File name:

PriMus-DCF_vusBIM(n)_IT.exe

Full analysis: https://app.any.run/tasks/6a34dab0-8cd0-4584-817b-2ebaeb06f09d
Verdict: Malicious activity
Threats:

Metamorfo is a trojan malware family that has been active since 2018. It remains a top threat, focusing on stealing victims’ financial information, including banking credentials and other data. The malware is known for targeting users in Brazil.

Malware Trends Tracker     >>>
Analysis date: November 07, 2023, 09:16:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
metamorfo
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2C0D031F1E43CEC609DBC8BBD2A90C24

SHA1:

C3DE242E8AF71179EA4785B9778FDED5768F41E3

SHA256:

1F607ADADCFE9F88E27144D8B0A98AA92B2A5BE4AB85FAC4ADE1E21735183497

SSDEEP:

98304:dsY3g0U1KVsLAxJ5SzQvA3j9V9LNdjXUg23XlyQY6Odgt5G+WAIDMXtgSwtWWvyz:nkY/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)
      • INSTALLA.exe (PID: 3940)

    • METAMORFO has been detected (YARA)

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Creates a writable file the system directory

      • INSTALLA.exe (PID: 3940)

  • SUSPICIOUS

    • Reads the Internet Settings

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Starts itself from another location

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)

    • Process requests binary or script from the Internet

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Drops 7-zip archiver for unpacking

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Executing commands from a ".bat" file

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Starts CMD.EXE for commands execution

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Process drops legitimate windows executable

      • INSTALLA.exe (PID: 3940)

    • Reads the Windows owner or organization settings

      • INSTALLA.exe (PID: 3940)

  • INFO

    • Create files in a temporary directory

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)
      • INSTALLA.exe (PID: 3940)

    • Checks supported languages

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)
      • wmpnscfg.exe (PID: 3580)
      • INSTALLA.exe (PID: 3940)
      • certmgr.exe (PID: 3908)
      • certmgr.exe (PID: 3896)
      • certmgr.exe (PID: 3748)
      • certmgr.exe (PID: 3752)

    • Reads the computer name

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)
      • wmpnscfg.exe (PID: 3580)
      • INSTALLA.exe (PID: 3940)

    • Checks proxy server information

      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3472)
      • PriMus-DCF_vusBIM(n)_IT.exe (PID: 3420)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3580)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3580)
      • INSTALLA.exe (PID: 3940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:06:14 10:08:44+02:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 4507136
InitializedDataSize: 1641472
UninitializedDataSize: -
EntryPoint: 0x44d9a4
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.1.1.2
ProductVersionNumber: 2.1.1.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Italian
CharacterSet: Windows, Latin1
FileVersion: 2.1.1.2
ProductVersion: 2.1.1.2
ProductName: ACCAStore
CompanyName: ACCA software S.p.A.
LegalCopyright: Copyright (c) ACCA software S.p.A. - Italy. All Rights Reserved
InternalName: ACCAStore
OriginalFileName: ACCAStore.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
11
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start primus-dcf_vusbim(n)_it.exe #METAMORFO primus-dcf_vusbim(n)_it.exe wmpnscfg.exe no specs cmd.exe no specs cmd.exe no specs installa.exe no specs certmgr.exe no specs certmgr.exe no specs certmgr.exe no specs certmgr.exe no specs primus-dcf_vusbim(n)_it.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3420"C:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Resource\1_33512\PriMus-DCF_vusBIM(n)_IT.exe" "C:\Users\admin\AppData\Local\Temp\" {1ECC418F-F354-4A02-9808-70D08D7AF70F}C:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Resource\1_33512\PriMus-DCF_vusBIM(n)_IT.exe
PriMus-DCF_vusBIM(n)_IT.exe
User:
admin
Company:
ACCA software S.p.A.
Integrity Level:
HIGH
Exit code:
0
Version:
2.1.1.2
Modules
Images
c:\users\admin\appdata\local\temp\~accastoresetup\resource\1_33512\primus-dcf_vusbim(n)_it.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3460"C:\Users\admin\AppData\Local\Temp\PriMus-DCF_vusBIM(n)_IT.exe" C:\Users\admin\AppData\Local\Temp\PriMus-DCF_vusBIM(n)_IT.exeexplorer.exe
User:
admin
Company:
ACCA software S.p.A.
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
2.1.1.2
Modules
Images
c:\users\admin\appdata\local\temp\primus-dcf_vusbim(n)_it.exe
c:\windows\system32\ntdll.dll
3472"C:\Users\admin\AppData\Local\Temp\PriMus-DCF_vusBIM(n)_IT.exe" C:\Users\admin\AppData\Local\Temp\PriMus-DCF_vusBIM(n)_IT.exe
explorer.exe
User:
admin
Company:
ACCA software S.p.A.
Integrity Level:
HIGH
Exit code:
0
Version:
2.1.1.2
Modules
Images
c:\users\admin\appdata\local\temp\primus-dcf_vusbim(n)_it.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3580"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3748C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exe -add "C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\verisign 3 SSL.cer" -s -r localMachine rootC:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exeINSTALLA.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
5.131.1863.1
Modules
Images
c:\users\admin\appdata\local\temp\{ebfe51c9-f9df-4170-9917-ac4a1bbeb18b}\{f11e9a88-95e1-4387-a65a-6721a97a00ff}\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
3752C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exe -add "C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\verisign.cer" -s -r localMachine rootC:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exeINSTALLA.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
5.131.1863.1
Modules
Images
c:\users\admin\appdata\local\temp\{ebfe51c9-f9df-4170-9917-ac4a1bbeb18b}\{f11e9a88-95e1-4387-a65a-6721a97a00ff}\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
3832cmd.exe /C "C:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\1_33512\~19502\.InstallInfo\AfterInstallFiles.bat"C:\Windows\System32\cmd.exePriMus-DCF_vusBIM(n)_IT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3852cmd.exe /C "C:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\1_33512\~19502\.InstallInfo\BeforeInstallFiles.bat"C:\Windows\System32\cmd.exePriMus-DCF_vusBIM(n)_IT.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3896C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exe -add "C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\Digicert2019_SHA2DerX509.cer" -s -r localMachine rootC:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exeINSTALLA.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
5.131.1863.1
Modules
Images
c:\users\admin\appdata\local\temp\{ebfe51c9-f9df-4170-9917-ac4a1bbeb18b}\{f11e9a88-95e1-4387-a65a-6721a97a00ff}\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
3908C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exe -add "C:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\Digicert2019_DerX509.cer" -s -r localMachine rootC:\Users\admin\AppData\Local\Temp\{EBFE51C9-F9DF-4170-9917-AC4A1BBEB18B}\{F11E9A88-95E1-4387-A65A-6721A97A00FF}\certmgr.exeINSTALLA.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
5.131.1863.1
Modules
Images
c:\users\admin\appdata\local\temp\{ebfe51c9-f9df-4170-9917-ac4a1bbeb18b}\{f11e9a88-95e1-4387-a65a-6721a97a00ff}\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
Total events
5 935
Read events
5 891
Write events
39
Delete events
5

Modification events

(PID) Process:(3472) PriMus-DCF_vusBIM(n)_IT.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3472) PriMus-DCF_vusBIM(n)_IT.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3420) PriMus-DCF_vusBIM(n)_IT.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3420) PriMus-DCF_vusBIM(n)_IT.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3580) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{13663918-1C5B-447B-885C-06645AE17A8E}\{EE5505AB-1166-4E2A-B547-5FC9427EF59E}
Operation:delete keyName:(default)
Value:
(PID) Process:(3580) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{13663918-1C5B-447B-885C-06645AE17A8E}
Operation:delete keyName:(default)
Value:
(PID) Process:(3580) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{4C24943B-2879-4B5A-86E2-CCDEDCEAE82D}
Operation:delete keyName:(default)
Value:
(PID) Process:(3940) INSTALLA.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Operation:writeName:Compatibility Flags
Value:
1024
(PID) Process:(3940) INSTALLA.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Operation:writeName:Compatibility Flags
Value:
1024
(PID) Process:(3940) INSTALLA.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Operation:writeName:AlternateCLSID
Value:
{3605B612-C3CF-4ab4-A426-2D853391DB2E}
Executable files
23
Suspicious files
29
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
3472PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\0_33512\PriMus-DCF_5300_Win32_IT_33512.infoxml
MD5:F576E222F1BD00BD580924569A659901
SHA256:D3C2C74307ACC3E2190C15D976323916BFCBC40853C6EA14EE6F0041B5C6C10C
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\0_33512\PriMus-DCF_5300_Win32_IT_33512.infoxml
MD5:F576E222F1BD00BD580924569A659901
SHA256:D3C2C74307ACC3E2190C15D976323916BFCBC40853C6EA14EE6F0041B5C6C10C
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Resource\1_33512\7zcompressed
MD5:13D0F7886ABB57EE5BCD4556EAC74AEA
SHA256:70F6FB7439FA65A4BECDABF620291CAE782196DC6AC655C04798A298F69E130C
3472PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\0_33512\PriMus-DCF_5300_Win32_IT_33512.info.partsxml
MD5:F576E222F1BD00BD580924569A659901
SHA256:D3C2C74307ACC3E2190C15D976323916BFCBC40853C6EA14EE6F0041B5C6C10C
3472PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Resource\1_33512\PriMus-DCF_vusBIM(n)_IT.exeexecutable
MD5:2C0D031F1E43CEC609DBC8BBD2A90C24
SHA256:1F607ADADCFE9F88E27144D8B0A98AA92B2A5BE4AB85FAC4ADE1E21735183497
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Resource\1_33512\7z.dllexecutable
MD5:04AD4B80880B32C94BE8D0886482C774
SHA256:A1E1D1F0FFF4FCCCFBDFA313F3BDFEA4D3DFE2C2D9174A615BBC39A0A6929338
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\0_33512\PriMus-DCF_5300_Win32_IT_33512.info.partsxml
MD5:F576E222F1BD00BD580924569A659901
SHA256:D3C2C74307ACC3E2190C15D976323916BFCBC40853C6EA14EE6F0041B5C6C10C
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\1_33512\~D7DA4B78-8ABD-43A6-BC49-FD768214C8F0text
MD5:13536AB8A6448CB0030924F4CAB4164D
SHA256:A15E3F9888DAEB6F20CCDB5B741A1C74E8F74E0D9E873C967431EB70DF27CEB6
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\1_33512\~B9730C3E-3A92-4ACB-9A7B-0BA523EFFFB5text
MD5:3BAB25A3E651A9E4A00473D2257B99F9
SHA256:F01A374E9C81E3DB89B3A42940C4D6A5447684986A1296E42BF13F196EED6295
3420PriMus-DCF_vusBIM(n)_IT.exeC:\Users\admin\AppData\Local\Temp\~ACCAStoreSetup\Cache\1_33512\DataFiles\SignTool_Win32_XX_19502.data.partscompressed
MD5:7A9852CD3BE8800D0B02276476483849
SHA256:6474627BC5057C604183C8328892B18EB204AFC0F55C0AFB48C98E59B9729507
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
15
DNS requests
2
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3472
PriMus-DCF_vusBIM(n)_IT.exe
HEAD
200
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Info/PriMus-DCF/53/Win32_IT/33512.info
unknown
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
HEAD
200
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Info/PriMus-DCF/53/Win32_IT/33512.info
unknown
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Data/PW-CONV/0b/34/0b34a27993b14acd7533d81fc3bd42a64164992f31e5b7cd3d2a4285ea2f787c.data
unknown
unknown
3472
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Info/PriMus-DCF/53/Win32_IT/33512.info
unknown
xml
1.94 Kb
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Info/PriMus-DCF/53/Win32_IT/33512.info
unknown
xml
1.94 Kb
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
52.210.6.236:80
http://secure.accasoftware.com/ACCAStoreSetup/REST/v4/SetLogSetup/9F4DFC24-9650-4667-A51A-98D8DEF3A7E1?IdProvider=00000000-0000-0000-0000-000000000000&IdLocalMachine=AF57C191-F389-4A5D-98F4-0945E393F866&IdCurrentUser=37594B5F-027E-4BDB-A9DC-B012D8718E1C&IdRilascio=33512&FileName=PriMus-DCF_vusBIM(n)_IT.exe&Info=stlgLoadApps&AppProgramName=PriMus-DCF&AppProgramType=&AppVersioneStr=usBIM(n)&AppVersione=53&AppLngExt=IT&Nome=PriMus-DCF_5300_Win32_IT&Stato=500&VersioneSetup=2.1.1.2&TypeSetup=1&SyncOperation=0&Durata=0&DurataDwn=0&BytesDwn=0&CodError=0&Eccezioni=
unknown
binary
58 b
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
52.210.6.236:80
http://secure.accasoftware.com/ACCAStoreSetup/REST/v4/SetLogSetup/9F4DFC24-9650-4667-A51A-98D8DEF3A7E1?IdProvider=00000000-0000-0000-0000-000000000000&IdLocalMachine=AF57C191-F389-4A5D-98F4-0945E393F866&IdCurrentUser=37594B5F-027E-4BDB-A9DC-B012D8718E1C&IdRilascio=33512&FileName=PriMus-DCF_vusBIM(n)_IT.exe&Info=stlgExistsWebCD%20-InstallByWebCD-UpdateByWebCD&AppProgramName=PriMus-DCF&AppProgramType=&AppVersioneStr=usBIM(n)&AppVersione=53&AppLngExt=IT&Nome=PriMus-DCF_5300_Win32_IT&Stato=450&VersioneSetup=2.1.1.2&TypeSetup=1&SyncOperation=0&Durata=0&DurataDwn=0&BytesDwn=0&CodError=0&Eccezioni=
unknown
binary
58 b
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
52.210.6.236:80
http://secure.accasoftware.com/ACCAStoreSetup/REST/v4/SetLogSetup/9F4DFC24-9650-4667-A51A-98D8DEF3A7E1?IdProvider=00000000-0000-0000-0000-000000000000&IdLocalMachine=AF57C191-F389-4A5D-98F4-0945E393F866&IdCurrentUser=37594B5F-027E-4BDB-A9DC-B012D8718E1C&IdRilascio=33512&FileName=PriMus-DCF_vusBIM(n)_IT.exe&Info=stlgAppRun%20SignTool%20v.2.00g%20-%20x86%20-%20(2.0.8.19502)%20%5BInstallDir:%20C:%5CACCA%5C.Common%5CSignTool%5C%5D&AppProgramName=PriMus-DCF&AppProgramType=&AppVersioneStr=usBIM(n)&AppVersione=53&AppLngExt=IT&Nome=PriMus-DCF_5300_Win32_IT&Stato=600&VersioneSetup=2.1.1.2&TypeSetup=1&SyncOperation=0&Durata=0&DurataDwn=0&BytesDwn=0&CodError=0&Eccezioni=
unknown
binary
58 b
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
GET
200
52.210.6.236:80
http://secure.accasoftware.com/ACCAStoreSetup/REST/v4/SetLogSetup/9F4DFC24-9650-4667-A51A-98D8DEF3A7E1?IdProvider=00000000-0000-0000-0000-000000000000&IdLocalMachine=AF57C191-F389-4A5D-98F4-0945E393F866&IdCurrentUser=37594B5F-027E-4BDB-A9DC-B012D8718E1C&IdRilascio=33512&FileName=PriMus-DCF_vusBIM(n)_IT.exe&Info=stlgStartDataDownLoad&AppProgramName=PriMus-DCF&AppProgramType=&AppVersioneStr=usBIM(n)&AppVersione=53&AppLngExt=IT&Nome=PriMus-DCF_5300_Win32_IT&Stato=1110&VersioneSetup=2.1.1.2&TypeSetup=1&SyncOperation=0&Durata=0&DurataDwn=0&BytesDwn=0&CodError=0&Eccezioni=
unknown
binary
58 b
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
HEAD
200
13.224.194.21:80
http://download2.accasoftware.com/ACCAStore/Data/SignTool/64/74/6474627bc5057c604183c8328892b18eb204afc0f55c0afb48c98e59b9729507.data
unknown
xml
1.94 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3472
PriMus-DCF_vusBIM(n)_IT.exe
13.224.194.21:80
download2.accasoftware.com
AMAZON-02
US
unknown
3472
PriMus-DCF_vusBIM(n)_IT.exe
52.210.6.236:80
secure.accasoftware.com
AMAZON-02
IE
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
13.224.194.21:80
download2.accasoftware.com
AMAZON-02
US
unknown
3420
PriMus-DCF_vusBIM(n)_IT.exe
52.210.6.236:80
secure.accasoftware.com
AMAZON-02
IE
unknown

DNS requests

Domain
IP
Reputation
download2.accasoftware.com
  • 13.224.194.21
  • 13.224.194.226
  • 13.224.194.159
  • 13.224.194.166
whitelisted
secure.accasoftware.com
  • 52.210.6.236
  • 52.208.12.93
  • 54.217.113.158
unknown

Threats

PID
Process
Class
Message
3472
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3472
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3472
PriMus-DCF_vusBIM(n)_IT.exe
Potential Corporate Privacy Violation
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
3420
PriMus-DCF_vusBIM(n)_IT.exe
Potentially Bad Traffic
ET USER_AGENTS Suspicious User-Agent (Embarcadero URI Client/1.0)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PriMus-DCF_vusBIM(n)_IT.exe