File name:

DPInst64.exe

Full analysis: https://app.any.run/tasks/190a3f4d-c946-4e9d-b16e-6105898717d2
Verdict: Malicious activity
Analysis date: February 20, 2025, 07:56:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 5 sections
MD5:

FB5D2817BDAEC22CA960F04AFC8F55F1

SHA1:

E91FDB2CD72603544DB74D8174BCB6348C65D9A4

SHA256:

BCB2A445F1FA5B7CCD362A0AF6D102A24B2AFFFB4E0534272348CBDB4ED58022

SSDEEP:

12288:CteWC4yUnBxMNn2H95Y3M7Rr2JxJ9V+FJ:q9CLUBxY2H9O3M7Rr2qJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • DPInst64.exe (PID: 2216)
      • DPInst64.exe (PID: 1540)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • DPInst64.exe (PID: 1540)

    • Starts a Microsoft application from unusual location

      • DPInst64.exe (PID: 2216)
      • DPInst64.exe (PID: 1540)

  • INFO

    • The sample compiled with arabic language support

      • DPInst64.exe (PID: 1540)

    • Reads the computer name

      • DPInst64.exe (PID: 1540)

    • Checks supported languages

      • DPInst64.exe (PID: 1540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2006:10:16 23:57:22+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 8
CodeSize: 529408
InitializedDataSize: 392704
UninitializedDataSize: -
EntryPoint: 0x6bd3c
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 2.1.0.0
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: ‎‎Driver Package Installer
FileVersion: 2.1
InternalName: DPInst
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: DPInst.exe.mui
ProductName: Driver Package Installer (DPInst)
ProductVersion: 2.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
130
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start dpinst64.exe dpinst64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1540"C:\Users\admin\AppData\Local\Temp\DPInst64.exe" C:\Users\admin\AppData\Local\Temp\DPInst64.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
2147483648
Version:
2.1
Modules
Images
c:\users\admin\appdata\local\temp\dpinst64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2216"C:\Users\admin\AppData\Local\Temp\DPInst64.exe" C:\Users\admin\AppData\Local\Temp\DPInst64.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Driver Package Installer
Exit code:
3221226540
Version:
2.1
Modules
Images
c:\users\admin\appdata\local\temp\dpinst64.exe
c:\windows\system32\ntdll.dll
Total events
26
Read events
26
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1540DPInst64.exeC:\Windows\DPINST.LOGbinary
MD5:A96219C79F9D80BB66FB341C68854346
SHA256:7CE849FF0C55D0D1CBE6BAD2D22205D4CB6BD57B13FE2F7012F8A023A6428622
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
32
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2164
svchost.exe
GET
200
23.48.23.150:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2164
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5320
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5320
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4556
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2164
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2776
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2164
svchost.exe
23.48.23.150:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2164
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
184.86.251.29:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
1176
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 40.127.240.158
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.150
  • 23.48.23.169
  • 23.48.23.145
  • 23.48.23.140
  • 23.48.23.167
  • 23.48.23.180
  • 23.48.23.147
  • 23.48.23.158
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 23.219.150.101
whitelisted
www.bing.com
  • 184.86.251.29
  • 184.86.251.26
  • 184.86.251.25
  • 184.86.251.22
  • 184.86.251.28
  • 184.86.251.16
  • 184.86.251.27
  • 184.86.251.15
  • 184.86.251.19
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.23.77.188
whitelisted
login.live.com
  • 20.190.160.3
  • 20.190.160.132
  • 20.190.160.17
  • 20.190.160.131
  • 40.126.32.140
  • 20.190.160.128
  • 20.190.160.66
  • 20.190.160.14
whitelisted
go.microsoft.com
  • 2.18.97.227
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DPInst64.exe