File name:

Patch-Proteus-3.15-SP1-34318.0.exe

Full analysis: https://app.any.run/tasks/67d34e7f-c8ec-4049-9076-714aa16c6934
Verdict: Malicious activity
Analysis date: October 24, 2023, 05:58:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

95037214B3E4A95138199C79F678BFD9

SHA1:

A3F7BFC54ECDB067B0D5DBCFEFD1EDA7486E787B

SHA256:

28D09D5DD7121B92B42FE3457E304B8B5CB8BE1D57F527C47F0C65AF8E23C221

SSDEEP:

24576:F86RuyvBXm2ygmhJ0Qbwtzq1aQNQ4nhORX3ftION1uZDp+RZu/jc91BoQ9uZUR+o:hE0BXcRJ02DaQ64hOZmQ1DX1pV9u1O

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 1764)
      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)
      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 2960)

    • Loads dropped or rewritten executable

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)

    • Starts CMD.EXE for commands execution

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)

    • Executing commands from a ".bat" file

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)

  • INFO

    • Checks supported languages

      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 2960)
      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 1764)
      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2696)
      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)

    • Reads the computer name

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2696)

    • Create files in a temporary directory

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)
      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 2960)
      • Patch-Proteus-3.15-SP1-34318.0.exe (PID: 1764)

    • Application was dropped or rewritten from another process

      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2696)
      • Patch-Proteus-3.15-SP1-34318.0.tmp (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (45.2)
.dll | Win32 Dynamic Link Library (generic) (20.9)
.exe | Win32 Executable (generic) (14.3)
.exe | Win16/32 Executable Delphi generic (6.6)
.exe | Generic Win/DOS Executable (6.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:06:14 15:27:46+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x1181c
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: My Company
FileDescription: Patch for Proteus
FileVersion: 1.0.0.0
LegalCopyright: Deoptim (Dmytro)
ProductName: Proteus
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start patch-proteus-3.15-sp1-34318.0.exe no specs patch-proteus-3.15-sp1-34318.0.tmp no specs patch-proteus-3.15-sp1-34318.0.exe patch-proteus-3.15-sp1-34318.0.tmp no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1440"C:\Windows\system32\cmd.exe" /C ""C:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\OnStartupCode.bat""C:\Windows\System32\cmd.exePatch-Proteus-3.15-SP1-34318.0.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cmd.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
1764"C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exe" C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exeexplorer.exe
User:
admin
Company:
My Company
Integrity Level:
MEDIUM
Description:
Patch for Proteus
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\patch-proteus-3.15-sp1-34318.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2356"C:\Users\admin\AppData\Local\Temp\is-MF8ED.tmp\Patch-Proteus-3.15-SP1-34318.0.tmp" /SL5="$B01D0,1210369,121344,C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exe" /SPAWNWND=$140220 /NOTIFYWND=$5035E C:\Users\admin\AppData\Local\Temp\is-MF8ED.tmp\Patch-Proteus-3.15-SP1-34318.0.tmpPatch-Proteus-3.15-SP1-34318.0.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-mf8ed.tmp\patch-proteus-3.15-sp1-34318.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2696"C:\Users\admin\AppData\Local\Temp\is-976CR.tmp\Patch-Proteus-3.15-SP1-34318.0.tmp" /SL5="$5035E,1210369,121344,C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exe" C:\Users\admin\AppData\Local\Temp\is-976CR.tmp\Patch-Proteus-3.15-SP1-34318.0.tmpPatch-Proteus-3.15-SP1-34318.0.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-976cr.tmp\patch-proteus-3.15-sp1-34318.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
2960"C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exe" /SPAWNWND=$140220 /NOTIFYWND=$5035E C:\Users\admin\AppData\Local\Temp\Patch-Proteus-3.15-SP1-34318.0.exe
Patch-Proteus-3.15-SP1-34318.0.tmp
User:
admin
Company:
My Company
Integrity Level:
HIGH
Description:
Patch for Proteus
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\patch-proteus-3.15-sp1-34318.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
746
Read events
746
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
0
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\OnStartupCode.bat
MD5:
SHA256:
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\OnBeforeCode.bat
MD5:
SHA256:
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\OnFinishCode.bat
MD5:
SHA256:
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\wintb.dllexecutable
MD5:9436DF49E08C83BAD8DDC906478C2041
SHA256:1910537AA95684142250CA0C7426A0B5F082E39F6FBDBDBA649AECB179541435
1764Patch-Proteus-3.15-SP1-34318.0.exeC:\Users\admin\AppData\Local\Temp\is-976CR.tmp\Patch-Proteus-3.15-SP1-34318.0.tmpexecutable
MD5:34ACC2BDB45A9C436181426828C4CB49
SHA256:9C81817ACD4982632D8C7F1DF3898FCA1477577738184265D735F49FC5480F07
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\crc32c.dllexecutable
MD5:BFCA8A245FC3A7FE7A3561AAF687CBBA
SHA256:F82E3DE7D8D9A400E9D54348909A9FFA64A609D1644161EE40F7AE53C79215FF
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\lang\English.initext
MD5:4FB66AF3052A25731D1F9C96BD17A654
SHA256:C15E8CE6FE9CBF5FF30D3002619A55774F8C6198678CF6DA26C6768F2A56B6FA
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\lang\French.initext
MD5:97ED308DD6499E0B6E01760C318CDB24
SHA256:984DA665563F2701306DB7815E16E6077679836576B6D98C5C65B4DCA7374FB2
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\isproc.dllexecutable
MD5:4BAFB0739C5FCD96BE991F2A3CC9AC2F
SHA256:7F74F1C445BF5E9456AAE6FAE695A8CA60E1D0EB5A2F44AC2CF0239A71F1A8A1
2356Patch-Proteus-3.15-SP1-34318.0.tmpC:\Users\admin\AppData\Local\Temp\is-FQBJB.tmp\lang\Dutch.initext
MD5:19EFA220A5C5FF287A83075BF69C8D92
SHA256:377ED1A0F6D26AC799BDDC35F7677BAFF122E03CCE70DF1A80C7358B658372D6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Patch-Proteus-3.15-SP1-34318.0.exe