File name:

Frija.exe

Full analysis: https://app.any.run/tasks/a816e03f-422d-49d9-b035-af364ade5181
Verdict: Malicious activity
Analysis date: November 22, 2024, 19:04:14
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

3A2A933277AC3B36581BE477D57912C4

SHA1:

7A88A6D56D8984D4D906EF181A6A915F25899531

SHA256:

024A732748E0A130D1F1931A5994891E47AE90D526F9B2A325299EB401DF6680

SSDEEP:

98304:u+dL4YkdIjmkEx2ir8wsU368Ou2q7n3C2XuZD8v+D9mKvFdjCM2TJh4G/LLsgIJb:bUYcY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Frija.exe (PID: 4824)

    • Process drops legitimate windows executable

      • Frija.exe (PID: 4824)

  • INFO

    • Checks supported languages

      • Frija.exe (PID: 4824)

    • Reads the computer name

      • Frija.exe (PID: 4824)

    • Create files in a temporary directory

      • Frija.exe (PID: 4824)

    • Sends debugging messages

      • Frija.exe (PID: 4824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:08:17 01:30:08+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 86016
InitializedDataSize: 55296
UninitializedDataSize: -
EntryPoint: 0x11690
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.23364.3
ProductVersionNumber: 2.0.23364.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Frija
FileDescription: Frija
FileVersion: 2.0.23364.3
InternalName: Frija.dll
LegalCopyright:
OriginalFileName: Frija.dll
ProductName: Frija
ProductVersion: 2.0.23364.3
AssemblyVersion: 2.0.23364.3
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
113
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start frija.exe

Process information

PID
CMD
Path
Indicators
Parent process
4824"C:\Users\admin\Desktop\Frija.exe" C:\Users\admin\Desktop\Frija.exe
explorer.exe
User:
admin
Company:
Frija
Integrity Level:
MEDIUM
Description:
Frija
Version:
2.0.23364.3
Modules
Images
c:\users\admin\desktop\frija.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
17
Read events
17
Write events
0
Delete events
0

Modification events

No data
Executable files
47
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\Frija.dllexecutable
MD5:A0BFC18AC797335B88EEDBBB0BB5725A
SHA256:30CE78F755491FEC3CB8D103C6D5BC2463EF6FF890B47B5665011B0DD11D0AE9
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\JWT.dllexecutable
MD5:399C9A79870E079C4A5254A9C771D5C1
SHA256:F334D6396D16D572105E38259241C78C198093F33026B123C28E3E27D2CB94E1
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\AutoUpdater.NET.dllexecutable
MD5:E1063FB3567D8AC5ADBC74BA72D747BD
SHA256:86998F6EDAF94FAA6EA0B2F9138C229FD396940E8D0BA90975073CC5A38D997C
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\Bugsnag.dllexecutable
MD5:6EDB07D893F2D2972985FAC8A7C7A4E8
SHA256:C2EA27FFF20DDEBEC74B6FE3F90D095799F83608D161D4D16810A097E33BC67C
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\MicaWPF.dllexecutable
MD5:E6C9584E7415ED44C35EF3F8417A530A
SHA256:278A4FF73D9C65318097DE772E82C6088EA355AD47E6FBB8099EF1B04E005432
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\MaterialDesignColors.dllexecutable
MD5:F20953C82D86A9EF1D59483DEDBDB734
SHA256:DCB7D663017E2166A9C1BE0C3C21646885BA8D68D8E53EE73733D5506C91F025
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\MaterialDesignThemes.Wpf.dllexecutable
MD5:A2D60E587021B5950613851E267EB263
SHA256:4C38436A92DFDDF8E17461C8ECE4DDB0902D14EFAEB23AC272DCF45CAABE2922
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\Bugsnag.ConfigurationSection.dllexecutable
MD5:19CDF01F6B395B0A4775D1541BE6708B
SHA256:C3F11DF1A8A2C81E6B305DCE695B25376CF5688B5085A13BA5570D28F0888C42
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\NLog.dllexecutable
MD5:6BBFE47219C7E036DC81013C8965D809
SHA256:A139F821BFEDC67E9A0A75FF9B1D51BFB68B65401D6C13141327732094790262
4824Frija.exeC:\Users\admin\AppData\Local\Temp\.net\Frija\12d8\Microsoft.Win32.Registry.dllexecutable
MD5:F775A8103A6034D25FBB2934F5E1B979
SHA256:5738F1E014D65979898848781075DB25EEDE1F14D7E38D68CEA6A4C49BC2B2C4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
22
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.41.96:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.53.41.96:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6092
svchost.exe
GET
200
23.53.41.96:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6092
svchost.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.110.136:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
23.53.41.96:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.53.41.96:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6092
svchost.exe
23.53.41.96:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6092
svchost.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.16.110.136
  • 2.16.110.137
  • 2.16.110.193
  • 2.16.110.123
  • 2.16.110.131
  • 2.16.110.200
  • 2.16.110.203
  • 2.16.110.138
  • 2.16.110.130
whitelisted
google.com
  • 172.217.18.110
whitelisted
crl.microsoft.com
  • 23.53.41.96
  • 23.53.40.176
  • 23.53.41.89
  • 23.53.40.200
  • 23.53.40.201
whitelisted
www.microsoft.com
  • 23.52.120.96
whitelisted
self.events.data.microsoft.com
  • 52.182.143.214
whitelisted

Threats

No threats detected
Process
Message
Frija.exe
A fatal error occurred. The required library hostfxr.dll could not be found. If this is a self-contained application, that library should exist in [C:\Users\admin\AppData\Local\Temp\.net\Frija\l5pbyp2j.fdk\]. If this is a framework-dependent application, install the runtime in the global location [C:\Program Files (x86)\dotnet] or use the DOTNET_ROOT(x86) environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation].
Frija.exe
The .NET Core runtime can be found at:
Frija.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Frija.exe