File name: | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe |
Full analysis: | https://app.any.run/tasks/1ffaf7cc-60a7-481e-9126-34d6d3439f15 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 22:47:10 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | 3C10E5AFEFA2B9817F3453A8CBCEB693 |
SHA1: | 306CD6860047D31760C2377657C7E566053B43DA |
SHA256: | 2FE6A2D337BB9FC791249C6DBDF32876F29A9A98790C74E6E6BB08028875B80A |
SSDEEP: | 768:Eh1IqQMy6cJgKAUo9AvVVVVVVVVgSjSs5ZEPzWuqxWsqxW/:EhPpyASvVVVVVVVVWs5ZEDgWsgW/ |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x2130 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3040 | "C:\Users\admin\Desktop\2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe" | C:\Users\admin\Desktop\2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | — | ||
MD5:— | SHA256:— | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.tmp | executable | |
MD5:328770757E87A79D3E02A2EE939B1BBA | SHA256:EAF7A28A51FFFFB04701F89A07F18C6DC21D7E9F811459599ECC702C4FDD9F8B | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:6ECB3D236B4AFB6D0FBD7E9564740614 | SHA256:8AB8238350F43233A2B27D999F02AC2A6CFEEB4B2891CC09E104F13AB50C3437 | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef_100_percent.pak.tmp | executable | |
MD5:CFD475E3EB88FF88E7D16E8F0ABE70A0 | SHA256:4B57EA80733522CDA1D4E4131EC7874D88E07AFAE70D371ABDA4492EC77C4B18 | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe.tmp | executable | |
MD5:D528B72DE057358D4125BFFFA9F53098 | SHA256:1EABA4F0AB2F2F538DA1AF9A4DA0D2A78A51726829E58564B0ADF0492787C7F6 | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:DD6485B7BC48F96B86A97EED89BEA45E | SHA256:C80CD8D8B2BCBC28D1BF7816070C598CA08A0051135ADFB1A05ECC98249829F7 | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.tmp | executable | |
MD5:FB800A97568F43938EA3DF045BA8E5C5 | SHA256:5EDB949C5C469ED940362AB76682C10523C4D2021BA11E82D461F8EB708184F0 | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:944122AFA1728BA9167AC913E5FB48D4 | SHA256:C0C32B83F48269DBD23F5A8C0C9965D15629DAA9A69D17D0631D79A4BEDDD66C | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef.pak.tmp | executable | |
MD5:B82417934A0838E16FDC6BB078F7CFB7 | SHA256:FC2345B4FADA91A6D1AB698EDF4FEFECBE0E7BB4B23995AAF9452615E9C0114B | |||
3040 | 2fe6a2d337bb9fc791249c6dbdf32876f29a9a98790c74e6e6bb08028875b80a.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:DD6485B7BC48F96B86A97EED89BEA45E | SHA256:C80CD8D8B2BCBC28D1BF7816070C598CA08A0051135ADFB1A05ECC98249829F7 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5004 | svchost.exe | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
5004 | svchost.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
5004 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4 | System | 192.168.100.255:138 | — | — | — | unknown |
4 | System | 192.168.100.255:137 | — | — | — | unknown |
4712 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
— | — | 104.126.37.144:443 | www.bing.com | Akamai International B.V. | DE | unknown |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4712 | MoUsoCoreWorker.exe | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | unknown |
5004 | svchost.exe | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | unknown |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | unknown |
5004 | svchost.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | unknown |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| unknown |
www.bing.com |
| unknown |
google.com |
| unknown |
crl.microsoft.com |
| unknown |
www.microsoft.com |
| unknown |
self.events.data.microsoft.com |
| unknown |