analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

DCcduino_ch340-drivers.zip

Full analysis: https://app.any.run/tasks/87414982-cf0b-43dc-b2f6-a58f7b6a73b0
Verdict: Malicious activity
Analysis date: April 25, 2019, 11:18:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

BB4B0F3F428B17CCEC69B29E38F5386D

SHA1:

4007B7152907389CA8CC35FF36CFEA49D1710AF6

SHA256:

B9CEDB1C0F122DE38E9A3AEE93ABC02085F91B678077AE75BFCCC594F301BC0C

SSDEEP:

12288:UPi9BYuhKwax04Z6RZHyianxi47XZ5VLe/CgSqvkoSdF:UwSAnyHZze/BSqvkHF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ƒ£øȵ˜ ‘.EXE (PID: 2360)
      • ƒ£øȵ˜ ‘.EXE (PID: 2924)
      • SETUP.EXE (PID: 1592)
      • SETUP.EXE (PID: 3176)

    • Loads dropped or rewritten executable

      • SETUP.EXE (PID: 1592)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SETUP.EXE (PID: 1592)
      • WinRAR.exe (PID: 2664)

    • Removes files from Windows directory

      • DrvInst.exe (PID: 1472)
      • SETUP.EXE (PID: 1592)

    • Creates files in the driver directory

      • SETUP.EXE (PID: 1592)
      • DrvInst.exe (PID: 1472)

    • Creates files in the Windows directory

      • DrvInst.exe (PID: 1472)
      • SETUP.EXE (PID: 1592)

  • INFO

    • Changes settings of System certificates

      • DrvInst.exe (PID: 1472)

    • Adds / modifies Windows certificates

      • DrvInst.exe (PID: 1472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xpi | Mozilla Firefox browser extension (66.6)
.zip | ZIP compressed archive (33.3)

EXIF

ZIP

ZipFileName: CH341SER_LINUX/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2013:08:09 21:26:06
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
7
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe ƒ£ø赘 ‘.exe no specs notepad.exe no specs setup.exe no specs setup.exe drvinst.exe no specs ƒ£ø赘 ‘.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2664"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\DCcduino_ch340-drivers.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2360"C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\CH341SER_WIN\INSTALL\ƒ£øȵ˜ ‘.EXE" C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\CH341SER_WIN\INSTALL\ƒ£øȵ˜ ‘.EXEWinRAR.exe
User:
admin
Company:
南京沁恒电子有限公司
Integrity Level:
MEDIUM
Description:
1.5
Exit code:
0
Version:
1.50
3360"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2664.25470\README.TXTC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3176"C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.26815\CH341SER_WIN\CH341SER\SETUP.EXE" C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.26815\CH341SER_WIN\CH341SER\SETUP.EXEWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
EXE For Driver Installation
Exit code:
3221226540
Version:
1, 6, 0, 0
1592"C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.26815\CH341SER_WIN\CH341SER\SETUP.EXE" C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.26815\CH341SER_WIN\CH341SER\SETUP.EXE
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
EXE For Driver Installation
Exit code:
1
Version:
1, 6, 0, 0
1472DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{789d9362-9a73-169b-4457-d91cd3005365}\CH341SER.INF" "0" "606613b1f" "0000055C" "WinSta0\Default" "000005BC" "208" "C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.26815\CH341SER_WIN\CH341SER"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2924"C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.29089\CH341SER_WIN\INSTALL\ƒ£øȵ˜ ‘.EXE" C:\Users\admin\AppData\Local\Temp\Rar$EXa2664.29089\CH341SER_WIN\INSTALL\ƒ£øȵ˜ ‘.EXEWinRAR.exe
User:
admin
Company:
南京沁恒电子有限公司
Integrity Level:
MEDIUM
Description:
1.5
Exit code:
0
Version:
1.50
Total events
520
Read events
463
Write events
0
Delete events
0

Modification events

No data
Executable files
32
Suspicious files
13
Text files
153
Unknown types
93

Dropped files

PID
Process
Filename
Type
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\CH341SER_LINUX\Makefiletext
MD5:6063BA99C38D0C0C35A97C337228987C
SHA256:2DCB66448B88A0A98A33C7020D84FFBE8D1E92F3311EBC1CD8B9570B76F1607F
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_WIN\CH341SER\._CH341PT.DLLad
MD5:BC850336E6D14E0F08FFB85D59A551EC
SHA256:ECC2C1E061AB829195286D538A05FB95F04CF132B7463B9C36A1A409F0407D4D
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_WIN\CH341SER\._CH341S64.SYSad
MD5:BC850336E6D14E0F08FFB85D59A551EC
SHA256:ECC2C1E061AB829195286D538A05FB95F04CF132B7463B9C36A1A409F0407D4D
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_WIN\CH341SER\._CH341S98.SYSad
MD5:BC850336E6D14E0F08FFB85D59A551EC
SHA256:ECC2C1E061AB829195286D538A05FB95F04CF132B7463B9C36A1A409F0407D4D
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\._CH341SER_LINUXad
MD5:6CB7EC21B25BA94EA450329EFD9D4D79
SHA256:C15E9215FA6E024F3A9C0DA8C00AF1B0BDFA0CD665FAAD6D4AA65F2FD34FD3CD
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\CH341SER_MAC\readme.pdfpdf
MD5:949C296D9C17B51C17B23E6340C9DB72
SHA256:0A97B56A8D52101B0AFC63987FC90AA905522447A07E2C23AB0976B6CF499910
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\._CH341SER_MACad
MD5:75A40986007682F26BF35BD3DD09AE43
SHA256:3F4881EAF323912A06E57E3384D61C55FB618E0E26D37330C8A81BBD5B19EF5C
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_MAC\.___MACOSXad
MD5:2DF08DDB9A874245B940D830118B378C
SHA256:BDE382C85C7626F05BD4CCD2382C543F723EBDB711541CFCDD6BC019AF411C50
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_MAC\._ch34xInstall.pkgad
MD5:092A23BFCD30143AF04E4E316EFA8334
SHA256:720BB9731BF1364422460F0CBF97D22AC146E4CAC15755205D52DC7B6651A0B7
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2664.18750\__MACOSX\CH341SER_MAC\._readme.pdfad
MD5:12B4AF17601AD4DBA7EE0F00D2B092D0
SHA256:2C99E1ED1CE6429E949E3F73BEE62BEF3732D680F3FDAD25C8FF933F23F90732
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
DCcduino_ch340-drivers.zip