download:

/gds/2/0100012162/03/mastersetupv110.exe

Full analysis: https://app.any.run/tasks/442b002e-b1c0-4e02-a693-92a95bac79c5
Verdict: Malicious activity
Analysis date: November 22, 2024, 09:32:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

C930FB574502BECA03B610B3BC3A8E9E

SHA1:

90C7135941E9090EE0D29681364EF6871FFF7FFB

SHA256:

00D70F6FC7298D4E8F9780338C66D00D8BDF738513CBA9FF12B1F59DAEC5D801

SSDEEP:

98304:usmykJTbyx52LhbHDTwPvRHBnCDonE60/iViikustBdg7XysuVybPvHiyBdp6GQv:0dSP6s6BPfl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • mastersetupv110.exe (PID: 5576)
      • ndp462-kb3151802-web.exe (PID: 6812)

    • Reads security settings of Internet Explorer

      • mastersetupv110.exe (PID: 5576)

    • Executable content was dropped or overwritten

      • mastersetupv110.exe (PID: 5576)
      • ndp462-kb3151802-web.exe (PID: 6812)

    • The process creates files with name similar to system file names

      • mastersetupv110.exe (PID: 5576)

  • INFO

    • Checks supported languages

      • mastersetupv110.exe (PID: 5576)
      • Msetup4.exe (PID: 2008)

    • Reads the computer name

      • mastersetupv110.exe (PID: 5576)
      • Msetup4.exe (PID: 2008)

    • Process checks computer location settings

      • mastersetupv110.exe (PID: 5576)

    • The process uses the downloaded file

      • mastersetupv110.exe (PID: 5576)

    • Manual execution by a user

      • mastersetupv110.exe (PID: 7116)
      • mastersetupv110.exe (PID: 7068)
      • Msetup4.exe (PID: 6624)
      • Msetup4.exe (PID: 3852)
      • ndp462-kb3151802-web.exe (PID: 4976)
      • ndp462-kb3151802-web.exe (PID: 6812)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (30.7)
.exe | Win32 Executable MS Visual C++ (generic) (22.2)
.exe | Win64 Executable (generic) (19.7)
.exe | Winzip Win32 self-extracting archive (generic) (16.4)
.dll | Win32 Dynamic Link Library (generic) (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:11:02 20:23:17+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 151552
InitializedDataSize: 77824
UninitializedDataSize: -
EntryPoint: 0x14bdf
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
136
Monitored processes
13
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start mastersetupv110.exe msetup4.exe no specs textinputhost.exe no specs rundll32.exe no specs mastersetupv110.exe no specs mastersetupv110.exe msetup4.exe no specs msetup4.exe no specs msetup4.exe ndp462-kb3151802-web.exe no specs ndp462-kb3151802-web.exe setup.exe no specs mastersetupv110.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2008"C:\Users\admin\Downloads\mastersetupv110\Msetup4.exe" C:\Users\admin\Downloads\mastersetupv110\Msetup4.exemastersetupv110.exe
User:
admin
Company:
CANON INC.
Integrity Level:
HIGH
Description:
Master Setup
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\downloads\mastersetupv110\msetup4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3672"C:\Users\admin\Downloads\mastersetupv110\Msetup4.exe" C:\Users\admin\Downloads\mastersetupv110\Msetup4.exemastersetupv110.exe
User:
admin
Company:
CANON INC.
Integrity Level:
HIGH
Description:
Master Setup
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\downloads\mastersetupv110\msetup4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3852"C:\Users\admin\Downloads\mastersetupv110\Msetup4.exe" C:\Users\admin\Downloads\mastersetupv110\Msetup4.exeexplorer.exe
User:
admin
Company:
CANON INC.
Integrity Level:
MEDIUM
Description:
Master Setup
Exit code:
3221226540
Version:
1.1.0.0
Modules
Images
c:\users\admin\downloads\mastersetupv110\msetup4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4036C:\6508183a1fd450bdf0652e33101f\\Setup.exe /x86 /x64 /webC:\6508183a1fd450bdf0652e33101f\Setup.exendp462-kb3151802-web.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Setup Installer
Version:
14.6.1590.0 built by: NETFXREL2
Modules
Images
c:\6508183a1fd450bdf0652e33101f\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4228"C:\Users\admin\Downloads\mastersetupv110.exe" C:\Users\admin\Downloads\mastersetupv110.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\downloads\mastersetupv110.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4976"C:\Users\admin\Downloads\mastersetupv110\Launcher\DotNet\ndp462-kb3151802-web.exe" C:\Users\admin\Downloads\mastersetupv110\Launcher\DotNet\ndp462-kb3151802-web.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Framework 4.6.2 Setup
Exit code:
3221226540
Version:
4.6.01590.00
Modules
Images
c:\users\admin\downloads\mastersetupv110\launcher\dotnet\ndp462-kb3151802-web.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5576"C:\Users\admin\Downloads\mastersetupv110.exe" C:\Users\admin\Downloads\mastersetupv110.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\downloads\mastersetupv110.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6624"C:\Users\admin\Downloads\mastersetupv110\Msetup4.exe" C:\Users\admin\Downloads\mastersetupv110\Msetup4.exe
explorer.exe
User:
admin
Company:
CANON INC.
Integrity Level:
HIGH
Description:
Master Setup
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\downloads\mastersetupv110\msetup4.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6812"C:\Users\admin\Downloads\mastersetupv110\Launcher\DotNet\ndp462-kb3151802-web.exe" C:\Users\admin\Downloads\mastersetupv110\Launcher\DotNet\ndp462-kb3151802-web.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft .NET Framework 4.6.2 Setup
Version:
4.6.01590.00
Modules
Images
c:\users\admin\downloads\mastersetupv110\launcher\dotnet\ndp462-kb3151802-web.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6872"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
123.26505.0.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\textinputhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
Total events
1 424
Read events
1 424
Write events
0
Delete events
0

Modification events

No data
Executable files
102
Suspicious files
3
Text files
117
Unknown types
0

Dropped files

PID
Process
Filename
Type
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.App.dllexecutable
MD5:5373E5C91079B5676C78D50AFAAEA05E
SHA256:1613AE8FEE62A1D88497367969AEEC25D40774AB40FFAF2AE27F819675165F12
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\ca-ES\ESetup.View.resources.dllexecutable
MD5:2155097BF7D4CD8D166DC52158FC6B88
SHA256:24948972E0D41767F613E23F2500FD0E733AC74D9A1361C853D24FC158672A4C
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.AppModel.dllexecutable
MD5:214D2281530E2263A96A0A459F056D38
SHA256:55B0845CF4BF8936E9A74197B14836D122CC8F68934844BA4294041F00E68DDC
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\ar-SA\ESetup.View.resources.dllexecutable
MD5:14C1AC7165C90A78055BDEA3E3688A0D
SHA256:A0E7FEFE96A014FD91AB013F13576875D350FF17D3B2D071EE5DE7DDDB3AB9A2
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.Core.dllexecutable
MD5:11AEBC82C4C2708058B1D0FC68B5BE87
SHA256:EC52C7941E97D2B3DB0A03136B8676FA23AE23EB42EE64D6E9F16C1E3AC29F99
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.ViewModel.dllexecutable
MD5:AC80F332F80864C822852B5B96FFAE5E
SHA256:053EC5C56FB5DD11F0C849C40BC23300A11EAA87EF095B65501EFDB48867CFE1
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.Utility.dllexecutable
MD5:11ABE7399296BCEB5720BD1F10756044
SHA256:90DF5A20E17A5EA013D4A9307971605615FA4EC3F5E9B4275217F28824DC4EEB
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\cs-CZ\ESetup.View.resources.dllexecutable
MD5:7BDB2E92BB6D25E5F22082C592DEB655
SHA256:D01824DA6B8B6838394FC17575C6D06F83E3001BE570819AB22B2FFEB52604E2
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\Launcher\DotNet\ndp462-kb3151802-web.exeexecutable
MD5:FF672E857CAAC9870B479586C1282212
SHA256:F20AF20AE2610D4C408D2C6D3FEAA743DDE675FCDFF4D56CA11957F915715AC1
5576mastersetupv110.exeC:\Users\admin\Downloads\mastersetupv110\win\Common.Logger.dllexecutable
MD5:0639DF845B7417BFAF28A9FF9ADC456A
SHA256:4E8C34B564F67B8F8FFF67B4427D20F1A83CB498C8F7BD9BA39F9E31AE8201A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
36
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4932
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6100
SystemSettings.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
6700
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6700
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
492
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6024
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.107:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4932
svchost.exe
2.16.164.107:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4932
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.19.96.72:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.164.107
  • 2.16.164.112
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 23.52.120.96
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 2.19.96.72
  • 2.19.96.74
  • 2.19.96.75
  • 2.19.96.83
  • 2.19.96.88
  • 2.19.96.73
  • 2.19.96.89
  • 2.19.96.91
  • 2.19.96.81
  • 2.23.209.181
  • 2.23.209.178
  • 2.23.209.171
  • 2.23.209.168
  • 2.23.209.173
  • 2.23.209.183
  • 2.23.209.185
  • 2.23.209.175
  • 2.23.209.179
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.20
  • 40.126.32.140
  • 40.126.32.68
  • 40.126.32.72
  • 40.126.32.74
  • 20.190.160.17
  • 20.190.160.22
whitelisted
go.microsoft.com
  • 23.43.62.58
whitelisted
cxcs.microsoft.net
  • 184.25.219.220
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/gds/2/0100012162/03/mastersetupv110.exe