File name:

ex.exe

Full analysis: https://app.any.run/tasks/ac6f26ab-0ed1-4058-a169-4728ca14d010
Verdict: Malicious activity
Analysis date: August 07, 2024, 07:21:53
OS: Ubuntu 22.04.2
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

6839EF7A1B1B334AED272AFD15C7FF8F

SHA1:

265482BD444E67D61FE40FC7341F9359A94CECF5

SHA256:

1954BA0960F80AFC06549762B0B50005F04A0E5FE7BA7807C771550C5E2F0188

SSDEEP:

1536:rSn51oPkkTyED/jGNDEkMMQaMMwMwM7wM64wMaMMQM0IwMqgQMPMMwMWMMWDMMw5:Wn51oPkkTyED/yNDVMMQaMMwMwM7wM6A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks DMI information (probably VM detection)

      • systemd-hostnamed (PID: 12943)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:08:27 16:40:42+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 233984
InitializedDataSize: 68608
UninitializedDataSize: -
EntryPoint: 0x2f0cc
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
225
Monitored processes
11
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
sh no specs file no specs sh no specs sudo no specs nautilus no specs locale-check no specs systemd-hostnamed no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs

Process information

PID
CMD
Path
Indicators
Parent process
12923sh -c "file --mime-type /tmp/ex\.exe"/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12924file --mime-type /tmp/ex.exe/usr/bin/filesh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12925/bin/sh -c "DISPLAY=:0 sudo -iu user nautilus /tmp/ex\.exe "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
12926sudo -iu user nautilus /tmp/ex.exe/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
12927nautilus /tmp/ex.exe/usr/bin/nautilussudo
User:
user
Integrity Level:
UNKNOWN
12928/usr/bin/locale-check C.UTF-8/usr/bin/locale-checknautilus
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12943/lib/systemd/systemd-hostnamed/lib/systemd/systemd-hostnamedsystemd
User:
root
Integrity Level:
UNKNOWN
Exit code:
1195
12951systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12952systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12953systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
11
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.96:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
GET
204
91.189.91.98:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.96:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
91.189.91.98:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
unknown
1195
snap-store
212.102.56.178:443
odrs.gnome.org
Datacamp Limited
DE
unknown
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
malicious

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 185.125.190.96
  • 185.125.190.17
  • 91.189.91.48
  • 91.189.91.97
  • 185.125.190.18
  • 91.189.91.98
  • 185.125.190.97
  • 91.189.91.96
  • 185.125.190.48
  • 185.125.190.98
  • 185.125.190.49
  • 91.189.91.49
  • 2620:2d:4000:1::97
  • 2620:2d:4002:1::196
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::22
  • 2620:2d:4002:1::197
  • 2001:67c:1562::23
  • 2620:2d:4000:1::23
  • 2001:67c:1562::24
  • 2620:2d:4000:1::2b
whitelisted
google.com
  • 142.250.186.46
  • 2a00:1450:4001:830::200e
whitelisted
odrs.gnome.org
  • 212.102.56.178
  • 156.146.33.14
  • 195.181.175.41
  • 138.199.37.37
  • 138.199.37.25
  • 138.199.37.41
  • 195.181.170.19
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::107
whitelisted
api.snapcraft.io
  • 185.125.188.59
  • 185.125.188.55
  • 185.125.188.54
  • 185.125.188.58
whitelisted
153.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
ex.exe