File name:

MicroSIP-3.21.3.exe

Full analysis: https://app.any.run/tasks/dd80b0cf-5cef-4eee-a803-19a581211a36
Verdict: Malicious activity
Analysis date: February 05, 2024, 17:48:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

349388DCD0D7FE5788FADC507E24EC67

SHA1:

6040763487840999B962F78555E07AEE4DBE47A9

SHA256:

1B88F9245D7D9AF58C189290BA3A1722AFB506D2853C9A329186568DF3A62961

SSDEEP:

196608:pn/1btqdYfCY80dP8jY+Q5p8LdMXpsEw9yCl6ilU:d/Nt4YfCYLujY+Ip8mXpsvyCMuU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MicroSIP-3.21.3.exe (PID: 1380)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • MicroSIP-3.21.3.exe (PID: 1380)

    • The process creates files with name similar to system file names

      • MicroSIP-3.21.3.exe (PID: 1380)

    • Executable content was dropped or overwritten

      • MicroSIP-3.21.3.exe (PID: 1380)

  • INFO

    • Reads the computer name

      • MicroSIP-3.21.3.exe (PID: 1380)
      • wmpnscfg.exe (PID: 908)

    • Checks supported languages

      • MicroSIP-3.21.3.exe (PID: 1380)
      • wmpnscfg.exe (PID: 908)

    • Creates files or folders in the user directory

      • MicroSIP-3.21.3.exe (PID: 1380)

    • Create files in a temporary directory

      • MicroSIP-3.21.3.exe (PID: 1380)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 01:50:59+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x33fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.21.3.0
ProductVersionNumber: 3.21.3.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0452)
CharacterSet: Windows, Latin1
CompanyName: www.microsip.org
FileDescription: MicroSIP Setup
FileVersion: 3.21.3
LegalCopyright: www.microsip.org
ProductDescription: MicroSIP Setup
ProductName: MicroSIP
ProductVersion: 3.21.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start microsip-3.21.3.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
908"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1380"C:\Users\admin\AppData\Local\Temp\MicroSIP-3.21.3.exe" C:\Users\admin\AppData\Local\Temp\MicroSIP-3.21.3.exe
explorer.exe
User:
admin
Company:
www.microsip.org
Integrity Level:
MEDIUM
Description:
MicroSIP Setup
Exit code:
0
Version:
3.21.3
Modules
Images
c:\users\admin\appdata\local\temp\microsip-3.21.3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
733
Read events
729
Write events
4
Delete events
0

Modification events

(PID) Process:(1380) MicroSIP-3.21.3.exeKey:HKEY_CURRENT_USER\Software\MicroSIP
Operation:writeName:DesktopShortcut
Value:
0
(PID) Process:(1380) MicroSIP-3.21.3.exeKey:HKEY_CURRENT_USER\Software\MicroSIP
Operation:writeName:RunAtSystemStartup
Value:
0
(PID) Process:(1380) MicroSIP-3.21.3.exeKey:HKEY_CURRENT_USER\Software\MicroSIP
Operation:writeName:LinksAssociation
Value:
0
(PID) Process:(1380) MicroSIP-3.21.3.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice
Operation:writeName:Progid
Value:
MSEdgeHTM
Executable files
12
Suspicious files
11
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\Temp\nsk37BF.tmp\LangDLL.dllexecutable
MD5:109B201717AB5EF9B5628A9F3EFEF36F
SHA256:20E642707EF82852BCF153254CB94B629B93EE89A8E8A03F838EEF6CBB493319
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\SDL2.dllexecutable
MD5:70353A2E0375015D2A15E7AB5C7ADCE7
SHA256:AFEDDF0FFDC0DBA31883EFA7D41727E0D1042A02471AAD241CF415E903169FE7
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\ringtone.wavbinary
MD5:F6C7C5E7AC3A119B1EE99F35A34B00BF
SHA256:A2EFA78855ED15DD4E882E4ADDE00764D3EC59936ECAD9FB953F0963A83AB740
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\Temp\nsk37BF.tmp\modern-header.bmpimage
MD5:7F2CF7FC6EE45076F9A871CF553DEF53
SHA256:33FD79634BC585E46E8CCD8BC7242CDD2133376A6DC1196C5C9D752E8ADEABCE
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\msgin.wavbinary
MD5:575FC13BA8BF275596C13E87CC96CC63
SHA256:57059AEF728C634964A20D3AC37E722BAC909DD1FC1A1E7F9275C005523A1160
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\avformat-57.dllexecutable
MD5:11DF4D971CFC63A4FAC48E1A0478FC99
SHA256:DF599C6944C31FD3EA212A1B080DD851D823886BBBC59A9814A910C793426E65
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\microsip.exeexecutable
MD5:75B37CE6D2D15A267BD11B8C0318145A
SHA256:81912859669835592342ABC5416D9FCE8CA455D371824B60A86AF5D8289F9C76
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\swscale-4.dllexecutable
MD5:62C0267FE5C7133EB74FD52324A3B7F6
SHA256:4992639DF7187DFF687AE00403D587B3ADC721F8C23CA395E71EC6628E38E743
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\lame_enc.dllexecutable
MD5:AB70669CA143E7CC72C94B07C5335D24
SHA256:609CDA424326077BB2DD931308C7D8890B4CE3310FEF0EB3B2638BBEF4F3B4CD
1380MicroSIP-3.21.3.exeC:\Users\admin\AppData\Local\MicroSIP\avutil-55.dllexecutable
MD5:FEB0EDB1AE28F50CF919FDF86FE90B48
SHA256:BFDEC4FA40CE1164B3BFFA2116A3151548F03004257241A07A77572152064191
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MicroSIP-3.21.3.exe