File name:

Xbox360_64Eng.exe

Full analysis: https://app.any.run/tasks/c340bded-cfd3-4ec4-9e7b-201b76cfb4c1
Verdict: Malicious activity
Analysis date: March 19, 2024, 03:37:06
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4C7FBAD5BBEBC0D3807129092A1DE4B9

SHA1:

00F7246437C53F3ABA5516AC3FC572181C24C666

SHA256:

0E72ED6D89D9B89690FDE8122F46FA851740EF18E850D98D45E56F85A6682994

SSDEEP:

98304:BSUCTRhlUVz71eG+Ybiy/j+Hu9Oy5fNFDm9DOTJ7AHzJJRFlzHObR8AJrYE/0eeN:BYTFEnT0y/+SrK9+JMHFDzxpE/U

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Xbox360_64Eng.exe (PID: 3956)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Xbox360_64Eng.exe (PID: 3956)

    • Executable content was dropped or overwritten

      • Xbox360_64Eng.exe (PID: 3956)

    • Drops a system driver (possible attempt to evade defenses)

      • Xbox360_64Eng.exe (PID: 3956)

    • Starts a Microsoft application from unusual location

      • Xbox360_64Eng.exe (PID: 3956)

    • Reads the Internet Settings

      • setup.exe (PID: 1348)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 1348)

  • INFO

    • Checks supported languages

      • Xbox360_64Eng.exe (PID: 3956)
      • setup.exe (PID: 1348)
      • setupstb.exe (PID: 2256)

    • Reads Environment values

      • Xbox360_64Eng.exe (PID: 3956)

    • Reads the machine GUID from the registry

      • Xbox360_64Eng.exe (PID: 3956)

    • Reads the computer name

      • Xbox360_64Eng.exe (PID: 3956)
      • setup.exe (PID: 1348)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5)
.exe | Win32 Executable MS Visual C++ (generic) (7.3)
.exe | Win64 Executable (generic) (6.5)
.dll | Win32 Dynamic Link Library (generic) (1.5)
.exe | Win32 Executable (generic) (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2005:06:28 16:55:01+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 7.1
CodeSize: 31232
InitializedDataSize: 72704
UninitializedDataSize: -
EntryPoint: 0x5a45
OSVersion: 5.2
ImageVersion: 5.2
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.2.29.0
ProductVersionNumber: 6.2.29.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Self-Extracting Cabinet
FileVersion: 6.2.0029.0 (SRV03_QFE.031113-0918)
InternalName: SFXCAB.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: SFXCAB.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.2.0029.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start xbox360_64eng.exe setup.exe no specs setup.exe setupstb.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1348c:\7cb7b01788a796a77e6f8775ad\setup.exeC:\7cb7b01788a796a77e6f8775ad\setup.exe
Xbox360_64Eng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Setup.exe
Exit code:
1
Version:
1.20.146.0
Modules
Images
c:\7cb7b01788a796a77e6f8775ad\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2256"C:\7cb7b01788a796a77e6f8775ad\setupstb.exe" C:\7cb7b01788a796a77e6f8775ad\setupstb.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
setupstb.exe
Exit code:
0
Version:
1.20.146.0
Modules
Images
c:\7cb7b01788a796a77e6f8775ad\setupstb.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2580c:\7cb7b01788a796a77e6f8775ad\setup.exeC:\7cb7b01788a796a77e6f8775ad\setup.exeXbox360_64Eng.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Setup.exe
Exit code:
3221226540
Version:
1.20.146.0
Modules
Images
c:\7cb7b01788a796a77e6f8775ad\setup.exe
c:\windows\system32\ntdll.dll
3956"C:\Users\admin\AppData\Local\Temp\Xbox360_64Eng.exe" C:\Users\admin\AppData\Local\Temp\Xbox360_64Eng.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Self-Extracting Cabinet
Exit code:
1
Version:
6.2.0029.0 (SRV03_QFE.031113-0918)
Modules
Images
c:\users\admin\appdata\local\temp\xbox360_64eng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
559
Read events
551
Write events
8
Delete events
0

Modification events

(PID) Process:(1348) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1348) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1348) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1348) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
24
Suspicious files
11
Text files
8
Unknown types
1

Dropped files

PID
Process
Filename
Type
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\directx\dxupdate.cabcompressed
MD5:C127CEEF3E5C3140074A6310F92C36E9
SHA256:D4C3AA13868906786DC81317843350D754A04E29B89198E1D51BD85D379E21CC
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\setupstb.exeexecutable
MD5:1AFFB5275B299FF887B4783CDDD14992
SHA256:93D0AB42D292EA420915873B3EEE5146F798C8AC6859CB4C018613339AE4B4BC
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\directx\dxdllreg_x86.cabcompressed
MD5:7245FD3CA887A203A94F31FF49199AB1
SHA256:5539816B24E9BC43100055B542151A9103D8498553EEE69A3E46ABBA6C360568
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\directx\oct2006_xinput_x86.cabcompressed
MD5:CFA780E0C92033A6D2BF405A56A9F910
SHA256:DD8154886ECECA75B9E7A5D964B1EEDF784532ED7A01241078C4BF4D827914EA
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\lang.initext
MD5:37EB4D739414162AB9B2DC924B9F88DA
SHA256:EBB498EC3498BE69FFCE90A25BA3B67AF4D518347B7E28181C7F97905101C6C5
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\setup.exeexecutable
MD5:4D5B5599F1CB63D895307F8DEA8B674C
SHA256:9D8F858CA3201B7B04CC0564D70D3E8A809C93C69170799854D0E949D46685FF
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\xbox360\setup64\xboxacc.msiexecutable
MD5:075AFFBDFC36C956D9C2176B215F7F16
SHA256:B3D4394F75E8C0E16F4CB7E2330DE2E55C02DD8DDC6D8EF6E400ECF9910801A3
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\xbox360\setup64\files\ausetting.exeexecutable
MD5:A02A804D76612CFEF64245145CD6AD6F
SHA256:A64C107A9B5ACFDE6C2EA21F55166D546893DAA314B6D5E4C5B3FCFD94D9A851
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\xbox360\setup64\files\difxapi.dllexecutable
MD5:F5558C67A3ADB662D43D40A1CBDE4160
SHA256:83C43D65084CD202AA9982AF6D87C963A05035F1E2CDAC48304FA299584E3242
3956Xbox360_64Eng.exeC:\7cb7b01788a796a77e6f8775ad\xbox360\setup64\files\checker.exeexecutable
MD5:BCD85EB22E163A1B48EEB2498509F699
SHA256:2D79646539E19EA835B26F25F35970A5C06BF865608FDE6C27B224D2B1743EB3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Xbox360_64Eng.exe