File name:

WIAACMGR.EXE

Full analysis: https://app.any.run/tasks/7e32756b-f549-482d-aded-8a8a8c0c4b19
Verdict: Malicious activity
Analysis date: October 05, 2023, 07:21:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

30A92409EFE198545CFA4A86457C6C0B

SHA1:

7AE6F1A405230BC23498B9FF1FD137D5653B0C41

SHA256:

0CA9B9469FBD76432DB4418D63C089762D6C1598FAC4A69D02F200D90D6119BB

SSDEEP:

98304:D4/SNsuDZYVFBmUzrz5OnaltQtRdxvqe/5next45UrcZs1FPT3WEigP+7mhUd9c6:peypWIHlPSddAWprTIR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WIAACMGR.EXE (PID: 976)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WIAACMGR.EXE (PID: 976)

    • Application launched itself

      • WIAACMGR.EXE (PID: 976)

    • The process drops C-runtime libraries

      • WIAACMGR.EXE (PID: 976)

    • Loads Python modules

      • WIAACMGR.EXE (PID: 3008)

  • INFO

    • Checks supported languages

      • WIAACMGR.EXE (PID: 976)
      • WIAACMGR.EXE (PID: 3008)

    • Reads the computer name

      • WIAACMGR.EXE (PID: 976)

    • Create files in a temporary directory

      • WIAACMGR.EXE (PID: 976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:10:04 19:04:38+02:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.36
CodeSize: 166400
InitializedDataSize: 94208
UninitializedDataSize: -
EntryPoint: 0xb340
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 10.0.19041.1151
ProductVersionNumber: 10.0.19041.1151
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Windows Picture Acquisition Wizard
FileVersion: 10.0.19041.1151 (WinBuild.160101.0800)
InternalName: WIAACMGR
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: WIAACMGR.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1151
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
31
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wiaacmgr.exe no specs wiaacmgr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
976"C:\Users\admin\AppData\Local\Temp\WIAACMGR.EXE" C:\Users\admin\AppData\Local\Temp\WIAACMGR.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Picture Acquisition Wizard
Exit code:
0
Version:
10.0.19041.1151 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\appdata\local\temp\wiaacmgr.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
3008"C:\Users\admin\AppData\Local\Temp\WIAACMGR.EXE" C:\Users\admin\AppData\Local\Temp\WIAACMGR.EXEWIAACMGR.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Picture Acquisition Wizard
Exit code:
0
Version:
10.0.19041.1151 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\appdata\local\temp\wiaacmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
Total events
13
Read events
13
Write events
0
Delete events
0

Modification events

No data
Executable files
18
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\VCRUNTIME140.dllexecutable
MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
SHA256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_decimal.pydexecutable
MD5:A8952538E090E2FF0EFB0BA3C890CD04
SHA256:C4E8740C5DBBD2741FC4124908DA4B65FA9C3E17D9C9BF3F634710202E0C7009
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_ctypes.pydexecutable
MD5:1ADFE4D0F4D68C9C539489B89717984D
SHA256:64E8FD952CCF5B8ADCA80CE8C7BC6C96EC7DF381789256FE8D326F111F02E95C
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_hashlib.pydexecutable
MD5:F10D896ED25751EAD72D8B03E404EA36
SHA256:3660B985CA47CA1BBA07DB01458B3153E4E692EE57A8B23CE22F1A5CA18707C3
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_sqlite3.pydexecutable
MD5:EB6313B94292C827A5758EEA82D018D9
SHA256:6B41DFD7D6AC12AFE523D74A68F8BD984A75E438DCF2DAA23A1F934CA02E89DA
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_queue.pydexecutable
MD5:DECDABACA104520549B0F66C136A9DC1
SHA256:9D4880F7D0129B1DE95BECD8EA8BBBF0C044D63E87764D18F9EC00D382E43F84
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_socket.pydexecutable
MD5:BCC3E26A18D59D76FD6CF7CD64E9E14D
SHA256:4E19F29266A3D6C127E5E8DE01D2C9B68BC55075DD3D6AABE22CF0DE4B946A98
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_bz2.pydexecutable
MD5:2D461B41F6E9A305DDE68E9C59E4110A
SHA256:ABBE3933A34A9653A757244E8E55B0D7D3A108527A3E9E8A7F2013B5F2A9EFF4
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_lzma.pydexecutable
MD5:3798175FD77EDED46A8AF6B03C5E5F6D
SHA256:3C9D5A9433B22538FC64141CD3784800C567C18E4379003329CF69A1D59B2A41
976WIAACMGR.EXEC:\Users\admin\AppData\Local\Temp\_MEI9762\_ssl.pydexecutable
MD5:2089768E25606262921E4424A590FF05
SHA256:3E6E9FC56E1A9FE5EDB39EE03E5D47FA0E3F6ADB17BE1F087DC6F891D3B0BBCA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
324
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1956
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WIAACMGR.EXE