File name:

Intel-Driver-and-Support-Assistant-Installer.exe

Full analysis: https://app.any.run/tasks/2ac1e4a6-da0b-411f-85de-6827bdafcfa4
Verdict: Malicious activity
Analysis date: June 25, 2024, 19:57:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

75174C136C15EB50C81EBFCB7B768D6A

SHA1:

8A7F7844AD78F1A1B6B3B1E07D06B8ADA09A2B53

SHA256:

6682E936C0914AD87DD6699E8A7F22FAE9BB255E4393930281C86972665DD369

SSDEEP:

49152:YYiVOXT863HShwxaSffCunW6OcURY5D8vAkOd2z5HNmedf/ptG72T/CSOZr:biwhXSPyjhOpRMD8vZjmedLG70CSe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads the Internet Settings

      • BootstrapperUI_V2.exe (PID: 3700)

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

  • INFO

    • Checks supported languages

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads the computer name

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads the machine GUID from the registry

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads Environment values

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Disables trace logs

      • BootstrapperUI_V2.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 24.3.26.8
ProductVersionNumber: 24.3.26.8
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 24.3.26.8
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 24.3.26.8
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer.exe bootstrapperui_v2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3392"C:\Users\admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" C:\Users\admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
explorer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Version:
24.3.26.8
Modules
Images
c:\users\admin\appdata\local\temp\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3700"C:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{78042054-7B80-4271-B3D4-EDB7138353EA} {8032D56C-2978-499E-8592-4BC5F3E7B194}C:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
BootstrapperUI
Version:
24.3.26.8
Modules
Images
c:\users\admin\appdata\local\temp\{c232cbc7-682e-41b8-8dde-48b4433fb196}\.ba\bootstrapperui_v2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
2 209
Read events
2 196
Write events
13
Delete events
0

Modification events

(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:ConsoleTracingMask
Value:
Executable files
24
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\GalaSoft.MvvmLight.Extras.dllexecutable
MD5:D9C798E9A0E0EC3A09495D619E96C458
SHA256:8DE04C655729181216BD3F8B6FA75FB784D2CD555022873AC38FC1588592F00B
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\th\BootstrapperUI_V2.resources.dllexecutable
MD5:594CB4312A7FD15E6D72AF5AA6913BE6
SHA256:534962BEA045D9CA8A8135BBA8EF025FC3A4CF5343A47E249A86688D8B83A865
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\fr\BootstrapperUI_V2.resources.dllexecutable
MD5:E462631050803B72DFCA3B49E91D1ACD
SHA256:C146DDB32FD877A17201A72A2AC7EBF9736F550B71A3C4581A3B701E1AA5DB78
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\GalaSoft.MvvmLight.Platform.dllexecutable
MD5:819EABE09308AD05341152E61925B33F
SHA256:A5E126E6879F7326F621A5D08B2552C0D54B6A44D23FEC997058A1A6C78B174D
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\vi\BootstrapperUI_V2.resources.dllexecutable
MD5:7A6478D5960E5042C5A89F481E67D8DD
SHA256:E1CF09DCBA99488FC93A8A935ADE30F3ED682783EAE209CD9BA2BBAC73D0DB2C
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\es\BootstrapperUI_V2.resources.dllexecutable
MD5:B03A31232740D2E7497D86489F147638
SHA256:5846D91DC6949040BA6818EDC80F45B7DC875D09EC3FE56B49A7FDEFEEB3DEBA
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\ja\BootstrapperUI_V2.resources.dllexecutable
MD5:2C8B2E47BEBD546A8C053F8859D306D6
SHA256:7898FAF8BF359CF21E1074C83772421981D87E8D53A6AB69C3543064C4F3081E
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\ko\BootstrapperUI_V2.resources.dllexecutable
MD5:C6C9EA1C041F6DD390A53A5714F559A5
SHA256:955D5C14BE38EB620B049D7F5B192F1D6E614320B17C1625D9F0CD7289AEFA04
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\pt-BR\BootstrapperUI_V2.resources.dllexecutable
MD5:8865827C673F6B9033DAAD970F229F8F
SHA256:9D2D05A46F5B3F04057CF0DD65FCA11624A51EE88A4A1EB23CE6A760DCAC2275
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exe.configxml
MD5:CB6048A33306DA8D4D32204388B83E94
SHA256:5C65F5D0BDD4B45FFF99C3AD3C3F319B9BA1824336D83463162ED5A02CBE3439
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fbe613066ac7852b
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
1060
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer.exe