File name:

2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin

Full analysis: https://app.any.run/tasks/fa45c8ad-271e-444e-baec-40bc23ec8aec
Verdict: Malicious activity
Analysis date: April 29, 2025, 21:00:24
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

A5C58A9D18059B7FD3C35539D601DE73

SHA1:

B59F039A4D6AAE1375F79CC13E7C051B6A409643

SHA256:

2F4001FE251B6E821045758BA5FFCD83DBEE2954A7CDB138944108CCAA9C4959

SSDEEP:

24576:6trenW81vwbvlkFkiqzz/ycn4rlF3/3w+3Q9gU2j8e7Xy:2QW813FgycylF3/3w+3Q9gU2j8e2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the Internet Settings

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads security settings of Internet Explorer

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Adds/modifies Windows certificates

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)

  • INFO

    • Reads Environment values

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Checks supported languages

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the computer name

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the machine GUID from the registry

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Disables trace logs

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Checks proxy server information

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Reads the software policy settings

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)

    • Creates files or folders in the user directory

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 2448)

    • Manual execution by a user

      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 988)
      • 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe (PID: 4992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (61.6)
.dll | Win32 Dynamic Link Library (generic) (14.6)
.exe | Win32 Executable (generic) (10)
.exe | Win16/32 Executable Delphi generic (4.6)
.exe | Generic Win/DOS Executable (4.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:04:22 09:08:52+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 964096
InitializedDataSize: 326656
UninitializedDataSize: -
EntryPoint: 0xed5ae
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.0.0.60
ProductVersionNumber: 5.0.0.60
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Product
CompanyName: -
FileDescription: Product Installer
FileVersion: 5.0.0.60
InternalName: Baixaki.exe
LegalCopyright: No Zebra
LegalTrademarks: -
OriginalFileName: Baixaki.exe
ProductName: Product Software
ProductVersion: 5.0.0.60
AssemblyVersion: 5.0.0.60
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
4
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe no specs 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
988"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Product Installer
Exit code:
3221226540
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
2448"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Product Installer
Exit code:
0
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4992"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Product Installer
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5920"C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe" C:\Users\admin\Desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Product Installer
Exit code:
3221226540
Version:
5.0.0.60
Modules
Images
c:\users\admin\desktop\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
c:\windows\system32\ntdll.dll
Total events
8 295
Read events
8 261
Write events
32
Delete events
2

Modification events

(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASMANCS
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2448) 2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
6
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe.logcsv
MD5:E7CABA59A2A13B0480696909685E7B7C
SHA256:7F3A84DF3468D1ECA80DE44462D93396BF46B1434A5EC668AC6ED238F5225A3F
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:57BB4ECB7CC1DE338C09CD426CA6487D
SHA256:92EE9D04D91A68C402F57D2BD8FF43AC4EF5B113B4B16F0359F3F103058A6CD6
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:C34C9A8074F23FF36EE8F104E4143637
SHA256:7C4D65F0B7A448C71324D6C1B0CF94215D8ED1315E1669F5ADB9DECC4F3953A6
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_E44C429A77AD443AA3029C75D49E0C96binary
MD5:53E3975418CE198AB6F001B15FF2324B
SHA256:86719A44864242E1CEB6B8A91AEB6E6969E9D7B6171D579B6231933CED197FE1
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:611A95C45860214E15A6658CA28E77C9
SHA256:54A921A1637FF9DAC2237A12EC69F3DFD0F6CA66BE2132C017E96C6ACB1E80C3
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_E44C429A77AD443AA3029C75D49E0C96binary
MD5:916B6AB9D4597802B6E7BB19A898B9E1
SHA256:203BA740B4A4830567781534F6D42FEEC459412DBA4DB66C9F78025730482D8F
24482f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:FA525773A3AC5B8434884AC4BCC8CB59
SHA256:25DFF784C8ADF30405838AE8E1DFFB1869FCEBF54AA02D9F02AA8C01F9994CE7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
35
DNS requests
28
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4132
smartscreen.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
2448
2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
whitelisted
2448
2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEQDSkOgiPF%2B9CW1IpnW4N4m7
unknown
whitelisted
3640
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2864
firefox.exe
POST
200
184.24.77.75:80
http://r11.o.lencr.org/
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
4012
svchost.exe
POST
403
23.213.166.81:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
2448
2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
4132
smartscreen.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6848feb304df83a9
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1352
svchost.exe
2.23.155.168:80
Akamai International B.V.
IT
unknown
2404
rundll32.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5960
OfficeC2RClient.exe
52.109.89.18:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
4132
smartscreen.exe
4.231.68.226:443
checkappexec.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4132
smartscreen.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
4132
smartscreen.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
unknown
3560
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3640
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
3640
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted
checkappexec.microsoft.com
  • 4.231.68.226
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
login.live.com
  • 40.126.32.76
  • 20.190.160.130
  • 40.126.32.68
  • 20.190.160.2
  • 20.190.160.128
  • 20.190.160.14
  • 20.190.160.67
  • 40.126.32.133
whitelisted
fs.microsoft.com
  • 23.212.222.21
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Microsoft Connection Test
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
2f4001fe251b6e821045758ba5ffcd83dbee2954a7cdb138944108ccaa9c4959.bin