File name:

UWPHook.exe

Full analysis: https://app.any.run/tasks/86efb48e-158b-4f83-93ad-ca5c55ee2b21
Verdict: Malicious activity
Analysis date: March 23, 2024, 11:22:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

E5A337AC3CA27FC79E65AE99D4BFB2A4

SHA1:

744C7560A1BE5636420908C3F4E7EC94EC029150

SHA256:

11F318737CBCFAC1CDA6B0EC062DEEEA6F5C01CF754408A8E26CCE4422A2DF87

SSDEEP:

98304:oM4lw9a3eo5vLe8OJjjfST3HkrDyCSNQGMxFnKmkvaVHa6gSr4BzyxZkkhDSgG32:COV5hVTfmPUjr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • UWPHook.exe (PID: 2408)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UWPHook.exe (PID: 2408)

    • Process drops legitimate windows executable

      • UWPHook.exe (PID: 2408)

    • Creates a software uninstall entry

      • UWPHook.exe (PID: 2408)

    • The process creates files with name similar to system file names

      • UWPHook.exe (PID: 2408)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • UWPHook.exe (PID: 2408)

    • Checks Windows Trust Settings

      • UWPHook.exe (PID: 3164)

    • Reads the Internet Settings

      • UWPHook.exe (PID: 3164)

    • Reads security settings of Internet Explorer

      • UWPHook.exe (PID: 3164)

  • INFO

    • Checks supported languages

      • UWPHook.exe (PID: 2408)
      • UWPHook.exe (PID: 3164)

    • Reads the computer name

      • UWPHook.exe (PID: 2408)
      • UWPHook.exe (PID: 3164)

    • Create files in a temporary directory

      • UWPHook.exe (PID: 2408)
      • UWPHook.exe (PID: 3164)

    • Creates files or folders in the user directory

      • UWPHook.exe (PID: 2408)
      • UWPHook.exe (PID: 3164)

    • Reads the machine GUID from the registry

      • UWPHook.exe (PID: 3164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:57:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 186880
UninitializedDataSize: 2048
EntryPoint: 0x352d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.13.0.0
ProductVersionNumber: 2.13.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Briano
FileDescription: The easy way to add UWP and XGP games to Steam
FileVersion: 2.13.00.00
LegalCopyright: Briano � 2020 2021 2022
ProductName: UWPHook
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start uwphook.exe uwphook.exe no specs uwphook.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2408"C:\Users\admin\AppData\Local\Temp\UWPHook.exe" C:\Users\admin\AppData\Local\Temp\UWPHook.exe
explorer.exe
User:
admin
Company:
Briano
Integrity Level:
HIGH
Description:
The easy way to add UWP and XGP games to Steam
Exit code:
0
Version:
2.13.00.00
Modules
Images
c:\users\admin\appdata\local\temp\uwphook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3164"C:\Users\admin\AppData\Roaming\Briano\UWPHook\UWPHook.exe"C:\Users\admin\AppData\Roaming\Briano\UWPHook\UWPHook.exeUWPHook.exe
User:
admin
Company:
Briano
Integrity Level:
HIGH
Description:
UWPHook
Version:
2.13.0.0
Modules
Images
c:\users\admin\appdata\roaming\briano\uwphook\uwphook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3936"C:\Users\admin\AppData\Local\Temp\UWPHook.exe" C:\Users\admin\AppData\Local\Temp\UWPHook.exeexplorer.exe
User:
admin
Company:
Briano
Integrity Level:
MEDIUM
Description:
The easy way to add UWP and XGP games to Steam
Exit code:
3221226540
Version:
2.13.00.00
Modules
Images
c:\users\admin\appdata\local\temp\uwphook.exe
c:\windows\system32\ntdll.dll
Total events
5 303
Read events
5 287
Write events
16
Delete events
0

Modification events

(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:Start Menu Folder
Value:
UWPHook
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:DisplayName
Value:
UWPHook
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:UninstallString
Value:
C:\Users\admin\AppData\Roaming\Briano\UWPHook\uninstall.exe
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Roaming\Briano\UWPHook\UWPHook.exe
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:DisplayVersion
Value:
2.13.00.00
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:Publisher
Value:
Briano
(PID) Process:(2408) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWPHook
Operation:writeName:URLInfoAbout
Value:
https://briano.dev
(PID) Process:(3164) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
UWPHook.exe
(PID) Process:(3164) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3164) UWPHook.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
16
Suspicious files
5
Text files
6
Unknown types
3

Dropped files

PID
Process
Filename
Type
2408UWPHook.exeC:\Users\admin\AppData\Local\Temp\nsm1FF7.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
2408UWPHook.exeC:\Users\admin\AppData\Local\Temp\nsm1FF7.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
2408UWPHook.exeC:\Users\admin\AppData\Local\Temp\nsm1FF7.tmp\StartMenu.dllexecutable
MD5:D070F3275DF715BF3708BEFF2C6C307D
SHA256:42DD4DDA3249A94E32E20F76EAFFAE784A5475ED00C60EF0197C8A2C1CCD2FB7
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\Serilog.Sinks.File.dllexecutable
MD5:C25357A7950DCFC7F85EE9D593CB1A24
SHA256:5B70DC2EECEB1963F9C3690C1CC8FFA793B280E903FA9A31780E6A7BB0BDFCF9
2408UWPHook.exeC:\Users\admin\AppData\Local\Temp\nsm1FF7.tmp\InstallOptions.dllexecutable
MD5:ECE25721125D55AA26CDFE019C871476
SHA256:C7FEF6457989D97FECC0616A69947927DA9D8C493F7905DC8475C748F044F3CF
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\MaterialDesignColors.dllexecutable
MD5:7AD5C4EEFF38A3195B9A8BA9FED2B2F1
SHA256:FC006974B34AABF3FB6716C1B515E1B8E7BE19774C91B010F2DB6EA478B05B41
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\SharpSteam.dllexecutable
MD5:B13E5FA89D43E6A77B6FDD0512550D08
SHA256:91608BA25605EE76AB39F23777D665986D3B477F4348EFC2DDD50EEB6202F18F
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\Serilog.dllexecutable
MD5:35B1B9F1538CBDAB039F4A79826041FE
SHA256:5C2F34412502F6C5A5AA9226B71F4809AA73BF90F46C79FAEB97172955178B26
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\Serilog.Sinks.Console.dllexecutable
MD5:A43DBE6F78CBB5C009170394713E3353
SHA256:061F651AF1A705A08E2CC76A9FB35DBF2703EE2D997A259370E2248DD3C36FE5
2408UWPHook.exeC:\Users\admin\AppData\Roaming\Briano\UWPHook\Newtonsoft.Json.dllexecutable
MD5:081D9558BBB7ADCE142DA153B2D5577A
SHA256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UWPHook.exe