File name:

2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin

Full analysis: https://app.any.run/tasks/fa45c8ad-271e-444e-baec-40bc23ec8aec
Verdict: Malicious activity
Analysis date: April 29, 2025, 21:00:24
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

A5C58A9D18059B7FD3C35539D601DE73

SHA1:

B59F039A4D6AAE1375F79CC13E7C051B6A409643

SHA256:

2F4001FE251B6E821045758BA5FFCD83DBEE2954A7CDB138944108CCAA9C4959

SSDEEP:

24576:6trenW81vwbvlkFkiqzz/ycn4rlF3/3w+3Q9gU2j8e7Xy:2QW813FgycylF3/3w+3Q9gU2j8e2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the Internet Settings

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads security settings of Internet Explorer

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Adds/modifies Windows certificates

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)

  • INFO

    • Reads Environment values

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the computer name

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Checks supported languages

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Checks proxy server information

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Disables trace logs

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the machine GUID from the registry

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the software policy settings

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Creates files or folders in the user directory

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)

    • Manual execution by a user

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 988)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (61.6)
.dll | Win32 Dynamic Link Library (generic) (14.6)
.exe | Win32 Executable (generic) (10)
.exe | Win16/32 Executable Delphi generic (4.6)
.exe | Generic Win/DOS Executable (4.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:04:22 09:08:52+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 964096
InitializedDataSize: 326656
UninitializedDataSize: -
EntryPoint: 0xed5ae
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.0.0.60
ProductVersionNumber: 5.0.0.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Product
CompanyName: -
FileDescription: Product Installer
FileVersion: 5.0.0.60
InternalName: Baixaki.exe
LegalCopyright: No Zebra
LegalTrademarks: -
OriginalFileName: Baixaki.exe
ProductName: Product Software
ProductVersion: 5.0.0.60
AssemblyVersion: 5.0.0.60
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
4
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe no specs 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
988"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Product Installer
Exit code:
3221226540
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
2448"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Product Installer
Exit code:
0
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4992"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Product Installer
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5920"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Product Installer
Exit code:
3221226540
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
Total events
8 295
Read events
8 261
Write events
32
Delete events
2

Modification events

(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
6
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_E44C429A77AD443AA3029C75D49E0C96binary
MD5:916B6AB9D4597802B6E7BB19A898B9E1
SHA256:C9D48179DEC15186B7CBC3C15166AF97F5B0B67F18CF09D1C9220F998D350143
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:57BB4ECB7CC1DE338C09CD426CA6487D
SHA256:CEA23C050E7533D6DEF6DA404F06C34B2BF93F7536920260D6A63A90AA8D9C2B
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_E44C429A77AD443AA3029C75D49E0C96binary
MD5:53E3975418CE198AB6F001B15FF2324B
SHA256:55B8AD59EB4BF3B3394D9615962FE9B07DD6DDB9CC3DBDB427857BBFA5848751
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:611A95C45860214E15A6658CA28E77C9
SHA256:C09F095FFC22F2D64EC1ECBB2DB5935A521B2761E2C4A08FD45C537C64E65CB0
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:FA525773A3AC5B8434884AC4BCC8CB59
SHA256:1DC7DCCAFE99E9CD7A3022E5ED618DDD844454584D4F73DA679504E1335CEAE8
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe.logcsv
MD5:E7CABA59A2A13B0480696909685E7B7C
SHA256:7F3A84DF3468D1ECA80DE44462D93396BF46B1434A5EC668AC6ED238F5225A3F
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:C34C9A8074F23FF36EE8F104E4143637
SHA256:423CA87C49ED0057B95436198B964858089E164139A8C1AF5EF80B1FD96E1464
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
35
DNS requests
28
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4132
smartscreen.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6848feb304df83a9
unknown
whitelisted
3640
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4132
smartscreen.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1352
svchost.exe
2.23.155.168:80
Akamai International B.V.
IT
unknown
2404
rundll32.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5960
OfficeC2RClient.exe
52.109.89.18:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4132
smartscreen.exe
4.231.68.226:443
checkappexec.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4132
smartscreen.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
4132
smartscreen.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
unknown
3560
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3640
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
3640
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted
checkappexec.microsoft.com
  • 4.231.68.226
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
login.live.com
  • 40.126.32.76
  • 20.190.160.130
  • 40.126.32.68
  • 20.190.160.2
  • 20.190.160.128
  • 20.190.160.14
  • 20.190.160.67
  • 40.126.32.133
whitelisted
fs.microsoft.com
  • 23.212.222.21
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted

Threats

PID
Process
Class
Message
1352
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin