Edit tour

Windows Analysis Report
driver-hub-install__28.exe

Overview

General Information

Sample name:	driver-hub-install__28.exe
Analysis ID:	1660957
MD5:	1e2a89380ef83f62ffc6b5d8e18faf99
SHA1:	9fc43a6cead44c293219b2fd82ec507802ef5ed8
SHA256:	c586260cfe3c13267d678b53b97e64a521f86a45a730bbcdccec51467bd909da
Tags:	exeuser-rollcalcifer
Infos:

Detection

Score:	42
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

.NET source code contains potential unpacker

Uses Windows timers to delay execution

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Potential time zone aware malware

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

driver-hub-install__28.exe (PID: 1292 cmdline: "C:\Users\user\Desktop\driver-hub-install__28.exe" MD5: 1E2A89380EF83F62FFC6B5D8E18FAF99)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: driver-hub-install__28.exe

Virustotal: Detection: 8%

Perma Link

Source: driver-hub-install__28.exe

Static PE information: certificate valid

Source: driver-hub-install__28.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Installers4\DriverHub\Installer\obj\Release\DriverHubInstaller.pdb source: driver-hub-install__28.exe

Source: driver-hub-install__28.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: driver-hub-install__28.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: driver-hub-install__28.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: driver-hub-install__28.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: driver-hub-install__28.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: driver-hub-install__28.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: driver-hub-install__28.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: driver-hub-install__28.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: driver-hub-install__28.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: driver-hub-install__28.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: driver-hub-install__28.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: driver-hub-install__28.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: driver-hub-install__28.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: driver-hub-install__28.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: driver-hub-install__28.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: driver-hub-install__28.exe	String found in binary or memory: http://www.gimp.org/xmp/
Source: driver-hub-install__28.exe	String found in binary or memory: https://api.az-partners.net/apps/driver-hub/offers
Source: driver-hub-install__28.exe	String found in binary or memory: https://api.az-partners.net/apps/driver-hub/payload
Source: driver-hub-install__28.exe	String found in binary or memory: https://api.az-partners.net/storage/offer_settings/
Source: driver-hub-install__28.exe	String found in binary or memory: https://github.com/neolithos/neolua
Source: driver-hub-install__28.exe	String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244066_89d678f2be164786b292527658ca1605
Source: driver-hub-install__28.exe	String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244068_89d678f2be164786b292527658ca1605
Source: driver-hub-install__28.exe	String found in binary or memory: https://ru.drvhub.net/info/user_agreement
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exe
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exephttps://www.az-partners.net/storage
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.az-partners.net/storage/vs/VC_redist.x64.exe
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.az-partners.net/storage/vs/VC_redist.x86.exe
Source: driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.drvhub.net
Source: driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.drvhub.net/info/how_to_delete
Source: driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.drvhub.net/info/privacy_policy
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.drvhub.net/info/privacy_policy-https://www.drvhub.netShttps://www.drvhub.net/info/how_to
Source: driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.drvhub.net/info/user_agree
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.drvhub.net/info/user_agreement
Source: driver-hub-install__28.exe	String found in binary or memory: https://www.globalsign.com/repository/0

Source: driver-hub-install__28.exe, 00000000.00000002.2543719600.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs driver-hub-install__28.exe
Source: driver-hub-install__28.exe, 00000000.00000000.1297832392.00000000004E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDriverHubInstaller.exe4 vs driver-hub-install__28.exe
Source: driver-hub-install__28.exe	Binary or memory string: OriginalFilenameDriverHubInstaller.exe4 vs driver-hub-install__28.exe

Source: classification engine

Classification label: mal42.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Mutant created: NULL

Source: driver-hub-install__28.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: driver-hub-install__28.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: driver-hub-install__28.exe

Virustotal: Detection: 8%

Source: driver-hub-install__28.exe	String found in binary or memory: sc-install
Source: driver-hub-install__28.exe	String found in binary or memory: supportedLangs/Installer.Texts.{0}.txtlang
Source: driver-hub-install__28.exe	String found in binary or memory: /install !/{0}={1:0},{2:0}
Source: driver-hub-install__28.exe	String found in binary or memory: /{0}={1}+application:installed]/DriverHubInstaller;component/installpage.xaml
Source: driver-hub-install__28.exe	String found in binary or memory: lang/{0}.json/LoadView {0}: {1} - {2}
Source: driver-hub-install__28.exe	String found in binary or memory: ,(images/installer.ico
Source: driver-hub-install__28.exe	String found in binary or memory: om de software-installatie te annuleren.

Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: windowscodecsext.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: icm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: driver-hub-install__28.exe

Static PE information: certificate valid

Source: driver-hub-install__28.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: driver-hub-install__28.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: driver-hub-install__28.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\Installers4\DriverHub\Installer\obj\Release\DriverHubInstaller.pdb source: driver-hub-install__28.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: driver-hub-install__28.exe, Lua.cs

.Net Code: RtConvertValue

Source: driver-hub-install__28.exe

Static PE information: 0xF0188D27 [Sat Aug 24 00:00:39 2097 UTC]

Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\driver-hub-install__28.exe	User Timer Set: Timeout: 125ms	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	User Timer Set: Timeout: 1ms	Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Memory allocated: F00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Memory allocated: 2900000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Memory allocated: 4900000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Window / User API: threadDelayed 374

Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Users\user\Desktop\driver-hub-install__28.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\driver-hub-install__28.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\driver-hub-install__28.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Software Packing	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Timestomp	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
driver-hub-install__28.exe	8%	Virustotal		Browse
driver-hub-install__28.exe	8%	ReversingLabs	Win32.Malware.Rostpay

Source	Detection	Scanner	Label
https://api.az-partners.net/apps/driver-hub/payload	0%	Avira URL Cloud	safe
https://www.drvhub.net/info/privacy_policy	0%	Avira URL Cloud	safe
https://www.drvhub.net	0%	Avira URL Cloud	safe
https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exephttps://www.az-partners.net/storage	0%	Avira URL Cloud	safe
https://www.az-partners.net/storage/vs/VC_redist.x86.exe	0%	Avira URL Cloud	safe
https://www.drvhub.net/info/how_to_delete	0%	Avira URL Cloud	safe
https://www.drvhub.net/info/privacy_policy-https://www.drvhub.netShttps://www.drvhub.net/info/how_to	0%	Avira URL Cloud	safe
https://www.drvhub.net/info/user_agreement	0%	Avira URL Cloud	safe
https://api.az-partners.net/storage/offer_settings/	0%	Avira URL Cloud	safe
https://ru.drvhub.net/info/user_agreement	0%	Avira URL Cloud	safe
https://www.az-partners.net/storage/vs/VC_redist.x64.exe	0%	Avira URL Cloud	safe
https://www.drvhub.net/info/user_agree	0%	Avira URL Cloud	safe
https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exe	0%	Avira URL Cloud	safe
https://api.az-partners.net/apps/driver-hub/offers	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.az-partners.net/storage/vs/VC_redist.x86.exe	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net	driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net/info/how_to_delete	driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net/info/privacy_policy-https://www.drvhub.netShttps://www.drvhub.net/info/how_to	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
http://www.gimp.org/xmp/	driver-hub-install__28.exe	false		high
https://github.com/neolithos/neolua	driver-hub-install__28.exe	false		high
https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exephttps://www.az-partners.net/storage	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://api.az-partners.net/apps/driver-hub/payload	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net/info/privacy_policy	driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net/info/user_agreement	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://api.az-partners.net/storage/offer_settings/	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://ru.drvhub.net/info/user_agreement	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244066_89d678f2be164786b292527658ca1605	driver-hub-install__28.exe	false		high
https://www.az-partners.net/storage/vs/VC_redist.x64.exe	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://api.az-partners.net/apps/driver-hub/offers	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown
https://www.drvhub.net/info/user_agree	driver-hub-install__28.exe, 00000000.00000002.2544492731.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244068_89d678f2be164786b292527658ca1605	driver-hub-install__28.exe	false		high
https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exe	driver-hub-install__28.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1660957
Start date and time:	2025-04-09 16:53:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	driver-hub-install__28.exe
Detection:	MAL
Classification:	mal42.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 184.31.69.3, 4.175.87.197
Excluded domains from analysis (whitelisted): c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target driver-hub-install__28.exe, PID 1292 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.6086240138828485
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	driver-hub-install__28.exe
File size:	758'440 bytes
MD5:	1e2a89380ef83f62ffc6b5d8e18faf99
SHA1:	9fc43a6cead44c293219b2fd82ec507802ef5ed8
SHA256:	c586260cfe3c13267d678b53b97e64a521f86a45a730bbcdccec51467bd909da
SHA512:	66ac5eb0bec7b1c3dbb19e2ef6f0baaf002114ce8b785c14901f9f135cb71667fb19357674274a247650bb2b03df381ac1e341c1a97b25c27a3e9938f72b43f8
SSDEEP:	12288:Nand2ZDdcaUJWfY275L/mLb93fEUUWYeANTrGoxCpIW:Ni0cb2x/mLlEU1FpB
TLSH:	0AF49D6467ACA52FD4EE8779E060092593B2EC227797D70B386CF1F92FB23458D01263
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'............."...0..X..........&w... ........@.. ....................................`................................

File Icon


Icon Hash:	0f33d470d054130e

Static PE Info

General

Entrypoint:	0x4a7726
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xF0188D27 [Sat Aug 24 00:00:39 2097 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	03/10/2024 16:29:45 18/11/2026 13:27:26
Subject Chain	E=support@rostpay.ru, CN=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, O=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, STREET="\u041f\u0415\u0420 \u0414\u041e\u041b\u041e\u041c\u0410\u041d\u041e\u0412\u0421\u041a\u0418\u0419, \u0417\u0414. 70\u0414, \u041a\u0412.1(10 \u042d\u0422\u0410\u0416)", L=\u0420\u043e\u0441\u0442\u043e\u0432-\u043d\u0430-\u0414\u043e\u043d\u0443, S=\u0420\u043e\u0441\u0442\u043e\u0432\u0441\u043a\u0430\u044f \u043e\u0431\u043b\u0430\u0441\u0442\u044c, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	2A01D734F5D2C864DABFE4AB65376F45
Thumbprint SHA-1:	8A98D1F804E5599C5AE52C82CA4272544BFE5616
Thumbprint SHA-256:	E304C2E17DC7D3473C02B7D635536456BEE1B96194ACEDBBD22134CA7128A502
Serial:	166365249E2E735D2CE3A81A

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
and al, byte ptr [eax]
cmp al, 00h
add byte ptr [eax+eax+3Ah], bh
add byte ptr [edx], ch
add byte ptr [edi], bh
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax+eax+2Fh], bl
add byte ptr [eax], cl
add byte ptr [eax+eax], cl
or al, byte ptr [eax]
or eax, 2E000900h
add byte ptr [ebp+00h], ah
inc ebp
add byte ptr [eax], al
add byte ptr [esi], ch
add byte ptr [ebx], ch
add byte ptr [ebx+00h], bl
sub al, 00h
and byte ptr [eax], al
or dword ptr [eax], eax
or al, byte ptr [eax]
or eax, 2B002E00h
add byte ptr [eax], ah
add byte ptr [ebx+00h], bl
pop ebp
add byte ptr [eax+eax], ch
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
pop esp
add byte ptr [edi], ch
add byte ptr [edx+00h], ah
add byte ptr [esi+00h], ch
jc 00007F0F94BF0702h
je 00007F0F94BF0702h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa76d2	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa8000	0x10a48	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xb6800	0x2aa8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xba000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xa763c	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa5784	0xa5800	a07dbec82c17b3dbd9de6bacfeb22d4e	False	0.46496176359516617	data	6.490728528341205	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa8000	0x10a48	0x10c00	227647245a2cc56a1b8c5044f0718c36	False	0.6939132462686567	data	6.935790585216369	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xba000	0xc	0x200	4ef1d3277bf434c966b5421526aa31a3	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xa81a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.8085106382978723
RT_ICON	0xa8618	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	0.6893442622950819
RT_ICON	0xa8fb0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.5968574108818011
RT_ICON	0xaa068	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.4358921161825726
RT_ICON	0xac620	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.3530940009447331
RT_ICON	0xb0858	0x7bfc	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	1.0005040957781979
RT_GROUP_ICON	0xb8464	0x5a	data	0.7777777777777778
RT_VERSION	0xb84d0	0x378	data	0.43018018018018017
RT_MANIFEST	0xb8858	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription	Install DriverHub
FileVersion	4.0.9.0
InternalName	DriverHubInstaller.exe
LegalCopyright	ROSTPAY LTD. All rights reserved.
LegalTrademarks
OriginalFilename	DriverHubInstaller.exe
ProductName	DriverHub
ProductVersion	4.0.9.0
Assembly Version	4.0.9.0

• driver-hub-install__28.exe

Click to jump to process

Memory Usage

• driver-hub-install__28.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Target ID:	0
Start time:	10:54:04
Start date:	09/04/2025
Path:	C:\Users\user\Desktop\driver-hub-install__28.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\driver-hub-install__28.exe"
Imagebase:	0x4e0000
File size:	758'440 bytes
MD5 hash:	1E2A89380EF83F62FFC6B5D8E18FAF99
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00E6E164 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 188b09588d4ea2e73c6532513d76b79e912a9218043cc1d56aeaba32133ade42
Instruction ID: c7bbba05c40a18417ff2f6cf631e97fab63073905f162e25d3dd65b3f0af4fd0
Opcode Fuzzy Hash: 188b09588d4ea2e73c6532513d76b79e912a9218043cc1d56aeaba32133ade42
Instruction Fuzzy Hash: 5B31D176540200EFCF06DF54E9C0F16BF6AFB48354F24C598EA095A2A6C336D852DB61

Function 00E6EC38 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b07045adca85b3796f936cb39a988c7542a91dbda539db43fc66d16e66ffca3
Instruction ID: 56f5815753185a4623194096197a159292a91ad729f6abb17ef4179023eb18c2
Opcode Fuzzy Hash: 1b07045adca85b3796f936cb39a988c7542a91dbda539db43fc66d16e66ffca3
Instruction Fuzzy Hash: BE310676140240EFCF169F54E9C0F56BF66FB88364F248598ED091E296C336D862DB61

Function 00E6EB3C Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479d2d0c877e136462b2fb3ea3e12e92985feaf499e496cdd832c35e3b51dd11
Instruction ID: 7dd4b5b919531ef2db7a6ef4e707074049278fd09913c23cc01892fddbed9009
Opcode Fuzzy Hash: 479d2d0c877e136462b2fb3ea3e12e92985feaf499e496cdd832c35e3b51dd11
Instruction Fuzzy Hash: 80210776140240DFCF169F54E9C0F66BF66FB88324F24C6A9E9091B396C336D816DB61

Function 00E6D728 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdd5e04fd1adc277b8041d271ebdf77e35cce80c5aed7540adf18497c293498c
Instruction ID: 0ed2280a5fcfafed39460ecfd1b6eeb3ccdd74daff1004db3e8ca7af4da6101b
Opcode Fuzzy Hash: bdd5e04fd1adc277b8041d271ebdf77e35cce80c5aed7540adf18497c293498c
Instruction Fuzzy Hash: 7C210776A44240DFCB06CF14EDC0F16BBA5FB88314F648199E9091A256C336E816CB62

Function 00E5D06C Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544058880.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e5d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96544f2e8d53149b8674c86adbe39721da89cae905143506b5e3831a3f503a9
Instruction ID: ec561d0a6c519c55c1eeeb9da13606beff19ffac5e735a412870ff28f9bfb669
Opcode Fuzzy Hash: d96544f2e8d53149b8674c86adbe39721da89cae905143506b5e3831a3f503a9
Instruction Fuzzy Hash: FD214B71108200DFDB25DF54CDC0B16BF66FB88315F24C959ED091B246C33AC81ACB61

Function 00E6D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea0c32d6f860c9422ee641578b4bee6df322ffe42abede9fd05e73fb9c094021
Instruction ID: 2c37a097c4b98319fb95d8e84d81ae6d163b68c1ec6760e53cc0c4a79545a51d
Opcode Fuzzy Hash: ea0c32d6f860c9422ee641578b4bee6df322ffe42abede9fd05e73fb9c094021
Instruction Fuzzy Hash: 28213775A48200DFCB55DF14E9C0B26BB66FB84318F64C56DE8095B286C33BD807CA61

Function 00E6EC33 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae25cc4c6c0ce843965d4de99a9ce12ca8bceefaf43ca059b28b88edd01ddf4
Instruction ID: 6b1f986ac4377e551bb359b1778a4163a863225ebd1b629b3b663325594ebd7f
Opcode Fuzzy Hash: fae25cc4c6c0ce843965d4de99a9ce12ca8bceefaf43ca059b28b88edd01ddf4
Instruction Fuzzy Hash: 0E21B076400280EFCF16CF50D9C4B55BF72FF88314F248699ED090A66AC336D866DB91

Function 00E6E163 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e159c2fb81f64d52c06beabc6eb05fba9a7456960026635c307f4399719045
Instruction ID: fbf208a684c9b53bf9a80601356cac203998e3c14a6f4a8f7ad869edde4d7b76
Opcode Fuzzy Hash: 59e159c2fb81f64d52c06beabc6eb05fba9a7456960026635c307f4399719045
Instruction Fuzzy Hash: 47216A76540240EFCF16CF90D9C0B15BF66FB48318F24C699EE094A26AC336D866DB51

Function 00E6D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 316a0bc424d71339aad71ded6577d9af752f6d7c88266edd10e56aed66282dc4
Instruction ID: 38524fc5aa58f29397398636fba25ec3946d0bfa92ec44822650bf1e6c3ac7f6
Opcode Fuzzy Hash: 316a0bc424d71339aad71ded6577d9af752f6d7c88266edd10e56aed66282dc4
Instruction Fuzzy Hash: F121537554D3808FD712CF24D994715BF72EB46314F28C5EAD8498B6A7C33A980ACB62

Function 00E6EB37 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a4924debeb990ac37759e377343a723b8dd91f4f828dd1702c500c944105ed
Instruction ID: 1095344eb3ea3d3cbd1332c0a45399b670e0218689b546f48172c07fa80178a1
Opcode Fuzzy Hash: e1a4924debeb990ac37759e377343a723b8dd91f4f828dd1702c500c944105ed
Instruction Fuzzy Hash: 6B21BE76400280DFCF16CF50E9C4B56BF72FB88314F2486A9ED095A25AC33AD826CB51

Function 00E6D723 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544117864.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e6d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b24f8b1b2c0e3626798238a4cb87e93635092a32222078ca25a79eda8c8907
Instruction ID: e9737d6c1f7642593275843906f46dbcecdc664f5e63c8ad7dd0a22bda04ad01
Opcode Fuzzy Hash: 19b24f8b1b2c0e3626798238a4cb87e93635092a32222078ca25a79eda8c8907
Instruction Fuzzy Hash: DB219376944244DFCF06CF14D9C4B16BF72FB88314F248699D9095B656C33AD816CB52

Function 00E5D067 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544058880.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e5d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01570a33358f243c1685e7eb152a28e707e3e6d6068a0eb51633985eb97d5675
Instruction ID: 8e74d780ba367e95ef0ddfb376b35de59ea2992a8becb4a21b6ad07be58f8d2d
Opcode Fuzzy Hash: 01570a33358f243c1685e7eb152a28e707e3e6d6068a0eb51633985eb97d5675
Instruction Fuzzy Hash: 2A21D276404280DFCB16CF10DAC0B16BF72FB88318F24C6A9DD481B256C33AD81ACB91

Function 00E5D8D5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544058880.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e5d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29efbc9a31c5d248d13bfcdc46ab59463829e90b768602fd30f99a18236d6530
Instruction ID: a4ea3f8c48f824d40ed91fe1cf345f3d983417be004d238792c9c2290c1f67a3
Opcode Fuzzy Hash: 29efbc9a31c5d248d13bfcdc46ab59463829e90b768602fd30f99a18236d6530
Instruction Fuzzy Hash: 2301DB7100D3449BE7318B19CD84766BF9CDF8133AF14C81AED495A187C6B99C45CA71

Function 00E5D8D4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2544058880.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e5d000_driver-hub-install__28.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec4d54d4c2b0d7bafcaac096abd6997bbef8a5eb0782f6b3a565a918767a386
Instruction ID: 83792d42a176713655e3224ee597731993cf2dd765fd45d54e0e67a54e5c50ac
Opcode Fuzzy Hash: 6ec4d54d4c2b0d7bafcaac096abd6997bbef8a5eb0782f6b3a565a918767a386
Instruction Fuzzy Hash: E6F0C271008340AAE7218E0ACDC4B62FF98EB81339F18C45AED485A287C2B89C44CAB1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ( Security Software Discovery ) to evade.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report driver-hub-install__28.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: driver-hub-install__28.exePID: 1292, Parent PID: 3084

General

File Activities

File Opened

File Created

File Read

File Attributes Queried

Volume Information Queried

Windows Analysis Report
driver-hub-install__28.exe