File name:

404 Crypter cracked.exe

Full analysis: https://app.any.run/tasks/f761315d-986c-40c7-8243-a580f7340018
Verdict: Malicious activity
Analysis date: November 24, 2023, 10:21:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

675D3FED985B10E5C6ADB587654A2A1C

SHA1:

F9D5F0A5F9A7C3A0D21D2768A63B6D63E8C0DE38

SHA256:

055BD2D248C3A00CD4AC594EE080795982A3F7F161151F3D3F4F8197FFC276F2

SSDEEP:

12288:lJEbNrhI2vXtAUzY6d7XsSBEdE/A1wxVRQ3Bs1qGGiCf7:lJ2E2vXtYU7a0/IBs8Grc7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 404 Crypter cracked.exe (PID: 2720)
      • 404 Crypter.exe (PID: 1988)
      • Payload.exe (PID: 3008)

    • Create files in the Startup directory

      • Payload.exe (PID: 3008)

  • SUSPICIOUS

    • Reads the Internet Settings

      • 404 Crypter cracked.exe (PID: 2720)

  • INFO

    • Reads the computer name

      • 404 Crypter cracked.exe (PID: 2720)
      • Payload.exe (PID: 3008)
      • 404 Crypter.exe (PID: 1988)

    • Checks supported languages

      • 404 Crypter cracked.exe (PID: 2720)
      • Payload.exe (PID: 3008)
      • 404 Crypter.exe (PID: 1988)

    • Create files in a temporary directory

      • 404 Crypter cracked.exe (PID: 2720)
      • 404 Crypter.exe (PID: 1988)

    • Reads the machine GUID from the registry

      • 404 Crypter.exe (PID: 1988)
      • Payload.exe (PID: 3008)

    • Creates files or folders in the user directory

      • Payload.exe (PID: 3008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2007:03:31 17:09:55+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 165376
UninitializedDataSize: 1024
EntryPoint: 0x315d
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 404 crypter cracked.exe 404 crypter.exe no specs payload.exe 404 crypter cracked.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1988"C:\Users\admin\AppData\Local\Temp\404 Crypter.exe" C:\Users\admin\AppData\Local\Temp\404 Crypter.exe404 Crypter cracked.exe
User:
admin
Integrity Level:
HIGH
Description:
ByteCrypter
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\404 crypter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2692"C:\Users\admin\AppData\Local\Temp\404 Crypter cracked.exe" C:\Users\admin\AppData\Local\Temp\404 Crypter cracked.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\404 crypter cracked.exe
c:\windows\system32\ntdll.dll
2720"C:\Users\admin\AppData\Local\Temp\404 Crypter cracked.exe" C:\Users\admin\AppData\Local\Temp\404 Crypter cracked.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\404 crypter cracked.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3008"C:\Users\admin\AppData\Local\Temp\Payload.exe" C:\Users\admin\AppData\Local\Temp\Payload.exe
404 Crypter cracked.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\payload.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
861
Read events
853
Write events
8
Delete events
0

Modification events

(PID) Process:(2720) 404 Crypter cracked.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2720) 404 Crypter cracked.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2720) 404 Crypter cracked.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2720) 404 Crypter cracked.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
4
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2720404 Crypter cracked.exeC:\Users\admin\AppData\Local\Temp\Payload.exeexecutable
MD5:DC897E1DE1632F623E141144ED28818B
SHA256:76329204FDB33B9E8C080F9C05EF8B41C345BDCAF21D7C1687EAB6FD8E815B4C
2720404 Crypter cracked.exeC:\Users\admin\AppData\Local\Temp\404 Crypter.exeexecutable
MD5:1752E9926BACEE67CAA1A5C52BD66726
SHA256:F0203342D01A0093B3679C4026ADD812462A8FFA87734A1DA4B386B526341FF8
3008Payload.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exeexecutable
MD5:DC897E1DE1632F623E141144ED28818B
SHA256:76329204FDB33B9E8C080F9C05EF8B41C345BDCAF21D7C1687EAB6FD8E815B4C
1988404 Crypter.exeC:\Users\admin\AppData\Local\Temp\Mono.Cecil.dllexecutable
MD5:B3182F7EF984F74057FBD2EEA5779114
SHA256:D636697DC076F857ED58CA66538B1177AC691999A9E851C2CADAAF23260B7202
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
404 Crypter cracked.exe