File name: | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe |
Full analysis: | https://app.any.run/tasks/bdb8066a-1ed8-4c2b-9ab0-7680b75b5b9a |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 23:06:23 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections |
MD5: | 4AE4B14E3B65B197D3ACFC66BBCE5053 |
SHA1: | 13BBE87DC07D88524B4214D0F8B2536FBBAC23C1 |
SHA256: | 0E64579F96EA13352BE8BC49A97B561E78C372AA1C1F04EE2EF962A9211EF21F |
SSDEEP: | 12288:DvVVVVVVVVTfuj5q4uFTDhSfWJUNo5kUe7evVVVVVVVVTfuj5q4uFTDhSfWJUNoh:Hfuj5DuFRSfWJUq5kUe+fuj5DuFRSfWj |
.exe | | | UPX compressed Win32 Executable (64.2) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.6) |
.exe | | | Win32 Executable (generic) (10.6) |
.exe | | | Generic Win/DOS Executable (4.7) |
.exe | | | DOS Executable Generic (4.7) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x7f80 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3772 | "C:\Users\admin\Desktop\0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe" | C:\Users\admin\Desktop\0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | — | ||
MD5:— | SHA256:— | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.tmp | executable | |
MD5:BA569D6462BE67A7CB8D13C7DE9B7E7D | SHA256:846D229444383CBF11D7B5E3F4AEC1B96199675773A8AEF928CA5D78F5C55893 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:80C5F7F5C9CE7967855A827B3B95F8BD | SHA256:90364BA7AC567E0ABBFC027F050725243A97BC04D56A8A524A713BAB119B7559 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:9CDF914F5A0BA3CA6659CE181F82B9CD | SHA256:A459EBB2FFAE8CCCCCCB569EE777E98601215B8057F981D145165AFF983C5D0D | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.tmp | executable | |
MD5:A5DF8BB5F07627C5831B649609F8CF92 | SHA256:A367BDB69DE43BBF69F41C2DC2BE42C4D9A045B3F649E286DDF1BDB52931656F | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.tmp | executable | |
MD5:787E1EF846432A1547C5A731B1019ED2 | SHA256:D38F0D5B1A415C26F7DE94A3B0A3B677A4DCC7B2B7CADEA17DA724CC53978580 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:8EAA02770D7832BBCF3FA8CDAE16E0F0 | SHA256:84F769E244F7511D0420A9A680F5D826BE0F18141D6BDCCE33F90683EB4ADD62 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:8EAA02770D7832BBCF3FA8CDAE16E0F0 | SHA256:84F769E244F7511D0420A9A680F5D826BE0F18141D6BDCCE33F90683EB4ADD62 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:D07E8594DE6612631FDBC384B3CF181A | SHA256:E489A8FC70D1794AAE27E068213260F6B47DF60DD1C6F341184C7AE5B5B4CC34 | |||
3772 | 0e64579f96ea13352be8bc49a97b561e78c372aa1c1f04ee2ef962a9211ef21f.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.tmp | executable | |
MD5:505502F04FE20FE618CFC979913539A7 | SHA256:3342A499C57EE582A4FFB4372C9D3BF36EA93368D249CD42B3036874A16A374F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5892 | svchost.exe | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5892 | svchost.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
5892 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 104.126.37.139:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5892 | svchost.exe | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5892 | svchost.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |