File name:

PROD_Start_DriverPack.hta

Full analysis: https://app.any.run/tasks/19282ce8-afa0-4372-8c68-fbed2602e103
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 22, 2023, 19:20:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: text/html
File info: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5:

DDA846A4704EFC2A03E1F8392E6F1FFC

SHA1:

387171A06EEE5A76AAEDC3664385BB89703CF6DF

SHA256:

E9DC9648D8FB7D943431459F49A7D9926197C2D60B3C2B6A58294FD75B672B25

SSDEEP:

48:uzK1vpKljUYpuqgs1pxXzOSRByHCpmF50bxxdW6kI:qiIT3BjNOSOGmF50tKA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • 7za.exe (PID: 120)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-7za.exe (PID: 2392)
      • driverpack-wget.exe (PID: 2896)
      • driverpack-wget.exe (PID: 1148)
      • driverpack-wget.exe (PID: 2104)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 2912)
      • aria2c.exe (PID: 2776)
      • driverpack-wget.exe (PID: 1932)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 4156)
      • driverpack-wget.exe (PID: 3536)
      • driverpack-wget.exe (PID: 4380)
      • driverpack-wget.exe (PID: 4428)
      • aria2c.exe (PID: 3876)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 3264)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 5156)
      • driverpack-wget.exe (PID: 5244)
      • driverpack-wget.exe (PID: 4268)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4064)
      • driverpack-wget.exe (PID: 4316)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 5452)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 3044)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 4284)
      • driverpack-wget.exe (PID: 4400)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 2176)
      • aria2c.exe (PID: 5020)
      • driverpack-wget.exe (PID: 5380)
      • driverpack-wget.exe (PID: 5620)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 3248)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 6052)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 4780)
      • driverpack-wget.exe (PID: 5428)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 4272)
      • driverpack-wget.exe (PID: 5636)
      • driverpack-wget.exe (PID: 4784)
      • driverpack-wget.exe (PID: 4872)
      • driverpack-wget.exe (PID: 4232)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 3772)
      • driverpack-wget.exe (PID: 5016)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4216)
      • driverpack-wget.exe (PID: 5840)
      • driverpack-wget.exe (PID: 6088)
      • driverpack-wget.exe (PID: 4324)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4544)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 4600)
      • driverpack-wget.exe (PID: 4232)
      • driverpack-wget.exe (PID: 4884)
      • driverpack-wget.exe (PID: 4068)
      • driverpack-wget.exe (PID: 5256)
      • driverpack-wget.exe (PID: 5800)
      • driverpack-wget.exe (PID: 5844)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 5504)
      • driverpack-wget.exe (PID: 3532)
      • driverpack-wget.exe (PID: 4732)
      • driverpack-wget.exe (PID: 4320)
      • driverpack-wget.exe (PID: 1616)
      • driverpack-wget.exe (PID: 4172)
      • driverpack-wget.exe (PID: 5512)
      • driverpack-wget.exe (PID: 3164)
      • driverpack-wget.exe (PID: 4440)
      • driverpack-wget.exe (PID: 6084)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 5184)
      • driverpack-wget.exe (PID: 4236)
      • driverpack-wget.exe (PID: 5320)
      • driverpack-wget.exe (PID: 5352)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 2460)

    • Starts Visual C# compiler

      • powershell.exe (PID: 2460)

    • Actions looks like stealing of personal data

      • mshta.exe (PID: 1812)

  • SUSPICIOUS

    • Process requests binary or script from the Internet

      • mshta.exe (PID: 944)
      • mshta.exe (PID: 676)
      • mshta.exe (PID: 1812)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 4156)

    • Reads the Internet Settings

      • rundll32.exe (PID: 2964)
      • mshta.exe (PID: 944)
      • powershell.exe (PID: 2328)
      • cmd.exe (PID: 1468)
      • mshta.exe (PID: 1812)
      • mshta.exe (PID: 676)
      • WMIC.exe (PID: 2696)

    • Starts CMD.EXE for commands execution

      • mshta.exe (PID: 944)
      • cmd.exe (PID: 2060)
      • mshta.exe (PID: 1812)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 744)
      • cmd.exe (PID: 3712)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 452)
      • cmd.exe (PID: 1004)
      • cmd.exe (PID: 328)
      • cmd.exe (PID: 2920)
      • cmd.exe (PID: 1932)
      • cmd.exe (PID: 3588)
      • cmd.exe (PID: 3408)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 1836)
      • cmd.exe (PID: 2920)
      • cmd.exe (PID: 1464)
      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2428)
      • cmd.exe (PID: 2776)
      • cmd.exe (PID: 1172)
      • cmd.exe (PID: 1796)
      • cmd.exe (PID: 2064)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3864)
      • cmd.exe (PID: 3980)
      • cmd.exe (PID: 3076)
      • cmd.exe (PID: 3588)
      • cmd.exe (PID: 3056)
      • cmd.exe (PID: 3768)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 660)
      • cmd.exe (PID: 3904)
      • cmd.exe (PID: 3596)
      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 3112)
      • cmd.exe (PID: 3284)

    • Query Microsoft Defender status

      • mshta.exe (PID: 944)
      • cmd.exe (PID: 744)

    • Cmdlet gets the status of antimalware software installed on the computer

      • cmd.exe (PID: 744)

    • Found strings related to reading or modifying Windows Defender settings

      • mshta.exe (PID: 944)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 2328)

    • Executable content was dropped or overwritten

      • 7za.exe (PID: 120)
      • expand.exe (PID: 3880)
      • csc.exe (PID: 2552)
      • mshta.exe (PID: 1812)
      • aria2c.exe (PID: 3776)

    • Executing commands from a ".bat" file

      • mshta.exe (PID: 944)
      • cmd.exe (PID: 2060)

    • Application launched itself

      • cmd.exe (PID: 2060)
      • mshta.exe (PID: 944)

    • Executing commands from ".cmd" file

      • mshta.exe (PID: 1812)

    • Adds/modifies Windows certificates

      • cmd.exe (PID: 1468)

    • Get information on the list of running processes

      • cmd.exe (PID: 3712)

    • The process hide an interactive prompt from the user

      • cmd.exe (PID: 3712)

    • Uses .NET C# to load dll

      • powershell.exe (PID: 2460)

    • Uses RUNDLL32.EXE to load library

      • mshta.exe (PID: 1812)

    • The process hides Powershell's copyright startup banner

      • cmd.exe (PID: 3712)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 3712)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 3712)

    • Changes internet zones settings

      • mshta.exe (PID: 1812)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cmd.exe (PID: 3772)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • cmd.exe (PID: 2696)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2292)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 3536)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3536)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2980)

    • Uses WMIC.EXE to obtain system information

      • cmd.exe (PID: 3900)

    • Searches for installed software

      • dllhost.exe (PID: 3436)

  • INFO

    • The process checks LSA protection

      • rundll32.exe (PID: 2964)
      • bitsadmin.exe (PID: 2192)
      • bitsadmin.exe (PID: 1928)
      • bitsadmin.exe (PID: 2224)
      • bitsadmin.exe (PID: 3896)
      • bitsadmin.exe (PID: 3200)
      • bitsadmin.exe (PID: 3584)
      • bitsadmin.exe (PID: 148)
      • bitsadmin.exe (PID: 3892)
      • bitsadmin.exe (PID: 3772)
      • bitsadmin.exe (PID: 2696)
      • bitsadmin.exe (PID: 2828)
      • bitsadmin.exe (PID: 3904)
      • bitsadmin.exe (PID: 3540)
      • bitsadmin.exe (PID: 3876)
      • bitsadmin.exe (PID: 3044)
      • bitsadmin.exe (PID: 4056)
      • bitsadmin.exe (PID: 3832)
      • bitsadmin.exe (PID: 3952)
      • bitsadmin.exe (PID: 1468)
      • bitsadmin.exe (PID: 3152)
      • bitsadmin.exe (PID: 3596)
      • bitsadmin.exe (PID: 1604)
      • bitsadmin.exe (PID: 4024)
      • bitsadmin.exe (PID: 2060)
      • bitsadmin.exe (PID: 2176)
      • bitsadmin.exe (PID: 2040)
      • bitsadmin.exe (PID: 1300)
      • bitsadmin.exe (PID: 2328)
      • bitsadmin.exe (PID: 148)
      • bitsadmin.exe (PID: 1620)
      • bitsadmin.exe (PID: 2644)
      • csc.exe (PID: 2552)
      • cvtres.exe (PID: 3952)
      • netsh.exe (PID: 4072)
      • netsh.exe (PID: 1016)
      • netsh.exe (PID: 2736)
      • VSSVC.exe (PID: 2980)
      • dllhost.exe (PID: 3436)
      • WMIC.exe (PID: 2696)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 4156)

    • Application launched itself

      • iexplore.exe (PID: 3796)
      • chrome.exe (PID: 3968)
      • chrome.exe (PID: 3132)

    • Manual execution by a user

      • mshta.exe (PID: 944)
      • chrome.exe (PID: 3132)
      • rundll32.exe (PID: 2964)
      • chrome.exe (PID: 3968)

    • Checks proxy server information

      • mshta.exe (PID: 944)
      • mshta.exe (PID: 1812)
      • mshta.exe (PID: 676)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 944)
      • mshta.exe (PID: 1812)
      • mshta.exe (PID: 676)

    • Create files in a temporary directory

      • 7za.exe (PID: 120)
      • expand.exe (PID: 3880)
      • cvtres.exe (PID: 3952)
      • csc.exe (PID: 2552)
      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 1932)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 2912)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 3536)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 4380)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 5452)

    • The executable file from the user directory is run by the CMD process

      • 7za.exe (PID: 120)
      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 2896)
      • driverpack-wget.exe (PID: 1148)
      • driverpack-wget.exe (PID: 2104)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 2912)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 2736)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 1948)
      • driverpack-wget.exe (PID: 1932)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 3876)
      • driverpack-wget.exe (PID: 3536)
      • aria2c.exe (PID: 4156)
      • driverpack-wget.exe (PID: 4380)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 3264)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 4064)
      • driverpack-wget.exe (PID: 5156)
      • driverpack-wget.exe (PID: 5244)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4316)
      • driverpack-wget.exe (PID: 4268)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 5452)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 5260)
      • driverpack-wget.exe (PID: 5180)
      • driverpack-wget.exe (PID: 4400)
      • driverpack-wget.exe (PID: 5380)
      • driverpack-wget.exe (PID: 3044)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 3588)
      • aria2c.exe (PID: 5020)
      • driverpack-wget.exe (PID: 6052)
      • driverpack-wget.exe (PID: 4284)
      • driverpack-wget.exe (PID: 2176)
      • driverpack-wget.exe (PID: 4780)
      • driverpack-wget.exe (PID: 3248)
      • driverpack-wget.exe (PID: 5620)
      • driverpack-wget.exe (PID: 5612)
      • driverpack-wget.exe (PID: 5428)
      • driverpack-wget.exe (PID: 4784)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 4232)
      • driverpack-wget.exe (PID: 4140)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 5636)
      • driverpack-wget.exe (PID: 3772)
      • driverpack-wget.exe (PID: 5016)
      • driverpack-wget.exe (PID: 4272)
      • driverpack-wget.exe (PID: 4872)
      • driverpack-wget.exe (PID: 1004)
      • driverpack-wget.exe (PID: 6088)
      • driverpack-wget.exe (PID: 5840)
      • driverpack-wget.exe (PID: 4216)
      • driverpack-wget.exe (PID: 4988)
      • driverpack-wget.exe (PID: 4584)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4324)
      • driverpack-wget.exe (PID: 4600)
      • driverpack-wget.exe (PID: 4544)
      • driverpack-wget.exe (PID: 4252)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 4068)
      • driverpack-wget.exe (PID: 3532)
      • driverpack-wget.exe (PID: 4448)
      • driverpack-wget.exe (PID: 4884)
      • driverpack-wget.exe (PID: 5844)
      • driverpack-wget.exe (PID: 4732)
      • driverpack-wget.exe (PID: 5532)
      • driverpack-wget.exe (PID: 5800)
      • driverpack-wget.exe (PID: 5256)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 4440)
      • driverpack-wget.exe (PID: 4320)
      • driverpack-wget.exe (PID: 5512)
      • driverpack-wget.exe (PID: 5504)
      • driverpack-wget.exe (PID: 6084)
      • driverpack-wget.exe (PID: 4232)
      • driverpack-wget.exe (PID: 4236)
      • driverpack-wget.exe (PID: 5320)
      • driverpack-wget.exe (PID: 4740)
      • driverpack-wget.exe (PID: 4172)
      • driverpack-wget.exe (PID: 5352)
      • driverpack-wget.exe (PID: 5512)
      • driverpack-wget.exe (PID: 1616)
      • driverpack-wget.exe (PID: 3164)
      • driverpack-wget.exe (PID: 4636)
      • driverpack-wget.exe (PID: 5184)
      • driverpack-wget.exe (PID: 3080)
      • driverpack-wget.exe (PID: 1616)

    • Checks supported languages

      • 7za.exe (PID: 120)
      • csc.exe (PID: 2552)
      • cvtres.exe (PID: 3952)
      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-7za.exe (PID: 2392)
      • chcp.com (PID: 4088)
      • driverpack-wget.exe (PID: 1148)
      • driverpack-wget.exe (PID: 2896)
      • driverpack-wget.exe (PID: 2104)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 2912)
      • driverpack-wget.exe (PID: 1932)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 3776)
      • driverpack-wget.exe (PID: 3536)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 4156)
      • driverpack-wget.exe (PID: 4380)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 3264)
      • driverpack-wget.exe (PID: 5244)
      • driverpack-wget.exe (PID: 4064)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 4268)
      • driverpack-wget.exe (PID: 5156)
      • driverpack-wget.exe (PID: 4316)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 5452)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 4436)

    • Reads the computer name

      • 7za.exe (PID: 120)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 2104)
      • driverpack-7za.exe (PID: 2392)
      • driverpack-wget.exe (PID: 2896)
      • driverpack-wget.exe (PID: 1148)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 1932)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 2912)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 4156)
      • driverpack-wget.exe (PID: 4380)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 3536)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 5156)
      • driverpack-wget.exe (PID: 4064)
      • driverpack-wget.exe (PID: 5244)
      • driverpack-wget.exe (PID: 3264)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 4268)
      • driverpack-wget.exe (PID: 4316)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 5452)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 4408)
      • driverpack-wget.exe (PID: 4436)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 2552)
      • cvtres.exe (PID: 3952)
      • aria2c.exe (PID: 3776)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 2776)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 4156)

    • Creates files or folders in the user directory

      • driverpack-wget.exe (PID: 3352)
      • driverpack-wget.exe (PID: 2804)
      • driverpack-wget.exe (PID: 2968)
      • driverpack-wget.exe (PID: 2420)
      • driverpack-wget.exe (PID: 876)
      • driverpack-wget.exe (PID: 2080)
      • driverpack-wget.exe (PID: 2376)
      • driverpack-wget.exe (PID: 908)
      • driverpack-wget.exe (PID: 2640)
      • driverpack-wget.exe (PID: 3428)
      • driverpack-wget.exe (PID: 1388)
      • driverpack-wget.exe (PID: 2504)
      • driverpack-wget.exe (PID: 1176)
      • driverpack-wget.exe (PID: 3568)
      • driverpack-wget.exe (PID: 1772)
      • driverpack-wget.exe (PID: 2264)
      • driverpack-wget.exe (PID: 2104)
      • driverpack-wget.exe (PID: 1148)
      • driverpack-7za.exe (PID: 2392)
      • driverpack-wget.exe (PID: 2896)
      • driverpack-wget.exe (PID: 1788)
      • driverpack-wget.exe (PID: 3692)
      • driverpack-wget.exe (PID: 1948)
      • driverpack-wget.exe (PID: 3588)
      • driverpack-wget.exe (PID: 3664)
      • driverpack-wget.exe (PID: 2892)
      • driverpack-wget.exe (PID: 3952)
      • driverpack-wget.exe (PID: 2736)
      • driverpack-wget.exe (PID: 2912)
      • driverpack-wget.exe (PID: 1472)
      • driverpack-wget.exe (PID: 1932)
      • driverpack-wget.exe (PID: 3536)
      • aria2c.exe (PID: 1948)
      • aria2c.exe (PID: 2776)
      • driverpack-wget.exe (PID: 4380)
      • aria2c.exe (PID: 3876)
      • aria2c.exe (PID: 4156)
      • driverpack-wget.exe (PID: 5436)
      • driverpack-wget.exe (PID: 4428)
      • driverpack-wget.exe (PID: 3784)
      • driverpack-wget.exe (PID: 5156)
      • aria2c.exe (PID: 3776)
      • driverpack-wget.exe (PID: 4316)
      • driverpack-wget.exe (PID: 4268)
      • driverpack-wget.exe (PID: 4064)
      • driverpack-wget.exe (PID: 3264)
      • driverpack-wget.exe (PID: 5244)
      • driverpack-wget.exe (PID: 5332)
      • driverpack-wget.exe (PID: 5520)
      • driverpack-wget.exe (PID: 4124)
      • driverpack-wget.exe (PID: 4228)
      • driverpack-wget.exe (PID: 5516)
      • driverpack-wget.exe (PID: 4120)
      • driverpack-wget.exe (PID: 4312)
      • driverpack-wget.exe (PID: 3064)
      • driverpack-wget.exe (PID: 5452)
      • driverpack-wget.exe (PID: 5468)
      • driverpack-wget.exe (PID: 4436)
      • driverpack-wget.exe (PID: 5356)
      • driverpack-wget.exe (PID: 4408)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.txt | Text - UTF-8 encoded (100)

EXIF

HTML

HTTPEquivXUACompatible: IE=7
Title: Starting...
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
668
Monitored processes
448
Malicious processes
205
Suspicious processes
26

Behavior graph

Click at the process to see the details
start notepad.exe no specs rundll32.exe no specs iexplore.exe iexplore.exe no specs chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs mshta.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs bitsadmin.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs bitsadmin.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs bitsadmin.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs bitsadmin.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs expand.exe cmd.exe no specs 7za.exe chrome.exe no specs cmd.exe cmd.exe no specs mshta.exe chrome.exe no specs cmd.exe no specs powershell.exe no specs rundll32.exe no specs csc.exe mshta.exe cvtres.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-7za.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs chcp.com no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs sc.exe no specs vssvc.exe no specs cmd.exe no specs wmic.exe no specs SPPSurrogate no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe chrome.exe no specs cmd.exe no specs driverpack-wget.exe rundll32.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs aria2c.exe aria2c.exe aria2c.exe aria2c.exe driverpack-wget.exe aria2c.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe chrome.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs aria2c.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs chrome.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs driverpack-wget.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120C:\Users\admin\AppData\Local\Temp\beetle-cab\7za.exe x -y -aoa -pbeetle "C:\Users\admin\AppData\Local\Temp\beetle-cab\arc.7z" -o"C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack" C:\Users\admin\AppData\Local\Temp\beetle-cab\7za.exe
cmd.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip Standalone Console
Exit code:
0
Version:
22.01
Modules
Images
c:\users\admin\appdata\local\temp\beetle-cab\7za.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
148"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5280648195189334310,9145654847280638094,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
148bitsadmin /info dwnl-task-60243 C:\Windows\System32\bitsadmin.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BITS administration utility
Exit code:
0
Version:
7.5.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\bitsadmin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
148bitsadmin /info dwnl-task-60243 C:\Windows\System32\bitsadmin.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BITS administration utility
Exit code:
0
Version:
7.5.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\bitsadmin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
328"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-60243 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; > "C:\Users\admin\AppData\Local\Temp\dwnl_60243\log_bits_info.txt"C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
452"C:\Windows\System32\cmd.exe" /c bitsadmin /transfer dwnl-task-60243 /download /priority foreground http://dwrapper-dev.herokuapp.com/beetle-cab.cab "C:\Users\admin\AppData\Local\Temp\dwnl_60243\dwnl_beetle-cab.cab" | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^f7f81a39-5f63-5b42-9efd-1f13b5431005quot; > "C:\Users\admin\AppData\Local\Temp\dwnl_60243\log_bits_start.txt"C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
536"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_94633.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_94633.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
656"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_1.mp3" -o "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_68467.log" & echo DONE > "C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_68467.txt""C:\Windows\System32\cmd.exemshta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
660"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,5280648195189334310,9145654847280638094,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1296 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
660findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\findstr.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
Total events
68 536
Read events
67 424
Write events
1 103
Delete events
9

Modification events

(PID) Process:(2964) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2964) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList
Operation:writeName:MRUList
Value:
a
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3796) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
22
Suspicious files
581
Text files
987
Unknown types
3

Dropped files

PID
Process
Filename
Type
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-64949F48-C3C.pma
MD5:
SHA256:
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:36E952CF37D27EFF520699BB66248EEE
SHA256:F8BCD609E9A5027525E627552A60B2E31704C6E9180749954E5A67DDBA175CD7
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{FEA6FB95-1131-11EE-B2B4-12A9866C77DE}.datbinary
MD5:F1E5EA9E326CFDAAE56D97EC708CD8B8
SHA256:EA69216CDF1CE01C3D1DF0E086D7BA12BF8DF588A8B92B60240696193B008EBF
3796iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF0CA3A2ABA3FCBF0E.TMPbinary
MD5:10F639C9B5932266868C07FE17E6B94E
SHA256:FE2CADC8FD1261B886E3F1D397880BAE5520339E808D90B3EE3636E23CA1411C
3796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FEA6FB94-1131-11EE-B2B4-12A9866C77DE}.datbinary
MD5:078268B9C677DDE412BFDA441F295E3A
SHA256:B44C6003D218940E8FE45D3AF039E6DED516084D4275E75992DE219E25145D7E
3796iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3796iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FEA6FB93-1131-11EE-B2B4-12A9866C77DE}.datbinary
MD5:824D9D00834D3441172F309A66E0D0A2
SHA256:17C715F2A3F8F3272E4499E3E3315C49717F185CDDFD3A0C53FA55A0315BA8CA
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
3132chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
733
TCP/UDP connections
307
DNS requests
76
Threats
1 033

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
944
mshta.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/client_ip.js
IE
text
31 b
malicious
944
mshta.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/5.js
IE
text
538 b
malicious
3796
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?686c1d7047ae30aa
US
compressed
4.70 Kb
whitelisted
944
mshta.exe
GET
200
18.157.122.248:80
http://example-dwrapper.matomo.cloud/matomo.php?idsite=1&rec=1&rand=79444221&apiv=1&cookie=1&bots=1&res=1280x720&h=20&m=22&s=25&uid=45952431012023622&e_c=Wrapper%20%2F%20Errors%20%2F%20Missing%20scripts&e_a=%D0%92%D1%81%D0%B5%20%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D1%8B%20%D1%83%D1%81%D0%BF%D0%B5%D1%88%D0%BD%D0%BE%20%D0%B7%D0%B0%D0%B3%D1%80%D1%83%D0%B7%D0%B8%D0%BB%D0%B8%D1%81%D1%8C&e_n=&e_v=&ca=1
US
text
101 b
suspicious
3796
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
3796
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a2cda7c99b1cd5f1
US
compressed
4.70 Kb
whitelisted
944
mshta.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/step1_av.html
IE
html
1.42 Kb
malicious
944
mshta.exe
GET
200
18.157.122.248:80
http://example-dwrapper.matomo.cloud/matomo.php?idsite=1&rec=1&rand=93927801&apiv=1&cookie=1&bots=1&res=1280x720&h=20&m=22&s=29&uid=45952431012023622&e_c=Wrapper%20%2F%20Start%20screen%20page&e_a=Download%20button%20clicked&e_n=Start%20screen%20page&e_v=&ca=1
US
text
101 b
suspicious
3440
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
binary
242 Kb
whitelisted
944
mshta.exe
GET
200
46.137.15.86:80
http://dwrapper-prod.herokuapp.com/bin/src/variables/1.js
IE
text
1.27 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown
1476
svchost.exe
239.255.255.250:1900
whitelisted
3796
iexplore.exe
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
malicious
3796
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
660
chrome.exe
172.217.16.132:443
www.google.com
GOOGLE
US
whitelisted
660
chrome.exe
142.250.181.237:443
accounts.google.com
GOOGLE
US
suspicious
3796
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3132
chrome.exe
239.255.255.250:1900
whitelisted
660
chrome.exe
142.250.185.238:443
clients2.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.187
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
clientservices.googleapis.com
  • 142.250.185.195
whitelisted
accounts.google.com
  • 142.250.181.237
shared
www.google.com
  • 172.217.16.132
malicious
clients2.google.com
  • 142.250.185.238
whitelisted
fonts.googleapis.com
  • 142.250.186.138
whitelisted
www.gstatic.com
  • 142.250.185.131
  • 172.217.23.99
whitelisted

Threats

PID
Process
Class
Message
944
mshta.exe
Potentially Bad Traffic
ET HUNTING PowerShell DownloadFile Command Common In Powershell Stagers
1076
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1076
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
1076
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1076
svchost.exe
Potentially Bad Traffic
ET DNS Query for .su TLD (Soviet Union) Often Malware Related
1076
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP DriverPack Domain in DNS Query
1076
svchost.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Observed DNS Query to DriverPack Domain ( .drp .su)
1812
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
1812
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
1812
mshta.exe
Potentially Bad Traffic
ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PROD_Start_DriverPack.hta