File name:

Illustrator_Set-Up.exe

Full analysis: https://app.any.run/tasks/bb921bb3-0190-4266-ad98-12e85d41e5bd
Verdict: Malicious activity
Analysis date: February 14, 2024, 19:01:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

72C200FAC125978E326F7FB3F62BCC7E

SHA1:

8C132CD38CDF7B39741739B6E83E68CA68524962

SHA256:

230BDF5ECCB4A0377EF7DADA98F2533996CB176C0A3BA54DA85E712449ADA829

SSDEEP:

98304:iTIUnGf1F/uxcIFbI6L88CdL9i9miV9qA0ROGmfY4bXoVoxX9/AIfbxiw7m+BaYq:yb7fRF4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Illustrator_Set-Up.exe (PID: 3288)

  • SUSPICIOUS

    • Changes Internet Explorer settings (feature browser emulation)

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the Internet Settings

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads security settings of Internet Explorer

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads Microsoft Outlook installation path

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads Internet Explorer settings

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads settings of System Certificates

      • Illustrator_Set-Up.exe (PID: 3288)

  • INFO

    • Create files in a temporary directory

      • Illustrator_Set-Up.exe (PID: 3288)

    • Checks supported languages

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the computer name

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads CPU info

      • Illustrator_Set-Up.exe (PID: 3288)

    • Creates files or folders in the user directory

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the machine GUID from the registry

      • Illustrator_Set-Up.exe (PID: 3288)

    • Checks proxy server information

      • Illustrator_Set-Up.exe (PID: 3288)

    • Process checks whether UAC notifications are on

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the software policy settings

      • Illustrator_Set-Up.exe (PID: 3288)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:01:22 07:25:40+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3104768
InitializedDataSize: 45056
UninitializedDataSize: 7090176
EntryPoint: 0x9b9290
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.12.0.23
ProductVersionNumber: 2.12.0.23
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.12.0.23
InternalName: Adobe Installer
LegalCopyright: © 2015-2023 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.12.0.23
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start illustrator_set-up.exe

Process information

PID
CMD
Path
Indicators
Parent process
3288"C:\Users\admin\AppData\Local\Temp\Illustrator_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Illustrator_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Exit code:
0
Version:
2.12.0.23
Modules
Images
c:\users\admin\appdata\local\temp\illustrator_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
Total events
7 060
Read events
7 032
Write events
26
Delete events
2

Modification events

(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Illustrator_Set-Up.exe
Value:
11001
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
Executable files
0
Suspicious files
7
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\979515dc-0f27-4c26-99b6-3ed2b66cbf73
MD5:
SHA256:
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\080db2fd-216d-40d5-b98d-c2e8c4858ad5
MD5:
SHA256:
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-02-14_19-01-17.logtext
MD5:57C306E32EB213FC271C270CD346C2A0
SHA256:2C339E9FBA79901CED28C8849D8B86169E915F39F9D67BDC13AC392D7BBF5803
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:E27A5B35A625221809414EC0C174332F
SHA256:C2FF8E1C2060EF871F88F19D7368C872EA22999C728ED386F76E3FCC2EB3905B
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{B5658BCF-D0B0-45CB-A9D4-1B7A60766BA4}\CCDInstaller.jsbinary
MD5:FB970BC9889933229160723A60571DDE
SHA256:39E34FC3DFD74D25631EA2FECACA70A5D767B5F3F40F24380237DC06A80252E2
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{B5658BCF-D0B0-45CB-A9D4-1B7A60766BA4}\index.csstext
MD5:12DB9598ECDD44D5F2FCF9C2EED93619
SHA256:22DB89651EA56CD8FD6D2920C0BF7B02459989B60272522D4464CB43EDD2F34F
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{B5658BCF-D0B0-45CB-A9D4-1B7A60766BA4}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3288
Illustrator_Set-Up.exe
34.250.67.152:443
cc-api-data.adobe.io
AMAZON-02
IE
unknown

DNS requests

Domain
IP
Reputation
cc-api-data.adobe.io
  • 34.250.67.152
  • 54.194.243.238
  • 54.195.71.107
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Illustrator_Set-Up.exe