208.46
  • 172.217.16.174
  • 172.217.22.46
  • 172.217.22.78
  • 172.217.22.110
  • 172.217.16.206
  • 172.217.21.206
  • 172.217.23.174
whitelisted
s.ytimg.com
  • 172.217.23.142
whitelisted

Threats

PID
Process
Class
Message
2784
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.drivereasy.com/DriverEasy_Setup.exe