URL: | http://file.drivethelife.com/download/7.1.15.48/DriverTalent_setup.exe |
Full analysis: | https://app.any.run/tasks/e08989e7-ef4d-4f1b-9547-4d09c9939ca7 |
Verdict: | Malicious activity |
Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
Analysis date: | January 11, 2019, 04:36:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | D1E33FC1ED2E41EA6A572951F5AC2A58 |
SHA1: | 36E8ADBFB4181964290A0C4DF6446E39C0024468 |
SHA256: | 73BC1BBFB2FDBBC27125631B5EDEC84C0964EFE87CA24A450858619B7E7D0602 |
SSDEEP: | 3:N1KY0MRDExKLSOUQHi90Qh4A:CY0Mhm+C4A |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3036 | "C:\Program Files\Google\Chrome\Application\chrome.exe" http://file.drivethelife.com/download/7.1.15.48/DriverTalent_setup.exe | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
3772 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x701500b0,0x701500c0,0x701500cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
3012 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3040 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 68.0.3440.106 | ||||
2272 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=916,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=AA494380577D90A2CDEFA9D0D1E41C19 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
2680 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=916,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=06F0A89E26151B7EC37DAD82D462C525 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=06F0A89E26151B7EC37DAD82D462C525 --renderer-client-id=4 --mojo-platform-channel-handle=1900 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 68.0.3440.106 | ||||
3424 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=916,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --service-pipe-token=3CF9F7AC15F2A08AAA98938C746A79BB --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3CF9F7AC15F2A08AAA98938C746A79BB --renderer-client-id=3 --mojo-platform-channel-handle=2056 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2652 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=916,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --disable-gpu-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=2B36FAA22B0BDFDFD6F8A73CB79AAA82 --mojo-platform-channel-handle=3780 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
252 | "C:\Users\admin\Downloads\DriverTalent_setup.exe" | C:\Users\admin\Downloads\DriverTalent_setup.exe | — | chrome.exe |
User: admin Company: OSToto Co., Ltd. Integrity Level: MEDIUM Description: Driver Talent Setup Exit code: 3221226540 Version: 7.1.15.48 | ||||
1076 | "C:\Users\admin\Downloads\DriverTalent_setup.exe" | C:\Users\admin\Downloads\DriverTalent_setup.exe | chrome.exe | |
User: admin Company: OSToto Co., Ltd. Integrity Level: HIGH Description: Driver Talent Setup Version: 7.1.15.48 | ||||
1964 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=916,6648249723427096982,15695952238347034389,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=3F9A4C09251FAB766E9A0AEEC696B838 --mojo-platform-channel-handle=2420 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\9cdc75cc-e6cb-4f89-b478-346ea05c9ba0.tmp | — | |
MD5:— | SHA256:— | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp | — | |
MD5:— | SHA256:— | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\40903231-b706-4c3d-ae11-5e85bfc9bc5d.tmp | — | |
MD5:— | SHA256:— | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:C10EBD4DB49249EFC8D112B2920D5F73 | SHA256:90A1B994CAFE902F22A88A22C0B6CC9CB5B974BF20F8964406DD7D6C9B8867D1 | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old | text | |
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542 | SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\297432ab-1a3a-4cae-8c06-ffc39e298fd6.tmp | — | |
MD5:— | SHA256:— | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF20ea35.TMP | text | |
MD5:92BE6B127E72365885AD4C3FB6534EE2 | SHA256:54302A2573ACC775720E7DB0AD85873276713302B4F72596A8DCC44B01C70E51 | |||
3036 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF20ea83.TMP | text | |
MD5:1AA66EFDB743FB0A8DCC1CD79B0B6542 | SHA256:28D56532CCED7375A2A1C7731E57C1A1C2EC1AC9827F3E5BEEE7F8069A5F87DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
1076 | DriverTalent_setup.exe | GET | 200 | 93.184.221.240:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 55.2 Kb | whitelisted |
3036 | chrome.exe | GET | 200 | 52.222.163.50:80 | http://file.drivethelife.com/download/7.1.15.48/DriverTalent_setup.exe | US | executable | 15.7 Mb | whitelisted |
1076 | DriverTalent_setup.exe | POST | 200 | 52.214.73.247:80 | http://rp.bestupdatemeta.com/ | IE | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3036 | chrome.exe | 172.217.16.195:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3036 | chrome.exe | 216.58.205.227:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3036 | chrome.exe | 172.217.22.13:443 | accounts.google.com | Google Inc. | US | whitelisted |
1076 | DriverTalent_setup.exe | 192.96.201.162:80 | img.bestupdatemeta.com | Leaseweb USA, Inc. | US | malicious |
3036 | chrome.exe | 172.217.21.227:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
3036 | chrome.exe | 172.217.23.142:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
1076 | DriverTalent_setup.exe | 52.214.73.247:80 | rp.bestupdatemeta.com | Amazon.com, Inc. | IE | malicious |
1076 | DriverTalent_setup.exe | 52.209.41.250:80 | os.bestupdatemeta.com | Amazon.com, Inc. | IE | malicious |
1076 | DriverTalent_setup.exe | 13.57.48.181:3800 | dispatch.integrate.drivethelife.com | Amazon.com, Inc. | US | unknown |
3036 | chrome.exe | 52.222.163.50:80 | file.drivethelife.com | Amazon.com, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
file.drivethelife.com |
| whitelisted |
accounts.google.com |
| shared |
sb-ssl.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
www.download.windowsupdate.com |
| whitelisted |
dispatch.integrate.drivethelife.com |
| unknown |
rp.bestupdatemeta.com |
| malicious |
os.bestupdatemeta.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3036 | chrome.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
1076 | DriverTalent_setup.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1 |
1076 | DriverTalent_setup.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2 |
1076 | DriverTalent_setup.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3 |
1076 | DriverTalent_setup.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4 |
Process | Message |
---|---|
DriverTalent_setup.exe | hwang global_licence_url: http://www.drivethelife.com/EULA.html |
DriverTalent_setup.exe | hwang Create Directory C:\Users\admin\AppData\Local\Temp\Hot397E.tmp!
|
DriverTalent_setup.exe | hwang UnCompress EXT to C:\Users\admin\AppData\Local\Temp\Hot397E.tmp .
|
DriverTalent_setup.exe | hwang UnCompress successful.
|
DriverTalent_setup.exe | hwang Create Directory C:\Program Files\OSTotoSoft\DriverTalent!
|
DriverTalent_setup.exe | hwang UnCompress DATA to C:\Program Files\OSTotoSoft\DriverTalent .
|
DriverTalent_setup.exe | hwang UnCompress successful.
|
DriverTalent_setup.exe | hwang Copy C:\Users\admin\AppData\Local\Temp\Hot397E.tmp\DTInstUI.dll to C:\Program Files\OSTotoSoft\DriverTalent ! |
DriverTalent_setup.exe | hwang Copy C:\Users\admin\AppData\Local\Temp\Hot397E.tmp\AdModule.dll to C:\Program Files\OSTotoSoft\DriverTalent ! |
DriverTalent_setup.exe | hwang Copy C:\Users\admin\AppData\Local\Temp\Hot397E.tmp\substat.dll to C:\Program Files\OSTotoSoft\DriverTalent ! |