File name:

AutoGpuAffinity.exe

Full analysis: https://app.any.run/tasks/cce372b3-d578-46b3-8899-458d2e0b01d2
Verdict: Malicious activity
Analysis date: December 03, 2024, 14:11:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
pyinstaller
python
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 6 sections
MD5:

EE9D66BE5557F1474A5F1ADB2F412394

SHA1:

41A9B0D7BF06E7BF48E592CEF04F1D485E3D4B58

SHA256:

2C1F761D30CCC710CF631D782ADCE8DF1E75D9D51727406473856FC32D33B898

SSDEEP:

98304:Wl7Vqoa+KLTAHNMl/v0TqKJtT9IFLdZJULG8/Gkmu/ndyHGBMi0Ya/pNkLdANBHh:6PubyUPbyhGA365

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • AutoGpuAffinity.exe (PID: 3884)

    • Application launched itself

      • AutoGpuAffinity.exe (PID: 3884)

    • Process drops legitimate windows executable

      • AutoGpuAffinity.exe (PID: 3884)

    • Executable content was dropped or overwritten

      • AutoGpuAffinity.exe (PID: 3884)

    • Process drops python dynamic module

      • AutoGpuAffinity.exe (PID: 3884)

    • Loads Python modules

      • AutoGpuAffinity.exe (PID: 5696)

  • INFO

    • Reads the computer name

      • AutoGpuAffinity.exe (PID: 3884)
      • AutoGpuAffinity.exe (PID: 5696)

    • Create files in a temporary directory

      • AutoGpuAffinity.exe (PID: 3884)

    • Checks supported languages

      • AutoGpuAffinity.exe (PID: 3884)
      • AutoGpuAffinity.exe (PID: 5696)

    • PyInstaller has been detected (YARA)

      • AutoGpuAffinity.exe (PID: 5696)
      • AutoGpuAffinity.exe (PID: 3884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:06:25 11:58:19+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.4
CodeSize: 172032
InitializedDataSize: 151040
UninitializedDataSize: -
EntryPoint: 0xb220
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows command line
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
122
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start autogpuaffinity.exe conhost.exe no specs autogpuaffinity.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3884"C:\Users\admin\Desktop\AutoGpuAffinity.exe" C:\Users\admin\Desktop\AutoGpuAffinity.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\autogpuaffinity.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4128\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeAutoGpuAffinity.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5696"C:\Users\admin\Desktop\AutoGpuAffinity.exe" C:\Users\admin\Desktop\AutoGpuAffinity.exeAutoGpuAffinity.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\autogpuaffinity.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
273
Read events
273
Write events
0
Delete events
0

Modification events

No data
Executable files
63
Suspicious files
1
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\VCRUNTIME140.dllexecutable
MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
SHA256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\Pythonwin\win32ui.pydexecutable
MD5:D335339C3508604925016C1F3EE0600D
SHA256:8B992A0333990A255C6DF4395AE2E4153300596D75C7FBD17780214FB359B6A7
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_ctypes.pydexecutable
MD5:452305C8C5FDA12F082834C3120DB10A
SHA256:543CE9D6DC3693362271A2C6E7D7FC07AD75327E0B0322301DD29886467B0B0E
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_decimal.pydexecutable
MD5:F78F9855D2A7CA940B6BE51D68B80BF2
SHA256:D4AE192BBD4627FC9487A2C1CD9869D1B461C20CFD338194E87F5CF882BBED12
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_bz2.pydexecutable
MD5:90F58F625A6655F80C35532A087A0319
SHA256:BD8621FCC901FA1DE3961D93184F61EA71068C436794AF2A4449738CCF949946
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\VCRUNTIME140_1.dllexecutable
MD5:F8DFA78045620CF8A732E67D1B1EB53D
SHA256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_hashlib.pydexecutable
MD5:8BAEB2BD6E52BA38F445EF71EF43A6B8
SHA256:6C50C9801A5CAF0BB52B384F9A0D5A4AA182CA835F293A39E8999CF6EDF2F087
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_socket.pydexecutable
MD5:439B3AD279BEFA65BB40ECEBDDD6228B
SHA256:24017D664AF20EE3B89514539345CAAC83ECA34825FCF066A23E8A4C99F73E6D
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\_lzma.pydexecutable
MD5:CF8DE1137F36141AFD9FF7C52A3264EE
SHA256:22D10E2D6AD3E3ED3C49EB79AB69A81AAA9D16AECA7F948DA2FE80877F106C16
3884AutoGpuAffinity.exeC:\Users\admin\AppData\Local\Temp\_MEI38842\Pythonwin\mfc140u.dllexecutable
MD5:03A161718F1D5E41897236D48C91AE3C
SHA256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
20
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.150:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
4804
RUXIMICS.exe
GET
200
23.48.23.150:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
1.01 Kb
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
4804
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
244
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.153:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4804
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
244
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.150:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4804
RUXIMICS.exe
23.48.23.150:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.168
  • 104.126.37.178
  • 104.126.37.170
  • 104.126.37.171
  • 104.126.37.163
  • 104.126.37.179
  • 104.126.37.160
whitelisted
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.150
  • 23.48.23.143
  • 23.48.23.162
  • 23.48.23.156
  • 23.48.23.169
  • 23.48.23.159
  • 23.48.23.166
  • 23.48.23.164
  • 23.48.23.145
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
self.events.data.microsoft.com
  • 20.42.65.94
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AutoGpuAffinity.exe