File name:

outbyte-driver-updater.exe

Full analysis: https://app.any.run/tasks/528716fc-0217-40da-a09e-957a92c18d2a
Verdict: Malicious activity
Analysis date: July 31, 2024, 20:31:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BFBB46C049E5D57500C3F5CDB1BA7F45

SHA1:

C58483FB9FE53E411C03BE9D2D7B73BBE48793E4

SHA256:

351B5948FC7F05D1D6ECF2C46CCC82AD540859D9130BE307E6BF22B41DA1A766

SSDEEP:

196608:i4jYUvwsyR6ggM6T+bnTw4GdzvvuzcxwsOleD:i40Hsya/T+A4qvvuDsOlk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Installer.exe (PID: 6788)
      • outbyte-driver-updater.exe (PID: 6496)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads security settings of Internet Explorer

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks Windows Trust Settings

      • Installer.exe (PID: 6788)

    • Reads the BIOS version

      • Installer.exe (PID: 6788)

    • There is functionality for communication over UDP network (YARA)

      • Installer.exe (PID: 6788)

    • Reads the Windows owner or organization settings

      • Installer.exe (PID: 6788)

  • INFO

    • Create files in a temporary directory

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Process checks computer location settings

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads the computer name

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks supported languages

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads Environment values

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks proxy server information

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads the software policy settings

      • Installer.exe (PID: 6788)

    • Creates files or folders in the user directory

      • Installer.exe (PID: 6788)

    • Reads the machine GUID from the registry

      • Installer.exe (PID: 6788)

    • Reads Windows Product ID

      • Installer.exe (PID: 6788)

    • Creates files in the program directory

      • Installer.exe (PID: 6788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (79.7)
.exe | Win32 Executable (generic) (8.6)
.exe | Win16/32 Executable Delphi generic (3.9)
.exe | Generic Win/DOS Executable (3.8)
.exe | DOS Executable Generic (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:15 18:38:03+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 143872
InitializedDataSize: 330240
UninitializedDataSize: -
EntryPoint: 0x24530
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.3.3.29920
ProductVersionNumber: 2.3.3.29920
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Driver Updater
CompanyName: Outbyte
FileDescription: Outbyte Driver Updater Installation File
FileVersion: 2.3.3.29920
LegalCopyright: Copyright © 2016-2024 Outbyte Computing Pty Ltd
OriginalFileName: Outbyte-driver-updater-setup.exe
ProductName: Driver Updater
ProductVersion: 2.x
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
122
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outbyte-driver-updater.exe THREAT installer.exe outbyte-driver-updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6432"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exeexplorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
MEDIUM
Description:
Outbyte Driver Updater Installation File
Exit code:
3221226540
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6496"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exe
explorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Outbyte Driver Updater Installation File
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6788"C:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exe" /spid:6496 /splha:36807488C:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exe
outbyte-driver-updater.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Version:
2.3.3.29920
Modules
Images
c:\users\admin\appdata\local\temp\is-10362641.tmp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
6 090
Read events
6 064
Write events
26
Delete events
0

Modification events

(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.CustomClientId
Value:
1036007967.855036238427
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.URLClientId
Value:
1036007967.855036238427
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D484312-C2E8-96B5-2103-43B791F33EFF}\Version
Operation:writeName:Assembly
Value:
79D02920588C76A61540647CF08B0A8B79D02920588C76A61540647CF08B0A8B88AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.CID
Value:
2746132340.1722457881
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.SID
Value:
t5X5vansJG
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:Application.GAIV.FunnelDate
Value:
B3D9085D1B38E640
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.Language
Value:
ENU
Executable files
17
Suspicious files
15
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\deu.lngbinary
MD5:A2352B514C8E9C6AAB9BF666336CC3A2
SHA256:3E972D678566983AD5D78644E400B20121946E110263B1890D525E299F952B1C
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\InstallerUtils.dllexecutable
MD5:95D95FE50BEE00F87946A2CD1D43FB66
SHA256:ADC52E27A490B387C9DFBF9562D309C7A588C5732CFE3A90B45268A5ECA94C5E
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\vcl250.bplexecutable
MD5:841026051B1D109DF5808266CA610C6E
SHA256:2DBAA8B91E2E9FBB1E9A9AFAFA192386C30C2CBC87DA9AF77A763E11122A1E17
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\SetupHelper.dllexecutable
MD5:7A29A34755754B7541AFCD5BF1801341
SHA256:139470E7E2FFE39DAF8BB722CFEE05BEA1E7CECF6FD6CCFF31431A897DE9D1C1
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exebinary
MD5:2F1908B8473BF08AFF928A95EE9ADF2D
SHA256:A9C97F9BDDE97F6A761CAE877E4D90B9E07253C5FE6E683708423E1CB90A535C
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\ita.lngbinary
MD5:152C0C480E5D2FF5EC5EF0BE40284184
SHA256:A3A490B68F5699350EBF90DA5C5E5EC01C7940EE4CA8A4E9D39150E579A19C7C
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\rtl250.bplexecutable
MD5:481B636BD54E231810C7D2C045D70168
SHA256:4722EF802CE0F9971EE37D56CB821800C11048C4BF72D81B6702CA7690AB531B
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\vclimg250.bplexecutable
MD5:EB89B73CD72B9077CA542B0D2582F20E
SHA256:1C2C45A932484BC94850911E27942E461709DC5FF7747020267D984E4E404AA2
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\jpn.lngbinary
MD5:827C25F3AF9E89FA53219AEB1D373FA9
SHA256:5AA8C0536A41DD65520AFF319BC37C38784BF779147CD860F2B0802C97EAC5CB
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\OxComponentsRTL.bplexecutable
MD5:EAA639D3B6FE692BEB942C27D7D2724B
SHA256:654D5C7C5D256CE188B821F598BE9CBCDFE61D6414B6D1FBCB62D1483D8C8AB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
17
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAwfypkv9EfKYa1bFvWpvwk%3D
unknown
whitelisted
GET
200
45.33.97.245:443
https://outbyte.com/tools/userdata/?product=driver-updater
unknown
binary
13 b
GET
200
45.33.97.245:443
https://outbyte.com/sid/get/t5X5vansJG/
unknown
binary
51 b
POST
204
142.250.185.174:443
https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg
unknown
GET
200
45.33.97.245:443
https://outbyte.com/tools/ipInfo/
unknown
binary
136 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4664
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1928
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4664
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6788
Installer.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4324
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
outbyte.com
  • 45.33.97.245
unknown
www.google-analytics.com
  • 142.250.185.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
outbyte-driver-updater.exe