File name:

1257bdd9c0a8c6f2f36ae769b44d6930.exe

Full analysis: https://app.any.run/tasks/67b04655-b6e5-4bcd-83b0-25ddd2b1a1e1
Verdict: Malicious activity
Analysis date: August 23, 2024, 01:37:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:
zombie
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1257BDD9C0A8C6F2F36AE769B44D6930

SHA1:

173C9ED35C32CE834D88D4EF0F771273846FC0D6

SHA256:

314E7ABC39A04EA35112BC087B45F6DD513DCA61D15078FCCFBDB412FA03E7C2

SSDEEP:

1536:BPnpdvVVVVVVVVM4Hg0ZxrCJsCJDmbLvq:9pdvVVVVVVVV5Hg0XCJsCJDmy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ZOMBIE has been detected (YARA)

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)

    • Creates file in the systems drive root

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)

    • Executable content was dropped or overwritten

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)

  • INFO

    • Checks supported languages

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)

    • Creates files or folders in the user directory

      • 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:03:15 04:06:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 8192
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x2130
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
29
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #ZOMBIE 1257bdd9c0a8c6f2f36ae769b44d6930.exe

Process information

PID
CMD
Path
Indicators
Parent process
1416"C:\Users\admin\AppData\Local\Temp\1257bdd9c0a8c6f2f36ae769b44d6930.exe" C:\Users\admin\AppData\Local\Temp\1257bdd9c0a8c6f2f36ae769b44d6930.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\1257bdd9c0a8c6f2f36ae769b44d6930.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
Total events
25
Read events
25
Write events
0
Delete events
0

Modification events

No data
Executable files
522
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
14161257bdd9c0a8c6f2f36ae769b44d6930.exe
MD5:
SHA256:
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\$Recycle.Bin\S-1-5-21-3896776584-4254864009-862391680-1000\desktop.ini.exeexecutable
MD5:08721DAA3F6DF6BE71326972D1A526A1
SHA256:D900B0E52CBB0586AB521FA64CA893732FF4B6F7674C207AF4A11CBB05752AFD
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1025.dll.tmpexecutable
MD5:24CD0212B0AB1490F210AC1DB369E5B3
SHA256:E524C902097F2F5D36823704FD7CBBE0CE74445695E650AC7AF5F57F1026B143
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\CCleaner.exe.tmpexecutable
MD5:EFBC0F83CA9415F94624E41717D8D83D
SHA256:73AE6B08DAE51269EEB1B24862AC94D8DE9845A7D0E0AA7C2A028EC46B2FA184
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\bootsqm.dat.tmpexecutable
MD5:71570DE7697C35CB3257BDD34FB2F80F
SHA256:0852DD2C50D6CEE3804A6F5AF7B8E41B66BF396F048F9DE22CF3C97B09989DE7
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\CCleaner64.exe.tmpexecutable
MD5:CA10423FA08727C0CB0DB81E25463FAA
SHA256:CD44BFD5D58E672072B9158097CD4D4143F853BAF53B3A6AC1E873BFC053B778
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1027.dll.tmpexecutable
MD5:DB0FC3D551A2FDA091865B6CB5C71223
SHA256:2AD877C745937C17DF223F06EC4707DD6BDE002BBB23AD9682817F0C787EEB3A
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\$Recycle.Bin\S-1-5-21-3896776584-4254864009-862391680-1000\desktop.ini.tmpexecutable
MD5:08721DAA3F6DF6BE71326972D1A526A1
SHA256:D900B0E52CBB0586AB521FA64CA893732FF4B6F7674C207AF4A11CBB05752AFD
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1032.dll.tmpexecutable
MD5:453A011EDADC7AAD423FFF82D1AC1E87
SHA256:DC0F72DDCD13B839D1B4E1F486DA66211F07265A7E5AC0603D6896C5EEE4A2F3
14161257bdd9c0a8c6f2f36ae769b44d6930.exeC:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1036.dll.tmpexecutable
MD5:E1B02F3AA4132D25255079AB7A6B44E0
SHA256:98CFE008AA0A55E765CFD8A1EF8BB3F5D568417AE2A0532A7CA6157D8D46BDC2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
360
svchost.exe
224.0.0.252:5355
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.110
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
1257bdd9c0a8c6f2f36ae769b44d6930.exe