File name:

Intel-Driver-and-Support-Assistant-Installer.exe

Full analysis: https://app.any.run/tasks/2ac1e4a6-da0b-411f-85de-6827bdafcfa4
Verdict: Malicious activity
Analysis date: June 25, 2024, 19:57:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

75174C136C15EB50C81EBFCB7B768D6A

SHA1:

8A7F7844AD78F1A1B6B3B1E07D06B8ADA09A2B53

SHA256:

6682E936C0914AD87DD6699E8A7F22FAE9BB255E4393930281C86972665DD369

SSDEEP:

49152:YYiVOXT863HShwxaSffCunW6OcURY5D8vAkOd2z5HNmedf/ptG72T/CSOZr:biwhXSPyjhOpRMD8vZjmedLG70CSe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

  • SUSPICIOUS

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads the Internet Settings

      • BootstrapperUI_V2.exe (PID: 3700)

  • INFO

    • Checks supported languages

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)
      • BootstrapperUI_V2.exe (PID: 3700)

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Reads the computer name

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)
      • BootstrapperUI_V2.exe (PID: 3700)

    • Reads the machine GUID from the registry

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)

    • Disables trace logs

      • BootstrapperUI_V2.exe (PID: 3700)

    • Reads Environment values

      • BootstrapperUI_V2.exe (PID: 3700)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 24.3.26.8
ProductVersionNumber: 24.3.26.8
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 24.3.26.8
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 24.3.26.8
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer.exe bootstrapperui_v2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3392"C:\Users\admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe" C:\Users\admin\AppData\Local\Temp\Intel-Driver-and-Support-Assistant-Installer.exe
explorer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Version:
24.3.26.8
Modules
Images
c:\users\admin\appdata\local\temp\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3700"C:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{78042054-7B80-4271-B3D4-EDB7138353EA} {8032D56C-2978-499E-8592-4BC5F3E7B194}C:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
BootstrapperUI
Version:
24.3.26.8
Modules
Images
c:\users\admin\appdata\local\temp\{c232cbc7-682e-41b8-8dde-48b4433fb196}\.ba\bootstrapperui_v2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
2 209
Read events
2 196
Write events
13
Delete events
0

Modification events

(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3700) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:ConsoleTracingMask
Value:
Executable files
24
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\de\BootstrapperUI_V2.resources.dllexecutable
MD5:E20749FC2A2A24F4499A6E622CF263EF
SHA256:1E24731DC7BD4FE61C7C37B082F3B00108F047EE24B4596CFD570B52B0C2D3AA
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\ko\BootstrapperUI_V2.resources.dllexecutable
MD5:C6C9EA1C041F6DD390A53A5714F559A5
SHA256:955D5C14BE38EB620B049D7F5B192F1D6E614320B17C1625D9F0CD7289AEFA04
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\id\BootstrapperUI_V2.resources.dllexecutable
MD5:F6CCDE24E714364CE7288FE7CED0A3B8
SHA256:E8AE1E7D3A237ADA0D95A8C739A11570F52AE956242B910DB59BDF226DF75DBF
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\BootstrapperUI_V2.exeexecutable
MD5:7FCF8606160DEC95FBDB53701908ED01
SHA256:D1124234641940BE68AC2AF4BCDDB2D0FF6C4C44E982A33608E9BA692B6E854A
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\fr\BootstrapperUI_V2.resources.dllexecutable
MD5:E462631050803B72DFCA3B49E91D1ACD
SHA256:C146DDB32FD877A17201A72A2AC7EBF9736F550B71A3C4581A3B701E1AA5DB78
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\GalaSoft.MvvmLight.Platform.dllexecutable
MD5:819EABE09308AD05341152E61925B33F
SHA256:A5E126E6879F7326F621A5D08B2552C0D54B6A44D23FEC997058A1A6C78B174D
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\ja\BootstrapperUI_V2.resources.dllexecutable
MD5:2C8B2E47BEBD546A8C053F8859D306D6
SHA256:7898FAF8BF359CF21E1074C83772421981D87E8D53A6AB69C3543064C4F3081E
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\System.Buffers.dllexecutable
MD5:6868FC142B679D8EBEEF2AC3A6CFCED5
SHA256:962B2711D5792B2B265C6E5BE74745B122BF24584803614CEAB7F44F6EC9D5CA
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\zh-CN\BootstrapperUI_V2.resources.dllexecutable
MD5:D7E708FEF39D4179CB518391091329F7
SHA256:59A850476D1A5A3EB7FE850B09F9B58F7D0DC257227CA1291E9FF228B5E09056
3392Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{C232CBC7-682E-41B8-8DDE-48B4433FB196}\.ba\zh-TW\BootstrapperUI_V2.resources.dllexecutable
MD5:E40528D73249E402E5DCED08FA7248A7
SHA256:F0B63C48476F47B40C55E59627A44DC4E59A638AB223C8C870B8718FF7590482
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fbe613066ac7852b
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
1060
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer.exe