File name:

Setup_DDC4000-Browser_V3.34.exe

Full analysis: https://app.any.run/tasks/bc20fb77-c524-4cdd-b1fe-daf4939ce98e
Verdict: Malicious activity
Analysis date: November 09, 2023, 10:53:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D1279A8A9EC31B4C2ECD188684BF5425

SHA1:

643609427038B108217D6A8A23C1429C478C3191

SHA256:

0F0BEAAE593FD465F007AD998ABFA49E52D01D2BD09D67E2DFDD8E075DFD05AE

SSDEEP:

98304:lXARht1xLY/f4WOGBqJb0yXPr4FImUoC1ey+ZQnuzklH39ie0RWbPahdpGNi+kli:g8Bc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup_DDC4000-Browser_V3.34.exe (PID: 3416)
      • Setup_DDC4000-Browser_V3.34.exe (PID: 3228)
      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)

    • Reads the Windows owner or organization settings

      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)

    • Checks for Java to be installed

      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)

  • INFO

    • Checks supported languages

      • Setup_DDC4000-Browser_V3.34.exe (PID: 3228)
      • Setup_DDC4000-Browser_V3.34.exe (PID: 3416)
      • Setup_DDC4000-Browser_V3.34.tmp (PID: 3128)
      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)
      • javaw.exe (PID: 3688)

    • Reads the computer name

      • Setup_DDC4000-Browser_V3.34.tmp (PID: 3128)
      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)
      • javaw.exe (PID: 3688)

    • Create files in a temporary directory

      • Setup_DDC4000-Browser_V3.34.exe (PID: 3228)
      • Setup_DDC4000-Browser_V3.34.exe (PID: 3416)
      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)
      • javaw.exe (PID: 3688)

    • Creates files in the program directory

      • Setup_DDC4000-Browser_V3.34.tmp (PID: 2424)
      • javaw.exe (PID: 3688)

    • Manual execution by a user

      • javaw.exe (PID: 3688)
      • WINWORD.EXE (PID: 3736)
      • WINWORD.EXE (PID: 4088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:03:17 11:22:54+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 53248
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.1.0.0
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Kieback&Peter GmbH & Co. KG
FileDescription: DDC4000-Browser 3.34
FileVersion: 2.1.0.0
LegalCopyright: Kieback&Peter GmbH & Co. KG
ProductName: Kieback&Peter DDC4000-Browser
ProductVersion: 3.34
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup_ddc4000-browser_v3.34.exe no specs setup_ddc4000-browser_v3.34.tmp no specs setup_ddc4000-browser_v3.34.exe setup_ddc4000-browser_v3.34.tmp no specs javaw.exe no specs icacls.exe no specs winword.exe no specs winword.exe no specs PhotoViewer.dll no specs

Process information

PID
CMD
Path
Indicators
Parent process
2424"C:\Users\admin\AppData\Local\Temp\is-A4PVN.tmp\Setup_DDC4000-Browser_V3.34.tmp" /SL5="$601FC,2733925,140288,C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exe" /SPAWNWND=$401F4 /NOTIFYWND=$60134 C:\Users\admin\AppData\Local\Temp\is-A4PVN.tmp\Setup_DDC4000-Browser_V3.34.tmpSetup_DDC4000-Browser_V3.34.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-a4pvn.tmp\setup_ddc4000-browser_v3.34.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3128"C:\Users\admin\AppData\Local\Temp\is-SUHCC.tmp\Setup_DDC4000-Browser_V3.34.tmp" /SL5="$60134,2733925,140288,C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exe" C:\Users\admin\AppData\Local\Temp\is-SUHCC.tmp\Setup_DDC4000-Browser_V3.34.tmpSetup_DDC4000-Browser_V3.34.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-suhcc.tmp\setup_ddc4000-browser_v3.34.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3228"C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exe" /SPAWNWND=$401F4 /NOTIFYWND=$60134 C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exe
Setup_DDC4000-Browser_V3.34.tmp
User:
admin
Company:
Kieback&Peter GmbH & Co. KG
Integrity Level:
HIGH
Description:
DDC4000-Browser 3.34
Exit code:
0
Version:
2.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\setup_ddc4000-browser_v3.34.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3416"C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exe" C:\Users\admin\AppData\Local\Temp\Setup_DDC4000-Browser_V3.34.exeexplorer.exe
User:
admin
Company:
Kieback&Peter GmbH & Co. KG
Integrity Level:
MEDIUM
Description:
DDC4000-Browser 3.34
Exit code:
0
Version:
2.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\setup_ddc4000-browser_v3.34.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3688"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Program Files\Kieback&Peter\DDC4000-Browser\ddc4000browser.jar" C:\Program Files\Java\jre1.8.0_271\bin\javaw.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3736"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\acceptstar.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3808C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3884C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
4088"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\transportinitial.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Exit code:
0
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
Total events
5 294
Read events
4 935
Write events
68
Delete events
291

Modification events

(PID) Process:(3688) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1033
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1041
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1046
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1036
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1031
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1040
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1049
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:3082
Value:
On
(PID) Process:(3736) WINWORD.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
Operation:writeName:1042
Value:
On
Executable files
10
Suspicious files
17
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3736WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVREC5.tmp.cvr
MD5:
SHA256:
2424Setup_DDC4000-Browser_V3.34.tmpC:\Program Files\Kieback&Peter\DDC4000-Browser\is-LQBUO.tmpexecutable
MD5:462213615CFA5C1552E070D1E19FCF2E
SHA256:43BF9EBAEA8064DFABCB48F4E7BBE601662BE5FA396249B0C1C4D02242522913
2424Setup_DDC4000-Browser_V3.34.tmpC:\Users\admin\AppData\Local\Temp\is-5SAF0.tmp\isxdl.dllexecutable
MD5:0D8401162731CFD88CFAC6284EB18405
SHA256:3FA7C2B84BD328D28412EA29CE14DA423A5A04365C61DF19072C65C77463C91A
2424Setup_DDC4000-Browser_V3.34.tmpC:\Program Files\Kieback&Peter\DDC4000-Browser\is-FFE4L.tmpexecutable
MD5:A4E5C512B047A6D9DC38549161CAC4DE
SHA256:C7F1E7E866834D9024F97C2B145C09D106E447E8ABD65A10A1732116D178E44E
2424Setup_DDC4000-Browser_V3.34.tmpC:\Program Files\Kieback&Peter\DDC4000-Browser\DDC4000-Browser.icoimage
MD5:CA082700EF6F55066F65F46C764533D4
SHA256:47D5ADB547380AD24CE6FFB921FAB76B09A2FF055061C24DDD6D2D6237EA05FF
2424Setup_DDC4000-Browser_V3.34.tmpC:\Program Files\Kieback&Peter\DDC4000-Browser\ddc4000browser.jarcompressed
MD5:2AC38736DBFE48E574F1BBE727AB5FB7
SHA256:37657E522F6E54D902BBA022E43942480313CCFBC6C92E245BF3A9CC16DE965A
2424Setup_DDC4000-Browser_V3.34.tmpC:\Program Files\Kieback&Peter\DDC4000-Browser\unins000.exeexecutable
MD5:462213615CFA5C1552E070D1E19FCF2E
SHA256:43BF9EBAEA8064DFABCB48F4E7BBE601662BE5FA396249B0C1C4D02242522913
4088WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR2CEC.tmp.cvr
MD5:
SHA256:
2424Setup_DDC4000-Browser_V3.34.tmpC:\Users\admin\AppData\Local\Temp\is-5SAF0.tmp\psvince.dllexecutable
MD5:A4E5C512B047A6D9DC38549161CAC4DE
SHA256:C7F1E7E866834D9024F97C2B145C09D106E447E8ABD65A10A1732116D178E44E
2424Setup_DDC4000-Browser_V3.34.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kieback&Peter\DDC4000-Browser\DDC4000-Browser.lnkbinary
MD5:DB3012C3135FDE70F458C877D99640F5
SHA256:E00F27B1D0634A6B74E45055FDEEFB3A5F2D555B7A3EEAC010CA29486BDD6B8F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup_DDC4000-Browser_V3.34.exe