Analysis
-
max time kernel
148s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28-09-2024 17:45
Static task
static1
Behavioral task
behavioral1
Sample
Driver_Updater_setup.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Driver_Updater_setup.exe
Resource
win10v2004-20240802-en
General
-
Target
Driver_Updater_setup.exe
-
Size
6.5MB
-
MD5
60eadf6552fb282c9dd437890c0b5e24
-
SHA1
11d401803530793093a7e01e54ad627d72b3065c
-
SHA256
0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b
-
SHA512
b4cc19f0ac5f333c73b1cb592276243f64ba44ba8b81e61bbf3d475c822b2faa18dad48a9795e6589c97ae12d4ff6c2de3a4d207ac3aae7ad4684d66d72916ed
-
SSDEEP
196608:Lw0d6YbAcnuLtG8ltisbd2WTXwLw/fDXGhQ/vPn:KOAlhlIslUMDXGhQ3Pn
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation PCHelpSoftDriverUpdater.exe -
Executes dropped EXE 6 IoCs
pid Process 1920 Driver_Updater_setup.tmp 236 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 1948 DriverPro.exe 3460 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe -
Loads dropped DLL 8 IoCs
pid Process 236 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 1948 DriverPro.exe 2580 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName PCHelpSoftDriverUpdater.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF PCHelpSoftDriverUpdater.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-CI8A2.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-IP7VF.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-925OL.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.msg Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-K7O3O.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-V3NL4.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-D5QMB.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-SHAEU.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-0OS6J.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-QVL2I.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-2U0RJ.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini DriverPro.exe File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-SOAEK.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-BEHN8.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-FHOJ6.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-H15HQ.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-ELNGI.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-U38FE.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-MS4SK.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-N2H1K.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MB13O.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini DriverPro.exe File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-OB3IS.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-KSI5B.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-IU24P.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-8UL5K.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-27M69.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-6GNIE.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-36PME.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MGJ0I.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-O1NNK.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-ILBPJ.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\sqlite3.dll Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-K1A8G.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-1GJEG.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-HPOOQ.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-L8Q92.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BOH3R.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini DriverPro.exe File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-LUFUA.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-B876U.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-H5V2V.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-R615K.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-JE9P2.tmp Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\is-OQBDN.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini DriverPro.exe File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll Driver_Updater_setup.tmp File created C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-SSMSU.tmp Driver_Updater_setup.tmp File opened for modification C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini DriverPro.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\INF\c_volume.PNF PCHelpSoftDriverUpdater.exe File created C:\Windows\INF\c_monitor.PNF PCHelpSoftDriverUpdater.exe File created C:\Windows\INF\c_media.PNF PCHelpSoftDriverUpdater.exe File created C:\Windows\INF\c_diskdrive.PNF PCHelpSoftDriverUpdater.exe File created C:\Windows\INF\c_display.PNF PCHelpSoftDriverUpdater.exe File created C:\Windows\INF\c_processor.PNF PCHelpSoftDriverUpdater.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DriverPro.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Driver_Updater_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Driver_Updater_setup.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language PCHelpSoftDriverUpdater.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceCharacteristics PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumberDescFormat PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UINumberDescFormat PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 PCHelpSoftDriverUpdater.exe -
Enumerates system info in registry 2 TTPs 5 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer PCHelpSoftDriverUpdater.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName PCHelpSoftDriverUpdater.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS PCHelpSoftDriverUpdater.exe -
Modifies registry class 26 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\shell\open PCHelpSoftDriverUpdater.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe,0" Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications Driver_Updater_setup.tmp Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver PCHelpSoftDriverUpdater.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\shell PCHelpSoftDriverUpdater.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes\.HDM_encrypted Driver_Updater_setup.tmp Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe\" \"%1\"" PCHelpSoftDriverUpdater.exe Key created \REGISTRY\MACHINE\Software\Classes\.HDM_encrypted\OpenWithProgids Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open Driver_Updater_setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted Driver_Updater_setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\ = "PC HelpSoft Driver Updater Protected File" Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command Driver_Updater_setup.tmp Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\URL Protocol PCHelpSoftDriverUpdater.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes Driver_Updater_setup.tmp Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\ = "URL: Driver Updater Protocol" PCHelpSoftDriverUpdater.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\pchsdriver\shell\open\command PCHelpSoftDriverUpdater.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell Driver_Updater_setup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\Extra\\DriverPro.exe\" \"%1\"" Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\Software\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes Driver_Updater_setup.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe Driver_Updater_setup.tmp -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1920 Driver_Updater_setup.tmp 1920 Driver_Updater_setup.tmp 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 236 PCHelpSoftDriverUpdater.exe 1948 DriverPro.exe 1948 DriverPro.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 2580 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe 3940 PCHelpSoftDriverUpdater.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2580 PCHelpSoftDriverUpdater.exe -
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeDebugPrivilege 236 PCHelpSoftDriverUpdater.exe Token: SeIncreaseQuotaPrivilege 236 PCHelpSoftDriverUpdater.exe Token: SeImpersonatePrivilege 236 PCHelpSoftDriverUpdater.exe Token: SeLoadDriverPrivilege 236 PCHelpSoftDriverUpdater.exe Token: SeDebugPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeIncreaseQuotaPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeImpersonatePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeLoadDriverPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeDebugPrivilege 3460 PCHelpSoftDriverUpdater.exe Token: SeIncreaseQuotaPrivilege 3460 PCHelpSoftDriverUpdater.exe Token: SeImpersonatePrivilege 3460 PCHelpSoftDriverUpdater.exe Token: SeLoadDriverPrivilege 3460 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 2580 PCHelpSoftDriverUpdater.exe Token: SeDebugPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeIncreaseQuotaPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeImpersonatePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeLoadDriverPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeBackupPrivilege 3940 PCHelpSoftDriverUpdater.exe Token: SeRestorePrivilege 3940 PCHelpSoftDriverUpdater.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1920 Driver_Updater_setup.tmp 3460 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3460 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe 3460 PCHelpSoftDriverUpdater.exe -
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 2324 wrote to memory of 1920 2324 Driver_Updater_setup.exe 82 PID 2324 wrote to memory of 1920 2324 Driver_Updater_setup.exe 82 PID 2324 wrote to memory of 1920 2324 Driver_Updater_setup.exe 82 PID 1920 wrote to memory of 236 1920 Driver_Updater_setup.tmp 84 PID 1920 wrote to memory of 236 1920 Driver_Updater_setup.tmp 84 PID 1920 wrote to memory of 236 1920 Driver_Updater_setup.tmp 84 PID 236 wrote to memory of 2700 236 PCHelpSoftDriverUpdater.exe 86 PID 236 wrote to memory of 2700 236 PCHelpSoftDriverUpdater.exe 86 PID 236 wrote to memory of 2700 236 PCHelpSoftDriverUpdater.exe 86 PID 236 wrote to memory of 1848 236 PCHelpSoftDriverUpdater.exe 88 PID 236 wrote to memory of 1848 236 PCHelpSoftDriverUpdater.exe 88 PID 236 wrote to memory of 1848 236 PCHelpSoftDriverUpdater.exe 88 PID 1920 wrote to memory of 2580 1920 Driver_Updater_setup.tmp 90 PID 1920 wrote to memory of 2580 1920 Driver_Updater_setup.tmp 90 PID 1920 wrote to memory of 2580 1920 Driver_Updater_setup.tmp 90 PID 1920 wrote to memory of 1948 1920 Driver_Updater_setup.tmp 91 PID 1920 wrote to memory of 1948 1920 Driver_Updater_setup.tmp 91 PID 1920 wrote to memory of 1948 1920 Driver_Updater_setup.tmp 91 PID 2580 wrote to memory of 3460 2580 PCHelpSoftDriverUpdater.exe 92 PID 2580 wrote to memory of 3460 2580 PCHelpSoftDriverUpdater.exe 92 PID 2580 wrote to memory of 3460 2580 PCHelpSoftDriverUpdater.exe 92 PID 2580 wrote to memory of 3940 2580 PCHelpSoftDriverUpdater.exe 100 PID 2580 wrote to memory of 3940 2580 PCHelpSoftDriverUpdater.exe 100 PID 2580 wrote to memory of 3940 2580 PCHelpSoftDriverUpdater.exe 100
Processes
-
C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\is-8LSBG.tmp\Driver_Updater_setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-8LSBG.tmp\Driver_Updater_setup.tmp" /SL5="$501E8,5854474,811008,C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:236 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F4⤵
- System Location Discovery: System Language Discovery
PID:2700
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F4⤵
- System Location Discovery: System Language Discovery
PID:1848
-
-
-
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3460
-
-
C:\Users\Admin\AppData\Local\Temp\tmp1AC6.tmp_collect\PCHelpSoftDriverUpdater.exe"C:\Users\Admin\AppData\Local\Temp\tmp1AC6.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3940
-
-
-
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1948
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
999KB
MD56de20d75ed981894ff5b8b89ccbc7499
SHA1066bfefdb6a22fcc69d8cd7b22b9b9657c4f8e73
SHA25623cc17c0e8c24f8084cd8a396e9aa33cb3e766d8b93cae54fc3857af825e7f36
SHA5121e9766a3102da84673779e6fe597a2e301d0c770754bfa943897fa5449b21403f7e0e05c110ba0b8f84b73d791ce37e5f01c3c58f8304b86bfc0fc492e604aff
-
Filesize
50KB
MD5f5b8c34947247058f621bdf996c3cc53
SHA16d306b9744feb2678a14061cb66f1e7f51a4c14a
SHA256d65a51902e7dc17956fd538e021fa7895fbcf542764948a8030e96a9ab1d6442
SHA512f4445293dfe5227f2dec56cffcae26eab5935ed9be98f71fe19ebccefcda641202245f959f25c5a9e331bbf76f382f7f5c59d52d468af732bc9acd0f6dd2d9f6
-
Filesize
17KB
MD559fdee32d3f9b78f5584b0f41b0fd6f7
SHA1cd29d4fd4868027203e05aaac7540e3b56b76ae3
SHA256030e0280563f4e6cc76dc47fa8143fe2cae26684bf657e836fa250d6a44f8710
SHA512f94e38fe71227f055830124baa9b2aa5707ff4680f527bd10a71a73f43e5888056ec83ce77bc3097ed945d89861efdf44d2450fb905388bc09c4fb00c341e2ea
-
Filesize
16KB
MD5e105e39bd46b29fc3d9c8a45cc93b1a8
SHA1e8d29b02e57e223feea62b0bae930df9af064dd1
SHA256338afdb73932bfbd15c2627df805c5838efc1a0e624e84e7311389bdfb1fd54e
SHA512873f1cb99e02885a9f85b8ced3c0dd404f652b974f421bef77e223fe590488cf1202a55f48f784793cb34f68565a31e06d52496ba3aad8b52ff1287816c1ee09
-
Filesize
5.2MB
MD598ff049770433852a64f027caa567e71
SHA11c2589dfb5bea24fb439c333f1fe7bfb9719bd20
SHA256012da8993f671af5ff41ea38577a25822268763b766b17fa88398ec23e34aee5
SHA512c569301533bf64b5072d49bcd7a82f2c57dc877158345c2c8056842b98288935aa088a96edaf5f2d955a984d8087013760307e4a18b52a5c7892269c6b3e09d2
-
Filesize
17KB
MD5094069998ccb29d5a56a4e605394a639
SHA1440b4ecbff42c32d1ea1f299001f38675ac0190e
SHA256c2b9ef60261365303b536258831c93fc1804e09e1bb01a02b010fa7878cbd22e
SHA5126e6f443e6b744e2b62989cb92e8bb7561e5ef8aaef46dea35529107bdbce028894d0e8a150fd66f7ff1b287dce086fcf3b9f8defe3b985e73ae74bfb2431d21f
-
Filesize
15KB
MD51b2ffa92f211d9d0b7cdb536e99ce4b3
SHA1ec5b4885556194540bdb4a0166adbd081b591fae
SHA25610d7845b4f5ce17da1115eb60b054adaa32f424e349b21d8a46682eecc1b835e
SHA51286ac865a88a438bb4035b0b5473354b8aecd9963a79c67f5725813a585a0b94eb1ed049903fc5e8d8495d274fd23b88bdc7ac7c263e4c18e1c2492066873fa79
-
Filesize
17KB
MD507ace8db776a5db0a639fa6be292a277
SHA111b8003a8a5382b8e3dcd3b002b9de254f4c83d4
SHA256e6524a50756ca57f607acba31184b493d04030b31455ecd7d9ecdd9f875a6805
SHA512345071223110b19bb0b06e261929be7fd9c9249e7960296ad471bd86c28c605c5f9b9c3d3bd0123e4fb6d59badf80f077882b06cd78f0d6a4a47ecc035d2a348
-
Filesize
18KB
MD5d0d011e52fb74218b602003c376d94b3
SHA13024e6bd626d6dc3a684295e733eac740d2c53fe
SHA2560895c6e68dd04cdc888e93a82b60d59d807eb24b8002c2bdc8998bacc6246bee
SHA5128ebd6f8e6dc9b987c161d44b505e29b1840442cc2b46e67239a3aa33e1fa2257b9726c36a9527e0e9f17001ca02272f7ddf5676b36ec27472936a5c8f30c8eb1
-
Filesize
18KB
MD59f25fbf2d9d6db03a387895b9ad147b4
SHA142ffa865b058e4dbe41059c5c03b09ebe41cb7a6
SHA25667d2a2452dd77fa8deda9e1d5cf5710eeadc5ef29a85b7aac690420db2cbb62d
SHA5123b935261a4180e58464886355123193edf446512ecb61b941e3cffc2062ea51399802a4873760e35696e35afedfb9e647a904927f2cf4171e64b040bc29230a5
-
Filesize
17KB
MD5123b66fc5bdda63a8bba1b580511f6ac
SHA1abba14dfa8c91c0c98a2659a9e6751cb98383921
SHA256f809d4ea37d7c1d42c5d8ffe55b1bdeaa9065b2313b53810400297f70efecd44
SHA5122a942d9cbf31b3e6a30f66c6445ffe1c18582826c0a9f1d35268e99193b590762adc9f6aa14498b39285da873ea3b6ec87a3c48a79eafe7c4c2bfdc8634910f3
-
Filesize
21KB
MD5daba71201d5e8859ff518008a23bf1fe
SHA1f583f65604c1793d90c5b4ba72145f45af0894d7
SHA256cb73b7514d23b9958735a8bfdecbd5d77571be9cc23da9bb9724b01b9116e602
SHA512d187f38e7ab632656bb5fc3baae5bbbcf521a9f612e09dd03c536bd0c03482eb7a42116380aec1bfbf2b462f88c86cd7c29cc02e4f0030f2153edabf1e031dd4
-
Filesize
18KB
MD5a1aaaf95ea726ad6d5bb5e3ec030be59
SHA1f1b2341983c7d2a0a81b7f5786865219aeb22ca4
SHA25652bac3272f720b51fad93ac34cb9f244522752e82c833c7eb6edebb960d32369
SHA512c3db2fb4378733d7cca8d7dee651cb096fc6cf01dca8203643aa8cd9a6db0f411b222321ea51aac8361e2bd732c546a6cf7eb5f7cfca5f1e34692fd1e5dfd48e
-
Filesize
16KB
MD51f35efcde6db4dec93c94bba45be4542
SHA1359a683c1c959c0ad5cf7f7ead2a463fe4747842
SHA2561902747d9c60329c5752b869c1adf85c701b533471cf3c6c980f736d7551c4c4
SHA512d243d4ecaee6ad2ef06a73291db82ca9763b1d8f7a93c0f07b2b0f7b71a85b5773cfd99962aed6b2c600d86a228a5dfdbf17aee12106e5dd6dc9fedf6505a4c3
-
Filesize
17KB
MD585a03f193e27125d605b19804b43e0bb
SHA170d28931c8f5f19b59b1e719f1183a79f69efa62
SHA2564805389183887f3636646cb5897371bccf7d683b4e7cbd50e35d2675e1d7fac2
SHA512591c555a75ef380048583a4cda16888b2005dd103edfa2b4aea0b8aed459102f3a6781d34e4a2f533b25faaabefa980aafb546bdf743a55febf03c72c6000fb0
-
Filesize
17KB
MD5b95d52afe2aa053c0096a2567bd3e381
SHA19fd928fb9af44e30fc8bddcba4f42a319b567666
SHA2560e1c55e1acffc117656b552e9dc9fcab1bb5d4c8d15fdfaadedafe21222c0aea
SHA5125d6fefdab72dc5edae981a52a809eb840bdfb6f834f7881a7ac95d99fb4692e8ee1b66709696020564cd3f3c4bf13b1b2d01228f924272c8097dee7e02a3add1
-
Filesize
25KB
MD5f1e275534fe7d59ad3bebfda230d7370
SHA1cc11725efe67239f62e0d3ae063a27576ef67db3
SHA256c9e0b64103422fdc3f6a31ec2300b58e9540cc21346a0620c9f0901d16bdc405
SHA512b6045f90ee2e16d15a321c149beab0d91f6e4603a9582d1efabcccdaff53bb0aca8a7ca34219b19511f9a649b11fe35cc41ecb41989c29702470d1decf5496c1
-
Filesize
126B
MD577d8771a751ba0d495200f339872ef85
SHA1533acd0f129881feaa756fb79dde5d023f6bcede
SHA2560166b6cd9fa3a3b030681c23b3d2399148a9ae0fa945ea5c39ff0b87f18098a9
SHA5129bdd6655e27b36954fd6127a75bfee92d49ae7d1d553c44f6f67592ebfd147a4c0791b2bdabaa2657916c4621212b20bbb913499fbe3653584de099fd5cd01d7
-
Filesize
17KB
MD5839235142fedcf6eaacda727ab05dcb5
SHA199d860c34452d31d3c69f37bdb826bb9b45ab478
SHA256802b866f10646fef8facf3b5b45b714f800aa03a582c76c06d4b9cfe7e164c82
SHA512c145a8386e41aa9427d7a896aba5c6024daa3d9c2f2041325dc72b5c991aa43c24db0cb29138f0c91833c00528912ec787a5295fb832a8764c1e5f11b71a2dae
-
Filesize
16KB
MD51aab81548ef8bfb11b1e81bebee4f19f
SHA1073a5e57c51153da9454f3097f35f4213fc15d18
SHA2560b5578d884c760c2d1e4c2d4fb16459f15bc3871a55320e58e1d9d3bfe5a4bbd
SHA512f84cca8cc024a2c4427f9479aa719a1d0534053aa2dca7d4abd9fe759b32dea3cb91cbdad44d7e0b45f6c04515e3025d4a198704d826071d174e0fec92b71865
-
Filesize
8.2MB
MD521a4dadd5686773fe0ef880c22f07d38
SHA16236e9ec7eee10d95b3055a5e473fd2656898469
SHA25676ec2ea23b6d6cfd69699822a95e9032b9ef8100df19be91357c4e71a1f33b37
SHA512e8dc6bec5347f6d83cdab1df7683abc0d563603ea08dcd5acccbdb6ac3a6efdbaa88dbdff5c257251eaa1c5311947a581d4a2bd506cbf3fbddba1e46471683c9
-
Filesize
960KB
MD511a813c0972b740937d3a7e2daf9ffcb
SHA14245b5a3c97f725c56a29d745767edebb5e3f15d
SHA2563f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9
SHA5129a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941
-
Filesize
640KB
MD5842e8edbfbeffb9ef234a2da6d5980fe
SHA1f76e944e5ac3c489d987a11a313b41dee3e813f3
SHA256ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3
SHA5121ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4
-
Filesize
398KB
MD53892af3a2540cf8567d89f5e52837d6c
SHA19f52ec519d454d32a8b446b54b547cbff81cf4bf
SHA256db6383d6291c8842131ab741217ee4a22685ed87934aa470a22d0c755aa52e37
SHA512d97ddf70c1f7609def62ba66a0721f0a815ad014c071bf514ab048ea4d7495ad23b8f5e149f0aae17144be3fa8612e1e253acc0a11889673fbc19d6c60e4473d
-
Filesize
3.0MB
MD5dfd93de42e9578134afa014f60acbe36
SHA19a0e08fd5122a5f7688b05868aa51e4e2c69a647
SHA2569d2d3263a5b32dbb2dd9532aa571c1e07da9a2df228e5389872df126126bdabc
SHA5124b6858c06a93e107e9854d4e5892da171d28c069fe7cea465c66e9e5dbb98285d165bf50281d8d00390263b99323222bc7c87017bb24c90c6529a3406faa0100
-
Filesize
97KB
MD55b52ddf4882a37831f08130bc5670afc
SHA169d95949501e855bb058c1bcc2114d816f0f15ec
SHA256b726b6ef93303b83e16243cc093569d89e4fb1a0a6a93cabe6db9a29c795f386
SHA5125ad33cc93c40c03c9708203d765cd1001a7edebb359e729339146cb788970f7d6f0f787b7c2db6272a7e068035bbcf67b42278150b9bd47548a7c09dbde2660b
-
Filesize
4KB
MD5fc5d782ad49b4fc6dd0dd502f91f5ee0
SHA11144a1f03a2771ec06c55cbb1db90a241738e54f
SHA2567f98f6c4a6543cfb0a583de065106970f9751f0689c5fa717d69d83573e01be1
SHA5120a30b033ed1402ad07876d627807d6e6fb4cd4ab02b27e7c27e20f43071c0744e4c631a9d147e9d502dad20079cf8d6ee4d22b33ad4ba3d50541bd5f6a595598
-
Filesize
6KB
MD56aab5b0db5ed01864deea47c78371108
SHA1487bf11cde6e19f0a8663b385d7f98564ce1fa56
SHA25690785f9ceb4f70ba2a136f9476fe373e12e8d46c44a4f712b90c844d14ad0cb7
SHA5121303f42841098a04819e48c7866485a186c99e1a932ee7b2d1507486db9040b1fe79c332f0cbfb8dd1a0cdfa9bfd34532c45576691f368951f343bc13e98954e
-
Filesize
227B
MD50fa2193517cf9bfe43a94f464ad9053b
SHA17b8501bf0184a2e880f95ec134f092292c6686a3
SHA2568e5ba0a8edeb55242a609cf3921fa7eeca4d4fad093f65ed6dba2a7e4e2a1c1d
SHA512bd5f8a46df8bbaca63968963761cadb41430d80548d2fe5e4fe101fb6adc1884e19212504872d2dcc91a9dd903ad330c273b93249bd53befda4175c98822555b