URL:

http://logtagrecorders.com/wp-content/uploads/ltanalyzer_31r5.exe

Full analysis: https://app.any.run/tasks/0b600547-f29e-463c-9e44-1fb9f65b8fc3
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 23, 2019, 23:54:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
loader
Indicators:
MD5:

2144B4B58E0B4B9412D8C03D01204BF5

SHA1:

32F9DEC458BCD89803747E7E13BB095AE8779EA0

SHA256:

08F178FF9B19DE91123E6781037A1382DA7F204BF2FBF1729C6B58AE62DD069A

SSDEEP:

3:N1KSKCRcGKHRSVOlAQyfELgiTXfdAn:CSZ2GKUVOlAZEb1An

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 768)

    • Application was dropped or rewritten from another process

      • ltanalyzer_31r5.exe (PID: 1708)
      • ltanalyzer_31r5.exe (PID: 2520)
      • Setup.exe (PID: 3348)
      • vcredist_x86.exe (PID: 2104)
      • ltanalyzer_31r5.exe (PID: 2052)
      • AnalyzerDesktop.exe (PID: 4008)

    • Loads dropped or rewritten executable

      • ltanalyzer_31r5.exe (PID: 2520)
      • Setup.exe (PID: 3348)
      • AnalyzerDesktop.exe (PID: 4008)

    • Changes settings of System certificates

      • ltanalyzer_31r5.exe (PID: 2520)

    • Loads the Task Scheduler DLL interface

      • ltanalyzer_31r5.exe (PID: 2520)

  • SUSPICIOUS

    • Adds / modifies Windows certificates

      • ltanalyzer_31r5.exe (PID: 2520)

    • Creates files in the Windows directory

      • ltanalyzer_31r5.exe (PID: 2520)
      • msiexec.exe (PID: 3520)
      • DrvInst.exe (PID: 3080)
      • DrvInst.exe (PID: 2896)

    • Executable content was dropped or overwritten

      • vcredist_x86.exe (PID: 2104)
      • ltanalyzer_31r5.exe (PID: 2520)
      • msiexec.exe (PID: 3520)
      • MsiExec.exe (PID: 3876)
      • DrvInst.exe (PID: 3080)
      • msiexec.exe (PID: 2424)
      • MsiExec.exe (PID: 2656)

    • Executed as Windows Service

      • vssvc.exe (PID: 2804)

    • Application launched itself

      • ltanalyzer_31r5.exe (PID: 2520)

    • Executed via COM

      • DrvInst.exe (PID: 2556)
      • DrvInst.exe (PID: 3080)
      • DrvInst.exe (PID: 2896)

    • Reads Environment values

      • MsiExec.exe (PID: 2656)

    • Modifies the open verb of a shell class

      • msiexec.exe (PID: 2424)

    • Creates files in the driver directory

      • DrvInst.exe (PID: 3080)
      • DrvInst.exe (PID: 2896)

    • Removes files from Windows directory

      • DrvInst.exe (PID: 3080)
      • ltanalyzer_31r5.exe (PID: 2520)
      • DrvInst.exe (PID: 2896)

    • Creates files in the user directory

      • ltanalyzer_31r5.exe (PID: 2520)
      • msiexec.exe (PID: 2424)
      • AnalyzerDesktop.exe (PID: 4008)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2568)

    • Application launched itself

      • iexplore.exe (PID: 2568)
      • msiexec.exe (PID: 2424)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2568)
      • iexplore.exe (PID: 768)

    • Creates files in the user directory

      • iexplore.exe (PID: 768)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 1032)
      • MsiExec.exe (PID: 3876)
      • MsiExec.exe (PID: 2656)
      • MsiExec.exe (PID: 4072)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3520)
      • msiexec.exe (PID: 2424)
      • MsiExec.exe (PID: 2656)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 2804)

    • Searches for installed software

      • msiexec.exe (PID: 2424)

    • Creates files in the program directory

      • MsiExec.exe (PID: 4072)
      • MsiExec.exe (PID: 2656)
      • msiexec.exe (PID: 2424)

    • Starts application with an unusual extension

      • msiexec.exe (PID: 2424)

    • Dropped object may contain Bitcoin addresses

      • msiexec.exe (PID: 2424)
      • ltanalyzer_31r5.exe (PID: 2520)
      • MSI552E.tmp (PID: 3140)

    • Application was dropped or rewritten from another process

      • MSI552E.tmp (PID: 3140)

    • Manual execution by user

      • AnalyzerDesktop.exe (PID: 4008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
19
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start iexplore.exe iexplore.exe ltanalyzer_31r5.exe no specs ltanalyzer_31r5.exe msiexec.exe msiexec.exe no specs vcredist_x86.exe setup.exe msiexec.exe msiexec.exe ltanalyzer_31r5.exe no specs vssvc.exe no specs drvinst.exe no specs msiexec.exe no specs msiexec.exe msi552e.tmp no specs drvinst.exe no specs drvinst.exe analyzerdesktop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2568 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1032C:\Windows\system32\MsiExec.exe -Embedding 4986515FF3B72EC1B6DD2752BADF7017 CC:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1708"C:\Users\admin\Downloads\ltanalyzer_31r5.exe" C:\Users\admin\Downloads\ltanalyzer_31r5.exeiexplore.exe
User:
admin
Company:
LogTag Recorders
Integrity Level:
MEDIUM
Description:
LogTag Analyzer Installer
Exit code:
3221226540
Version:
3.1.5.6
Modules
Images
c:\users\admin\downloads\ltanalyzer_31r5.exe
c:\systemroot\system32\ntdll.dll
2052"C:\Users\admin\Downloads\ltanalyzer_31r5.exe" /i "C:\Users\admin\AppData\Roaming\LogTag Recorders\LogTag Analyzer 3.1.5.6\install\7890922\ltanalyzer_3.1.5.6.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\LogTag Recorders\LogTag Analyzer3" CLIENTPROCESSID="2520" AI_MORE_CMD_LINE=1C:\Users\admin\Downloads\ltanalyzer_31r5.exeltanalyzer_31r5.exe
User:
admin
Company:
LogTag Recorders
Integrity Level:
HIGH
Description:
LogTag Analyzer Installer
Exit code:
0
Version:
3.1.5.6
Modules
Images
c:\users\admin\downloads\ltanalyzer_31r5.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
2104"C:\Users\admin\AppData\Roaming\LogTag Recorders\LogTag Analyzer\prerequisites\Visual C++ 2010 SP1\vcredist_x86.exe" C:\Users\admin\AppData\Roaming\LogTag Recorders\LogTag Analyzer\prerequisites\Visual C++ 2010 SP1\vcredist_x86.exe
ltanalyzer_31r5.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
0
Version:
10.0.40219.325
Modules
Images
c:\users\admin\appdata\roaming\logtag recorders\logtag analyzer\prerequisites\visual c++ 2010 sp1\vcredist_x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2424C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2520"C:\Users\admin\Downloads\ltanalyzer_31r5.exe" C:\Users\admin\Downloads\ltanalyzer_31r5.exe
iexplore.exe
User:
admin
Company:
LogTag Recorders
Integrity Level:
HIGH
Description:
LogTag Analyzer Installer
Exit code:
0
Version:
3.1.5.6
Modules
Images
c:\users\admin\downloads\ltanalyzer_31r5.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2556DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "000005CC" "000005C8"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2568"C:\Program Files\Internet Explorer\iexplore.exe" http://logtagrecorders.com/wp-content/uploads/ltanalyzer_31r5.exeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2656C:\Windows\system32\MsiExec.exe -Embedding A19F515829BBC0C1E9C5B657544DDFF1 M Global\MSI0000C:\Windows\system32\MsiExec.exe
msiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
4 160
Read events
2 952
Write events
1 139
Delete events
69

Modification events

(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{32FFCA9B-7DB6-11E9-A370-5254004A04AF}
Value:
0
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(2568) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307050004001700170037000B00CB02
Executable files
179
Suspicious files
33
Text files
1 504
Unknown types
30

Dropped files

PID
Process
Filename
Type
2568iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFBAE5508BDA9F1425.TMP
MD5:
SHA256:
2568iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2568iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4CE7YLUT\ltanalyzer_31r5[1].exe
MD5:
SHA256:
2568iexplore.exeC:\Users\admin\Downloads\ltanalyzer_31r5.exe
MD5:
SHA256:
2520ltanalyzer_31r5.exeC:\Users\admin\AppData\Roaming\LogTag Recorders\LogTag Analyzer 3.1.5.6\install\holder0.aiph
MD5:
SHA256:
2520ltanalyzer_31r5.exeC:\Users\admin\AppData\Roaming\LogTag Recorders\LogTag Analyzer 3.1.5.6\install\7890922\ltanalyzer_3.1.5.6.msi
MD5:
SHA256:
768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
2568iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{32FFCA9C-7DB6-11E9-A370-5254004A04AF}.datbinary
MD5:
SHA256:
768iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019052420190525\index.datdat
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
2
DNS requests
2
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
768
iexplore.exe
GET
200
77.104.154.224:80
http://logtagrecorders.com/wp-content/uploads/ltanalyzer_31r5.exe
US
executable
54.3 Mb
malicious
2568
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
768
iexplore.exe
77.104.154.224:80
logtagrecorders.com
SingleHop, Inc.
US
malicious
2568
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
logtagrecorders.com
  • 77.104.154.224
malicious
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted

Threats

PID
Process
Class
Message
768
iexplore.exe
A Network Trojan was detected
ET TROJAN EXE Download Request To Wordpress Folder Likely Malicious
768
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
Setup.exe
The operation completed successfully.
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://logtagrecorders.com/wp-content/uploads/ltanalyzer_31r5.exe