Malware analysis MDE_File_Sample_silverlight.zip Malicious activity

Add for printing

File name:	MDE_File_Sample_silverlight.zip
Full analysis:	https://app.any.run/tasks/f2a53821-f753-4559-a01a-9ee77a021764
Verdict:	Malicious activity
Analysis date:	March 05, 2024, 18:44:26
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:	ADE903B8E04D9D9DF4741401DF5CCC29
SHA1:	DA2448C51D5C05F61EF7F0F174345E306D346986
SHA256:	2C75C4989AAC112673DBFAAE4EC68E030891BE25D41C24744882EFFE0E5C32DB
SSDEEP:	49152:AhCebJ7QhOnhWcXtVby8CJrbzDrROnvYP2UjkdDw9K44imZ4+F8lHM9Os6DivPR7:Ah7VQMhvXtNyDrb0nvMJjSR44imZ4+s8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3668)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2636)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2292)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - icarus.exe (PID: 1236)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 1216)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2024)
  - icarus.exe (PID: 680)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Creates a writable file in the system directory
  - icarus.exe (PID: 680)
SUSPICIOUS
- Executable content was dropped or overwritten
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2636)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2292)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 680)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 1216)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2024)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Reads the Internet Settings
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Reads settings of System Certificates
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Reads the Windows owner or organization settings
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Adds/modifies Windows certificates
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
- Reads security settings of Internet Explorer
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Starts itself from another location
  - icarus.exe (PID: 1236)
- The process drops C-runtime libraries
  - icarus.exe (PID: 680)
- The process creates files with name similar to system file names
  - icarus.exe (PID: 680)
- Process drops legitimate windows executable
  - icarus.exe (PID: 680)
- Drops a system driver (possible attempt to evade defenses)
  - icarus.exe (PID: 680)
- The process verifies whether the antivirus software is installed
  - icarus.exe (PID: 680)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 3668)
- Checks supported languages
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2636)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3212)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2292)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 2804)
  - icarus.exe (PID: 680)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2024)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 1216)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 920)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
  - avg_antivirus_free_setup.exe (PID: 268)
- Manual execution by a user
  - explorer.exe (PID: 3972)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2636)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 1216)
- Create files in a temporary directory
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2636)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2292)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 680)
  - icarus.exe (PID: 2804)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 1216)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe (PID: 2024)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Reads the computer name
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3212)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - icarus.exe (PID: 2804)
  - icarus.exe (PID: 680)
  - icarus.exe (PID: 1236)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 920)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
  - avg_antivirus_free_setup.exe (PID: 268)
- Reads the machine GUID from the registry
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - icarus.exe (PID: 680)
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 2804)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Reads the software policy settings
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 2408)
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - avg_antivirus_free_setup.exe (PID: 1888)
  - microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp (PID: 3900)
- Creates files in the program directory
  - avg_antivirus_free_online_setup.exe (PID: 1572)
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 680)
- Reads CPU info
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 2804)
  - icarus.exe (PID: 680)
- Dropped object may contain TOR URL's
  - icarus.exe (PID: 1236)
  - icarus.exe (PID: 680)
- Reads Environment values
  - icarus.exe (PID: 680)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	0x0001
ZipCompression:	Deflated
ZipModifyDate:	2024:03:05 18:43:40
ZipCRC:	0x5cefa5a2
ZipCompressedSize:	1217845
ZipUncompressedSize:	1767664
ZipFileName:	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

268

"C:\Users\admin\AppData\Local\Temp\is-U9E22.tmp\component0_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5f9uYrkNpWMEBMtyROFjeo1HgR0VqjEMqk4qF05kjSAnqECAYhC2DGOOnpnTlRA0GxOzWjExw

C:\Users\admin\AppData\Local\Temp\is-U9E22.tmp\component0_extract\avg_antivirus_free_setup.exe

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

User:

admin

Company:

AVG Technologies CZ, s.r.o.

Integrity Level:

HIGH

Description:

AVG Installer

Exit code:

1056

Version:

2.1.99.0

Modules

Images
c:\users\admin\appdata\local\temp\is-u9e22.tmp\component0_extract\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

680

C:\Windows\Temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\avg-av\icarus.exe /silent /ws /psh:92pTu5f9uYrkNpWLjulsXr5qiTpKMSuFaDzUEWnDxXRfCVQojvMhTFJJrm35HNhLmELYEtD2pEa4dw /cookie:mmm_irs_ppi_902_451_o /track-guid:e69a9805-ee86-4a3c-b196-e6bac9c2413f /edat_dir:C:\Windows\Temp\asw.22d60d10afc83bdf /er_master:master_ep_9cbe667b-6ca2-47c3-ad3a-7086331e193a /er_ui:ui_ep_fb7c931c-05a1-424d-afc2-41ee8d95f7a3 /er_slave:avg-av_slave_ep_c7a27adb-6686-4b6a-8181-d7b9ae3d108b /slave:avg-av

C:\Windows\Temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\avg-av\icarus.exe

icarus.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Installer

Exit code:

Version:

24.2.6914.0

Modules

Images
c:\windows\temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\avg-av\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

920

"C:\Users\admin\AppData\Local\Temp\is-FV49S.tmp\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp" /SL5="$3027A,836075,831488,C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe"

C:\Users\admin\AppData\Local\Temp\is-FV49S.tmp\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

—

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-fv49s.tmp\microsoft-silverlight-5.1.50918.0-installer_kefsh-2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1216

"C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe"

C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

explorer.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

Softònic International SÀ

Exit code:

Version:

816.136.3785.7339

Modules

Images
c:\users\admin\downloads\microsoft-silverlight-5.1.50918.0-installer_kefsh-2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1236

C:\Windows\Temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\icarus-info.xml /install /silent /ws /psh:92pTu5f9uYrkNpWLjulsXr5qiTpKMSuFaDzUEWnDxXRfCVQojvMhTFJJrm35HNhLmELYEtD2pEa4dw /cookie:mmm_irs_ppi_902_451_o /track-guid:e69a9805-ee86-4a3c-b196-e6bac9c2413f /edat_dir:C:\Windows\Temp\asw.22d60d10afc83bdf

C:\Windows\Temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\common\icarus.exe

avg_antivirus_free_online_setup.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Installer

Exit code:

Version:

24.2.6914.0

Modules

Images
c:\windows\temp\asw-34ad3c8f-3eb1-4a6c-85e8-ef2f659e6b79\common\icarus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1572

"C:\Windows\Temp\asw.22d60d10afc83bdf\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5f9uYrkNpWLjulsXr5qiTpKMSuFaDzUEWnDxXRfCVQojvMhTFJJrm35HNhLmELYEtD2pEa4dw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:e69a9805-ee86-4a3c-b196-e6bac9c2413f /edat_dir:C:\Windows\Temp\asw.22d60d10afc83bdf

C:\Windows\Temp\asw.22d60d10afc83bdf\avg_antivirus_free_online_setup.exe

avg_antivirus_free_setup.exe

User:

admin

Company:

AVG Technologies

Integrity Level:

HIGH

Description:

AVG Self-Extract Package

Exit code:

Version:

24.2.6914.0

Modules

Images
c:\windows\temp\asw.22d60d10afc83bdf\avg_antivirus_free_online_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1888

"C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\component0_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5f9uYrkNpWLjulsXr5qiTpKMSuFaDzUEWnDxXRfCVQojvMhTFJJrm35HNhLmELYEtD2pEa4dw

C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\component0_extract\avg_antivirus_free_setup.exe

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

User:

admin

Company:

AVG Technologies CZ, s.r.o.

Integrity Level:

HIGH

Description:

AVG Installer

Exit code:

Version:

2.1.99.0

Modules

Images
c:\users\admin\appdata\local\temp\is-ac09p.tmp\component0_extract\avg_antivirus_free_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

2024

"C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe" /SPAWNWND=$30288 /NOTIFYWND=$3027A

C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

User:

admin

Company:

Integrity Level:

HIGH

Description:

Softònic International SÀ

Exit code:

Version:

816.136.3785.7339

Modules

Images
c:\users\admin\downloads\microsoft-silverlight-5.1.50918.0-installer_kefsh-2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2292

"C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe" /SPAWNWND=$501F8 /NOTIFYWND=$D017E

C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

User:

admin

Company:

Integrity Level:

HIGH

Description:

Softònic International SÀ

Exit code:

Version:

816.136.3785.7339

Modules

Images
c:\users\admin\downloads\microsoft-silverlight-5.1.50918.0-installer_kefsh-2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2408

"C:\Users\admin\AppData\Local\Temp\is-1HN4O.tmp\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp" /SL5="$601FA,836075,831488,C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe" /SPAWNWND=$501F8 /NOTIFYWND=$D017E

C:\Users\admin\AppData\Local\Temp\is-1HN4O.tmp\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp

microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe

User:

admin

Company:

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-1hn4o.tmp\microsoft-silverlight-5.1.50918.0-installer_kefsh-2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

Add for printing

Total events

34 718

Read events

34 560

Write events

143

Delete events

Modification events


(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtBMP
Value:
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtIcon
Value:
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Downloads\MDE_File_Sample_silverlight.zip
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3668) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120

Add for printing

Executable files

283

Suspicious files

493

Text files

182

Unknown types

Dropped files

PID	Process	Filename		Type
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\is-0AQ26.tmp		—
		MD5:—	SHA256:—
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\component0_extract\avg_antivirus_free_setup.exe		executable
		MD5:26816AF65F2A3F1C61FB44C682510C97	SHA256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\is-M4DMU.tmp		image
		MD5:513B1D928F28ADA99288E426BC08634D	SHA256:0A00941C0E69B9A32956C6FEC35F2A0E2D9981FD01BFD3894956D3546BC2CDA6
1888	avg_antivirus_free_setup.exe	C:\windows\temp\asw.22d60d10afc83bdf\ecoo.edat		text
		MD5:3F44A3C655AC2A5C3AB32849ECB95672	SHA256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
3668	WinRAR.exe	C:\Users\admin\Downloads\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe		executable
		MD5:F1D1014C2E889B04E9EDC64B2B4DB7B2	SHA256:FF6971849639474C27353958485E2BED35957501B8D5524A4F603BC410688AC8
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\x_sign.png		image
		MD5:7467AD95FFCEA6FEEA8ECD961B5EDA0D	SHA256:13E5B9A27719D868EE04BA508648ACA2551281D9871A074DF3F80DE878C2E100
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\mainlogo.jpg		image
		MD5:513B1D928F28ADA99288E426BC08634D	SHA256:0A00941C0E69B9A32956C6FEC35F2A0E2D9981FD01BFD3894956D3546BC2CDA6
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\v_sign.png		image
		MD5:C46C414E791704B5812AEF6ABA10F973	SHA256:0708ADA9E419FBAB2D88AC10B637D1EBA191E0AEB0A930E96B47E28988348255
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	C:\Users\admin\AppData\Local\Temp\is-AC09P.tmp\AVG_AV.png		image
		MD5:5EF5291810C454A35F76D976105F37CC	SHA256:03E69E8C87732C625DF2F628AC63BD145268F9DEA9C5F3DD3670B1CF349A995C
2292	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.exe	C:\Users\admin\AppData\Local\Temp\is-1HN4O.tmp\microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp		executable
		MD5:E19EE21B0249A79BAF781C0BE0BB9BF8	SHA256:D24F26374FAC5BCDB3D3391E8406A7FCD6E17B7CD1A4BE5792352403C90A6D5B

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1888	avg_antivirus_free_setup.exe	POST	200	142.250.186.142:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
1888	avg_antivirus_free_setup.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	unknown
1888	avg_antivirus_free_setup.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	unknown
1888	avg_antivirus_free_setup.exe	POST	200	142.250.186.142:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
268	avg_antivirus_free_setup.exe	POST	200	142.250.186.142:80	http://www.google-analytics.com/collect	unknown	image	35 b	unknown
268	avg_antivirus_free_setup.exe	POST	204	34.117.223.223:80	http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	3.162.40.171:443	d2lss4haxviibi.cloudfront.net	—	US	unknown
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	104.102.38.56:443	images.sftcdn.net	AKAMAI-AS	DE	unknown
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	8.241.90.124:443	gsf-lu.softonic.com	LEVEL3	US	unknown
2408	microsoft-silverlight-5.1.50918.0-installer_KefSh-2.tmp	3.160.156.212:443	d2lss4haxviibi.cloudfront.net	—	US	unknown
1888	avg_antivirus_free_setup.exe	142.250.186.142:80	www.google-analytics.com	GOOGLE	US	whitelisted
1888	avg_antivirus_free_setup.exe	34.117.223.223:80	v7event.stats.avast.com	GOOGLE-CLOUD-PLATFORM	US	unknown
1888	avg_antivirus_free_setup.exe	2.20.65.4:443	honzik.avcdn.net	Nucleo de Inf. e Coord. do Ponto BR - NIC.	NL	unknown

DNS requests

Domain	IP	Reputation
d2lss4haxviibi.cloudfront.net	3.162.40.171 3.162.40.27 3.162.40.44 3.162.40.206 3.160.156.212 3.160.156.170 3.160.156.106 3.160.156.200	unknown
images.sftcdn.net	104.102.38.56	whitelisted
gsf-lu.softonic.com	8.241.90.124 67.27.158.252 67.27.235.252	unknown
v7event.stats.avast.com	34.117.223.223	whitelisted
honzik.avcdn.net	2.20.65.4 2a02:26f0:480:682::240d 2a02:26f0:480:69e::240d 23.32.101.67 2a02:26f0:3500:f92::240d 2a02:26f0:3500:f9c::240d	unknown
www.google-analytics.com	142.250.186.142	whitelisted
analytics.avcdn.net	34.117.223.223	unknown
shepherd.avcdn.net	34.160.176.28	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

MDE_File_Sample_silverlight.zip

ADE903B8E04D9D9DF4741401DF5CCC29

DA2448C51D5C05F61EF7F0F174345E306D346986

2C75C4989AAC112673DBFAAE4EC68E030891BE25D41C24744882EFFE0E5C32DB

49152:AhCebJ7QhOnhWcXtVby8CJrbzDrROnvYP2UjkdDw9K44imZ4+F8lHM9Os6DivPR7:Ah7VQMhvXtNyDrb0nvMJjSR44imZ4+s8

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Creates a writable file in the system directory

SUSPICIOUS

Executable content was dropped or overwritten

Reads the Internet Settings

Reads settings of System Certificates

Reads the Windows owner or organization settings

Adds/modifies Windows certificates

Reads security settings of Internet Explorer

Starts itself from another location

The process drops C-runtime libraries

The process creates files with name similar to system file names

Process drops legitimate windows executable

Drops a system driver (possible attempt to evade defenses)

The process verifies whether the antivirus software is installed

INFO

Executable content was dropped or overwritten

Checks supported languages

Manual execution by a user

Create files in a temporary directory

Reads the computer name

Reads the machine GUID from the registry

Reads the software policy settings

Creates files in the program directory

Reads CPU info

Dropped object may contain TOR URL's

Reads Environment values

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings