File name:

SetupCutterDriver2.06e.exe

Full analysis: https://app.any.run/tasks/d2bd30fc-11b6-4f61-8190-5f77d14b6f39
Verdict: Malicious activity
Analysis date: April 19, 2024, 07:55:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F0B87FAE6B4ED884EBE7ED6FCE8B0357

SHA1:

9AD5F9166DAD2D122E766ABBBAD6884264E4060C

SHA256:

2A6B86B0E562936B521599F6EF49C23FB1BAE8DB9D537E2B27323D0B9CAEF067

SSDEEP:

98304:2Ww6V5CbRb8OgRsnuvo+KSQUIp+WUWaUG7yYVS9uPwXFYsOr+/uHk3p1DdS4+CL4:t+HxZQd6QP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SetupCutterDriver2.06e.exe (PID: 2132)
      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Create files in the Startup directory

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Starts NET.EXE for service management

      • InstallCutterDriver.exe (PID: 3148)
      • net.exe (PID: 2772)
      • net.exe (PID: 2920)
      • net.exe (PID: 2940)
      • net.exe (PID: 1924)
      • net.exe (PID: 3392)
      • net.exe (PID: 2040)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SetupCutterDriver2.06e.exe (PID: 2132)
      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Process drops legitimate windows executable

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Searches for installed software

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Creates a software uninstall entry

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Adds/modifies Windows certificates

      • certmgr.exe (PID: 2784)
      • certmgr.exe (PID: 1560)

    • Reads security settings of Internet Explorer

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Reads the Internet Settings

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Executing commands from a ".bat" file

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Starts CMD.EXE for commands execution

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Executes as Windows Service

      • spoolsv.exe (PID: 1092)
      • FXSSVC.exe (PID: 3696)

  • INFO

    • Checks supported languages

      • SetupCutterDriver2.06e.exe (PID: 2132)
      • SetupCutterDriver2.06e run.exe (PID: 3664)
      • certmgr.exe (PID: 2448)
      • certmgr.exe (PID: 2784)
      • certmgr.exe (PID: 4092)
      • certmgr.exe (PID: 1560)
      • SetSec.exe (PID: 2576)
      • SetSec.exe (PID: 568)
      • SetSec.exe (PID: 2724)
      • InstallCutterDriver.exe (PID: 3148)
      • AllenSpooler.exe (PID: 2564)
      • SetSec.exe (PID: 3612)

    • Create files in a temporary directory

      • SetupCutterDriver2.06e run.exe (PID: 3664)

    • Reads the computer name

      • SetupCutterDriver2.06e run.exe (PID: 3664)
      • InstallCutterDriver.exe (PID: 3148)
      • AllenSpooler.exe (PID: 2564)
      • SetSec.exe (PID: 3612)

    • Creates files in the program directory

      • SetupCutterDriver2.06e run.exe (PID: 3664)
      • InstallCutterDriver.exe (PID: 3148)
      • AllenSpooler.exe (PID: 2564)
      • FXSSVC.exe (PID: 3696)

    • Creates files or folders in the user directory

      • SetSec.exe (PID: 3612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (37.4)
.scr | Windows screen saver (34.5)
.exe | Win32 Executable (generic) (11.9)
.exe | Win16/32 Executable Delphi generic (5.4)
.exe | Generic Win/DOS Executable (5.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 338944
InitializedDataSize: 3365888
UninitializedDataSize: -
EntryPoint: 0x53b50
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
81
Monitored processes
30
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setupcutterdriver2.06e.exe setupcutterdriver2.06e run.exe certmgr.exe no specs certmgr.exe no specs certmgr.exe no specs certmgr.exe no specs setsec.exe no specs setsec.exe no specs setsec.exe no specs setsec.exe no specs cmd.exe no specs cmd.exe no specs installcutterdriver.exe allenspooler.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs rundll32.exe no specs net.exe no specs net1.exe no specs spoolsv.exe no specs net.exe no specs net1.exe no specs fxssvc.exe no specs net.exe no specs net1.exe no specs setupcutterdriver2.06e.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
568"C:\PROGRA~1\ALLEND~1\CUTTER~1\SetSec.exe" kill allens~1.exeC:\Program Files\Allen Datagraph\Cutter Driver\SetSec.exeSetupCutterDriver2.06e run.exe
User:
admin
Company:
Allen Datagraph Systems
Integrity Level:
HIGH
Exit code:
0
Version:
0.0.0.6
Modules
Images
c:\program files\allen datagraph\cutter driver\setsec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1092C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Spooler SubSystem App
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1560"C:\PROGRA~1\ALLEND~1\CUTTER~1\certmgr.exe" -add adsi.cer -s -r localMachine trustedpublisherC:\Program Files\Allen Datagraph\Cutter Driver\certmgr.exeSetupCutterDriver2.06e run.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
5.131.2134.1
Modules
Images
c:\program files\allen datagraph\cutter driver\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
1576C:\Windows\system32\net1 stop faxC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
1924net start faxC:\Windows\System32\net.exeInstallCutterDriver.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
2036C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2040net start spoolerC:\Windows\System32\net.exeInstallCutterDriver.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
2056C:\Windows\system32\net1 stop lpdsvcC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
2132"C:\Users\admin\AppData\Local\Temp\SetupCutterDriver2.06e.exe" C:\Users\admin\AppData\Local\Temp\SetupCutterDriver2.06e.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\setupcutterdriver2.06e.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2248C:\Windows\system32\net1 start spoolerC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
Total events
6 675
Read events
6 575
Write events
51
Delete events
49

Modification events

(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Allen Datagraph DirectCut Printer Driver
Operation:writeName:DisplayName
Value:
Allen Datagraph DirectCut Printer Driver
(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Allen Datagraph DirectCut Printer Driver
Operation:writeName:UninstallString
Value:
C:\PROGRA~1\ALLEND~1\CUTTER~1\UNWISE.EXE C:\PROGRA~1\ALLEND~1\CUTTER~1\INSTALL.LOG
(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3664) SetupCutterDriver2.06e run.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2784) certmgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:6F16DA8EC54C337C54B520E0A942DE327FF5DD34
Value:
(PID) Process:(2784) certmgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6F16DA8EC54C337C54B520E0A942DE327FF5DD34
Operation:writeName:Blob
Value:
0300000001000000140000006F16DA8EC54C337C54B520E0A942DE327FF5DD342000000001000000D4020000308202D030820239A0030201020210956A5B62CFAACB8246022E6978783F45300D06092A864886F70D0101040500305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D301E170D3037313230373231303831395A170D3339313233313233353935395A305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D30819F300D06092A864886F70D010101050003818D0030818902818100D30FBBF7BE648D5455D21897B60857F460B1442C4755260EA181C0551AB5D9898C8453CD0B30485B54110F165B5F2E74FD7088D24410BA66E86749D1417044FCB1F98051323640153206D6C3814064F8D7F0287F18327A5DC16E7D853DE6024DC1B53E4627E42D5E8EF26FFA075AB8FF636B2F14397CC82F859A9C4108FA668F0203010001A3819430819130818E0603551D0104818630818380106AB379D69E3E7B90344D5F3A53EF1C15A15D305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D8210956A5B62CFAACB8246022E6978783F45300D06092A864886F70D010104050003818100870A57C5626CD3A0C4EE979D4823C9DA0A239057118D891E717508D38498805553550B8AB3BA8961338E74124119B2776D8406EB43820BE026902CEB8D85188946A204AB13B0E71D1DE5D84795097C16FD781DD94A2FBBFB17FC9E54A08F559DB2D7FDE481BD90A294161B60A293F171FCF0D01371822334EDAA55FB1285701A
(PID) Process:(1560) certmgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Operation:delete valueName:6F16DA8EC54C337C54B520E0A942DE327FF5DD34
Value:
(PID) Process:(1560) certmgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6F16DA8EC54C337C54B520E0A942DE327FF5DD34
Operation:writeName:Blob
Value:
0300000001000000140000006F16DA8EC54C337C54B520E0A942DE327FF5DD342000000001000000D4020000308202D030820239A0030201020210956A5B62CFAACB8246022E6978783F45300D06092A864886F70D0101040500305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D301E170D3037313230373231303831395A170D3339313233313233353935395A305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D30819F300D06092A864886F70D010101050003818D0030818902818100D30FBBF7BE648D5455D21897B60857F460B1442C4755260EA181C0551AB5D9898C8453CD0B30485B54110F165B5F2E74FD7088D24410BA66E86749D1417044FCB1F98051323640153206D6C3814064F8D7F0287F18327A5DC16E7D853DE6024DC1B53E4627E42D5E8EF26FFA075AB8FF636B2F14397CC82F859A9C4108FA668F0203010001A3819430819130818E0603551D0104818630818380106AB379D69E3E7B90344D5F3A53EF1C15A15D305B3120301E060355040A1317416C6C656E204461746167726170682053797374656D733120301E06092A864886F70D0109011611696E666F40616473692D7573612E636F6D311530130603550403130C414453492D5553412E434F4D8210956A5B62CFAACB8246022E6978783F45300D06092A864886F70D010104050003818100870A57C5626CD3A0C4EE979D4823C9DA0A239057118D891E717508D38498805553550B8AB3BA8961338E74124119B2776D8406EB43820BE026902CEB8D85188946A204AB13B0E71D1DE5D84795097C16FD781DD94A2FBBFB17FC9E54A08F559DB2D7FDE481BD90A294161B60A293F171FCF0D01371822334EDAA55FB1285701A
Executable files
21
Suspicious files
36
Text files
30
Unknown types
1

Dropped files

PID
Process
Filename
Type
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\Cutter Driver\SetSec.exe
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\sample\~GLH0005.TMP
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\sample\thanks.plt
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\cutter driver\~GLH0007.TMP
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\Cutter Driver\Allen Datagraph\CorelDRAW 11 ShortCutKeys.cfg
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\cutter driver\Allen Datagraph\~GLH0009.TMP
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\Cutter Driver\Allen Datagraph\CorelDRAW 11 Docker.cfg
MD5:
SHA256:
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\cutter driver\Allen Datagraph\~GLH000b.TMP
MD5:
SHA256:
2132SetupCutterDriver2.06e.exeC:\Users\admin\Desktop\SetupCutterDriver2.06e run.exeexecutable
MD5:223ACF71EB1A5ECF732524BF731BE6F3
SHA256:389D005909A683F385065B0F7BD8B1EA8AF1406633106F30004489FBBC6FC932
3664SetupCutterDriver2.06e run.exeC:\Program Files\Allen Datagraph\Cutter Driver\Allen Datagraph.CW_
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3148
InstallCutterDriver.exe
192.168.100.255:32001
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SetupCutterDriver2.06e.exe