File name: | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d |
Full analysis: | https://app.any.run/tasks/0858ee5a-7548-4e91-a53f-d1ca9aeea7f1 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 21:25:41 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | D45B1582136D31D094E490DF3BB6E241 |
SHA1: | A4EF42581FE8E3F34D1330A031E303ACCA372206 |
SHA256: | 21BE6E51B21A8E7BB605AA42047F885E97D60AF4EDF734D8A13CEDB7A3E0F98D |
SSDEEP: | 3072:cpDSvVVVVVVVV/OuO+pDSvVVVVVVVV/OuOO:cdSvVVVVVVVVrdSvVVVVVVVVT |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2011:03:15 04:06:07+00:00 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
PEType: | PE32 |
LinkerVersion: | 6 |
CodeSize: | 8192 |
InitializedDataSize: | 4096 |
UninitializedDataSize: | 24576 |
EntryPoint: | 0x2130 |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
5604 | "C:\Users\admin\Desktop\21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe" | C:\Users\admin\Desktop\21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | — | ||
MD5:— | SHA256:— | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.tmp | executable | |
MD5:1BA9BB2CC49031D83909AA5716EC1F09 | SHA256:B99EFD06AC3FF12DD030903797982BBA3139B1391819C22EB444CFE60B76763E | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.tmp | executable | |
MD5:4C040FD71DF3FE5A36566512253475A3 | SHA256:7F714309F6486F32704FD1BFBFA144F4A580825BFE32AAB5C0E501FCB88A4EA8 | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.tmp | executable | |
MD5:39A177A78E8C2458C5DE686EA726133F | SHA256:343509336A2ABC9471CA11FE4E7291C89DD8BC8154DC14F2DD6291E998DCE453 | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:84C90A1978C76E0EE0A469558D31DB44 | SHA256:158F5AE0C08E15893490EF148CF8A1F498BAF8E05749CD82620B5828D5901AC9 | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_reader_appicon_16.png.tmp | executable | |
MD5:0550D74BE827921CD65F4896046E7166 | SHA256:66A4D12FD79D2B39F0FCD575758BFB35FDD1880F344FB69F06345F74AF8D7821 | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:3B5D6DC13B2FF6C89D12D9975A94A0B2 | SHA256:F1A8200D6600C1AA7BEC33D6133520A46DBA89403DD2BE2186FBB7CD3A791DBA | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:3A2316C1C0418B5F337ECACBC4444FC6 | SHA256:8AD75257B2E58ADE3926764D54F5CA91C620CC199721B952985CB466D360F2EF | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatRes.dll.tmp | executable | |
MD5:AF8D5EA445736669C16F183709706C73 | SHA256:3364C673E4217EAA32CB55180EF399A612FAE5EDCBAA18D6A59964371FD2D6F8 | |||
5604 | 21be6e51b21a8e7bb605aa42047f885e97d60af4edf734d8a13cedb7a3e0f98d.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:EBAF0CA961775C3CBF979B4F6AB7B8ED | SHA256:D6E3A0D5D7098CB012F65F741B91C8D65A8A4F67527EA95F2E9A60E1B9C11D3B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
5160 | RUXIMICS.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.158:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
5448 | svchost.exe | GET | 200 | 23.48.23.158:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5160 | RUXIMICS.exe | GET | 200 | 23.48.23.158:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5448 | svchost.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
5160 | RUXIMICS.exe | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4712 | MoUsoCoreWorker.exe | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 104.126.37.137:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
5448 | svchost.exe | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5448 | svchost.exe | 23.48.23.158:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.158:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5160 | RUXIMICS.exe | 23.48.23.158:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |