538ccbe8745dc8fc45223275cf4e69f9a7085421db413b795b085400cde146f4

Resubmissions

10/10/2023, 09:28

231010-lfbk3see67 4

10/10/2023, 09:26

231010-leew4see64 4

Analysis

max time kernel
45s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverEasy_Setup.exe
Size

5.2MB
MD5

acf113bdc4583a106696935f4eb019ee
SHA1

0aefa5323925bd97bce4ad1e5b604d5ba9e298f8
SHA256

538ccbe8745dc8fc45223275cf4e69f9a7085421db413b795b085400cde146f4
SHA512

3bc511dca2a2fc3bcd46d6f463a8ce5758e461c802be9e3dac84231174ae814a74b4c0a47bfe321c0a3ad3b6a08be91c9fa75aae56af64d82f701d44a4cbdf43
SSDEEP

98304:mkLr0aoU84dsrPvhD5zsevxSS3tYHPeeT/r+v1zb7:RI54+hlzp9EVivNb7

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Easeware\DriverEasy\DriverEasy.exe	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.ConfigLanguageFromSetup.exe	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Core.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\HardwareInfo\HardwareInfo64.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\SevenZipSharp.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.CheckScheduledScan.exe	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Easeware.Driver.Backup.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\7z\7z86.dll	DriverEasy_Setup.tmp
File opened for modification	C:\Program Files\Easeware\DriverEasy\Interop.WUApiLib.dll	DriverEasy_Setup.tmp

Executes dropped EXE 1 IoCs

pid	Process
1228	DriverEasy_Setup.tmp

Loads dropped DLL 5 IoCs

pid	Process
1228	DriverEasy_Setup.tmp
1228	DriverEasy_Setup.tmp
1228	DriverEasy_Setup.tmp
1228	DriverEasy_Setup.tmp
1228	DriverEasy_Setup.tmp

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2212	1228	WerFault.exe	86
2112	1228	WerFault.exe	86

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1228	DriverEasy_Setup.tmp
1228	DriverEasy_Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 1228	3820	DriverEasy_Setup.exe	86
PID 3820 wrote to memory of 1228	3820	DriverEasy_Setup.exe	86
PID 3820 wrote to memory of 1228	3820	DriverEasy_Setup.exe	86

C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Users\Admin\AppData\Local\Temp\is-1ION0.tmp\DriverEasy_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1ION0.tmp\DriverEasy_Setup.tmp" /SL5="$401F2,4429772,1057792,C:\Users\Admin\AppData\Local\Temp\DriverEasy_Setup.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 1080
    3⤵
    - Program crash
    PID:2212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 1100
    3⤵
    - Program crash
    PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1228 -ip 1228
1⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1228 -ip 1228
1⤵
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\background_installing.png

Filesize
21KB

MD5
01acdcceac1f70fdd485fe5f634d38fd

SHA1
59797b45a0fa77ae84d38744b274a41aff49fec9

SHA256
29cc4235d79581dc85bce06183738f4562c4f9e5e35ce3f1c55366fcfc25d38b

SHA512
364b533b98ef7825f86939f36878d1615647b1480e8320cecbeb9ef629a5668df8629dcfc89d56cfcbe8e7840791015551a112c9a906142372e6178088c8ab8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\background_messagebox.png

Filesize
1KB

MD5
1549ea2cf00358fb791db13bcb773501

SHA1
ed199cb343304bfc7116ce4755d6f7ff7b6304d1

SHA256
d9cd2cee2f362d1388513d5da6031259ff9ce97e0f13a992c50077e8eaf33e54

SHA512
a2892c12f5eaccc4216e8aa5a5a88f3a0ebdcebb142f145e218c5d94697e127eba613d2bafdc82700064714035df9a8420cabceddb65ea4ad6cde339c5af0a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\background_welcome.png

Filesize
10KB

MD5
f048154d9062a3c2f147b6380ce6f3ac

SHA1
5abfa577139f41e7f28769f98304b878ad3df696

SHA256
1d537619ea6508a383387d88e523522436e86dc72b929680e1552b10e44cf0f6

SHA512
4875070a599a2afc5d8f6f4b0803397e1fc425807af90d377270b857da5631a78c9a61442572229c63891b7a5ecd96dcd8fc06329988dc6a97eec7db926e3e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\btn_browse.bmp

Filesize
14KB

MD5
a14d38bcad591c0f1a3cf9f5f77e3000

SHA1
268665e61ff92a50f8060cb09fc1e1baa9dd16ad

SHA256
1642d5ba407ad652fae4a4d10a00fc1c0728d94a6ef75a8d0901a2b315f1677e

SHA512
e7527dab0a030bf9913528f7e7261e2be03bbcb6342b61e69d16b3ae1fcbec8e53f376ae9e4866aff6efae840f1578549e4034df852a260d7530583449a5598e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\btn_install.bmp

Filesize
70KB

MD5
447126e21ba415d65a71e514987d08ed

SHA1
3c88bcd409acc7a239159cd658df50c79bdfddf1

SHA256
1d0bc1f1d4ac68ecd6420a3031803620d5bfcb71dec93ad4f74e4cd1ee1be6c3

SHA512
82cf2b1299cb85b88970111464f6cd2572e5cb4518aaa894bb5189e45616cd8cdce3fd260deaaa6b71f2a570883d09fb7cc4268d3116dde96b10f100a74244f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\button_browse.png

Filesize
2KB

MD5
c7c746fcc5542d734a3860b425ac6a1e

SHA1
fbec196d3b5b64ef14e10f6583c51206436f46cb

SHA256
7cdac82567cdd9719a83bcb62c098c6d2b19d115f10e3db2b164b5f3b0ed1f89

SHA512
e541b97fa6a6044ee95dde3b6f2d6232c4f1bf96c490eacce9be76eebdd760eacdb1b36fd4b720ca206a5e9ddea0870e0eae7b514f0edfdf0fdd80c594b677b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\button_close.png

Filesize
1KB

MD5
5f6a7af5eca52aa134a4a06832a5d005

SHA1
25ad7d62392ac4007e1ed1139e319edd14597f62

SHA256
7d9ef408ad2520d62d4389c957e105d3fabf14697d2846b77e4fc488fbb84535

SHA512
4001faa3b99fb852991106846889bf6e16b50c2977e6cf7749a89f1925f0e70f9265688dcb10376ed77d07a816f80e6484273877ad726ed046ca1c49a4e71ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\button_minimize.png

Filesize
1KB

MD5
0327da652758a468b4a782e3392eb72b

SHA1
58fda11c77fd75c42142cbaf5a33c22d984da76d

SHA256
a1c151e746184ba06e9ff178b4134fc8763f64a53d017486cbfb5b2a9af36ca0

SHA512
07a3f282e64e4aa163052242747e10a0b3c0aeb8c70077840c6a00c3149025a95d0a4a21b43dfb546e274aa8354d71d3451e199fa7a8b35b7be3e9da714e4fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\button_setup_or_next.png

Filesize
5KB

MD5
b9e4b8247138afe12ae2157b20628de9

SHA1
7814f463723eea931c4c139bf6bb01bd0349d0c8

SHA256
7877a7839c12c635271f4f03b980f80cb2cdd19b9c660e706edac85f2ca50022

SHA512
7a612b1dc28fccdc8c47d0f68afa530dfccaa5c657a109cf1927ec983b6090bc3ddab8fed0826dbf4f5319d84fa4b2ba70714c9bd3027272d7dc334f3e3e4e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\checkbox_license.png

Filesize
2KB

MD5
b66aff516f0d0b51ac1330ad38f0da68

SHA1
3c7454547eb33669609f91716ae4cee0e4fbbb9b

SHA256
e76216c1183152853638f804170efebe8d061d11c30ea9bf9e6ed1a9fcc6afed

SHA512
b1ec90c4a69bc45fa59eeb27adc8ce168209fdf1653fbafee5775e76719c5a170e9eea1cefbd70837cc518d0ce86078a43a12dfa415514c0d96ff462dd670435

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\icon-info_60x60.png

Filesize
3KB

MD5
1df20e390976ad57765f1449e07cfd72

SHA1
065e56256389918977f6fafb08dcc700572b9667

SHA256
7a07b728ebede2cf1b4e81a50b7f5f9beae0975d4909c889e0d650472016663b

SHA512
24465bd65a39c3631a2c4b8709fbb09b279bc21d2056cc21bec4253787ff5a60662b5869b0e912ed529f280745b0436f9b76ae0370625dc41aff03995d9a5b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\icon_custom.png

Filesize
1KB

MD5
39ab68a67302e28f0ae08ec418890d2e

SHA1
f3499299e54d05fff2ff8b888a1aacefa8f4e5fc

SHA256
a22aa447e1f620098e969d56688e79cc4b3b729afe83a13468e86cd2927545df

SHA512
efe3bbb6769bc9a694b994303bc56f566b2b532f31cc067d137df972d332c18541513327440f914671ec1253b3d0827ac6a3be1eb5c81f921ffe128587ecff39

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\icon_uncustom.png

Filesize
1KB

MD5
5a7f3314fbd8a3db765394798bc8a9ce

SHA1
2b48d22c07be26ac653e5ed30b8e816f96914345

SHA256
2f67d842567176b42176784bb001ec63e3d84685fa35aebe5c23db20a969d427

SHA512
d371ba564494c05d5fda955b1c6665473637b6d7bc0fe8c26ca57ec2133cc9664dab2bb4a5cdb02b2886ac94d64629f7af2edcbb7362ef4aedd53956ed31f824

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\progressbar_background.png

Filesize
271B

MD5
8590e035e72584ca56eba6a9dfb23a33

SHA1
ed65e65a189b1f1e1e8e2322989742c27cd66c0c

SHA256
c5267ffea02e06c538c8be10b1b83513830d6390a069761d10a4b67d9e684f0b

SHA512
ac15c3f675766d3c4b70b4a49138e610873bf10086f83277ba88ca4b8b5f8de6eeea74957c82c63d92b662f19c72673bf397c789d4571db725c6de14b60047e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0PPSR.tmp\progressbar_foreground.png

Filesize
396B

MD5
1432db7bb8b975c28f110a373d9efe94

SHA1
2012c2f48f43c1a784536fedc5489a65a839012a

SHA256
add59e97c665f0b2e91ed46a9e229320ca3b99f64fc09a54fd5456a8d906f82a

SHA512
330be9944f137fc950111092beefa64a2e5c2a14278dce6d077c07ffd403723b08015ebafcbba96c7afaccd4e66029549536a5327b5d9f789b644a1083bd4f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1ION0.tmp\DriverEasy_Setup.tmp

Filesize
3.2MB

MD5
945fcb7a7fd86c96a36bec419f528d1f

SHA1
aa85b0080c1960d6d6fe42aeb455fc8841fcd55d

SHA256
c9d52631073331262504a87c2d8f10be1f56d45f8ce837c886970d0f706a287c

SHA512
f042340b1dd05377de9bd7673657cc3a920085e740f3fd1f673baeaf097a6cacd63918269837b01d6b3cb2ae8b9dd59134369b8b1ecbe4b959886ff84b6234aa

Download Submit
memory/1228-6-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/1228-162-0x0000000005870000-0x0000000005970000-memory.dmp

Filesize
1024KB

Download
memory/1228-84-0x00000000037F0000-0x0000000003805000-memory.dmp

Filesize
84KB

Download
memory/1228-75-0x00000000037E0000-0x00000000037EF000-memory.dmp

Filesize
60KB

Download
memory/1228-178-0x0000000005870000-0x0000000005970000-memory.dmp

Filesize
1024KB

Download
memory/1228-180-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/1228-220-0x0000000000400000-0x000000000074A000-memory.dmp

Filesize
3.3MB

Download
memory/3820-1-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/3820-179-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/3820-223-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download