File name:

file-lettore-memory-card-sabrent-crw-uinb-driver.zip

Full analysis: https://app.any.run/tasks/8386022d-c642-4a4a-805d-a96afe93b666
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 22, 2022, 20:36:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

81214C9BFF52B598CE4C80C4F2A33452

SHA1:

5192170A050D73E0293FFCD6C100DF2ED91C693E

SHA256:

AADA8732E68C19C0E482D6087758BC7E8075E2B5DD4E67C8D3DCC736ABCD7968

SSDEEP:

24576:ruIUvMGbn0sE4GROoJCaYq+7fNuV7tpXs9W7+NOJBjYZpQfeSK+uQ:ruIUvnTE9ROCChZ7fUVEumOjYZWBK/Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • InstallerDU__a591.exe (PID: 2184)
      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 444)
      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Drops executable file immediately after starts

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Loads dropped or rewritten executable

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2308)
      • InstallerDU__a591.exe (PID: 2184)
      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Checks supported languages

      • WinRAR.exe (PID: 2308)
      • InstallerDU__a591.exe (PID: 2184)
      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Reads the computer name

      • WinRAR.exe (PID: 2308)
      • InstallerDU__a591.exe (PID: 2184)
      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Creates a directory in Program Files

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Drops a file with too old compile date

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Drops a file that was compiled in debug mode

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

    • Creates files in the program directory

      • DriverUpdaterSetup-2.6.1.2357.exe (PID: 2148)

  • INFO

    • Manual execution by user

      • InstallerDU__a591.exe (PID: 2184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: InstallerDU__a591.exe
ZipUncompressedSize: 1178720
ZipCompressedSize: 1167918
ZipCRC: 0x095e9be0
ZipModifyDate: 2020:08:13 15:12:22
ZipCompression: Deflated
ZipBitFlag: 0x0008
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start download and start download and start winrar.exe installerdu__a591.exe driverupdatersetup-2.6.1.2357.exe no specs driverupdatersetup-2.6.1.2357.exe

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Users\admin\AppData\Local\Temp\DriverUpdaterSetup-2.6.1.2357.exe" /partnerId=a591 /vid=591C:\Users\admin\AppData\Local\Temp\DriverUpdaterSetup-2.6.1.2357.exeInstallerDU__a591.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Carambis Driver Updater Installer
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\driverupdatersetup-2.6.1.2357.exe
c:\windows\system32\ntdll.dll
2148"C:\Users\admin\AppData\Local\Temp\DriverUpdaterSetup-2.6.1.2357.exe" /partnerId=a591 /vid=591C:\Users\admin\AppData\Local\Temp\DriverUpdaterSetup-2.6.1.2357.exe
InstallerDU__a591.exe
User:
admin
Integrity Level:
HIGH
Description:
Carambis Driver Updater Installer
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\driverupdatersetup-2.6.1.2357.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2184"C:\Users\admin\Desktop\InstallerDU__a591.exe" C:\Users\admin\Desktop\InstallerDU__a591.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
Carambis Driver Updater Installer
Exit code:
3
Version:
2.0.3.0
Modules
Images
c:\users\admin\desktop\installerdu__a591.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
2308"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\file-lettore-memory-card-sabrent-crw-uinb-driver.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
Total events
2 428
Read events
2 397
Write events
31
Delete events
0

Modification events

(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2308) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\file-lettore-memory-card-sabrent-crw-uinb-driver.zip
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2308) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
18
Suspicious files
0
Text files
13
Unknown types
1

Dropped files

PID
Process
Filename
Type
2308WinRAR.exeC:\Users\admin\Desktop\__MACOSX\._InstallerDU__a591.exead
MD5:
SHA256:
2184InstallerDU__a591.exeC:\Users\admin\AppData\Local\Temp\DriverUpdaterSetup-2.6.1.2357.exeexecutable
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\list-bullet.bmpimage
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\nst6829.tmp\base-translate.initext
MD5:
SHA256:
2184InstallerDU__a591.exeC:\Users\admin\AppData\Local\Temp\DriverUpdaterInstaller.logtext
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\nst6829.tmp\installer-translate.initext
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\avast_bgrn.bmpimage
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\nst6829.tmp\opera_translate.initext
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\opera_bgrn_ru.bmpimage
MD5:
SHA256:
2148DriverUpdaterSetup-2.6.1.2357.exeC:\Users\admin\AppData\Local\Temp\nst6829.tmp\System.dllexecutable
MD5:8CF2AC271D7679B1D68EEFC1AE0C5618
SHA256:6950991102462D84FDC0E3B0AE30C95AF8C192F77CE3D78E8D54E6B22F7C09BA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
16
DNS requests
2
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
executable
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
2184
InstallerDU__a591.exe
GET
200
188.130.153.32:80
http://a.carambis.com/program_downloader.php
RU
binary
1.58 Kb
malicious
2184
InstallerDU__a591.exe
HEAD
200
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
suspicious
2184
InstallerDU__a591.exe
GET
206
188.130.153.32:80
http://du7.carambis.com/DriverUpdaterSetup-2.6.1.2357.exe
RU
binary
1.54 Mb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2184
InstallerDU__a591.exe
188.130.153.32:80
a.carambis.com
RU
malicious

DNS requests

Domain
IP
Reputation
a.carambis.com
  • 188.130.153.32
  • 188.130.153.33
malicious
du7.carambis.com
  • 188.130.153.32
  • 188.130.153.33
suspicious

Threats

PID
Process
Class
Message
2184
InstallerDU__a591.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2184
InstallerDU__a591.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
file-lettore-memory-card-sabrent-crw-uinb-driver.zip