analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | 1257bdd9c0a8c6f2f36ae769b44d6930.exe |
| Full analysis: | https://app.any.run/tasks/67b04655-b6e5-4bcd-83b0-25ddd2b1a1e1 |
| Verdict: | Malicious activity |
| Analysis date: | August 23, 2024 at 01:37:46 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 1257BDD9C0A8C6F2F36AE769B44D6930 |
| SHA1: | 173C9ED35C32CE834D88D4EF0F771273846FC0D6 |
| SHA256: | 314E7ABC39A04EA35112BC087B45F6DD513DCA61D15078FCCFBDB412FA03E7C2 |
| SSDEEP: | 1536:BPnpdvVVVVVVVVM4Hg0ZxrCJsCJDmbLvq:9pdvVVVVVVVV5Hg0XCJsCJDmy |
MALICIOUS
ZOMBIE has been detected (YARA)
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
SUSPICIOUS
Creates file in the systems drive root
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
Drops the executable file immediately after the start
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
Executable content was dropped or overwritten
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
INFO
Creates files or folders in the user directory
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
Checks supported languages
- 1257bdd9c0a8c6f2f36ae769b44d6930.exe (PID: 1416)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
|---|---|---|
| .exe | | | Win64 Executable (generic) (37.3) |
| .dll | | | Win32 Dynamic Link Library (generic) (8.8) |
| .exe | | | Win32 Executable (generic) (6) |
| .exe | | | Generic Win/DOS Executable (2.7) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2011:03:15 04:06:07+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 8192 |
| InitializedDataSize: | 12288 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x2130 |
| OSVersion: | 4 |
| ImageVersion: | - |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
Total processes
29
Monitored processes
1
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1416 | "C:\Users\admin\AppData\Local\Temp\1257bdd9c0a8c6f2f36ae769b44d6930.exe" | C:\Users\admin\AppData\Local\Temp\1257bdd9c0a8c6f2f36ae769b44d6930.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
Total events
25
Read events
25
Write events
0
Delete events
0
Modification events
Executable files
522
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | — | ||
MD5:— | SHA256:— | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\$Recycle.Bin\S-1-5-21-3896776584-4254864009-862391680-1000\desktop.ini.tmp | executable | |
MD5:08721DAA3F6DF6BE71326972D1A526A1 | SHA256:D900B0E52CBB0586AB521FA64CA893732FF4B6F7674C207AF4A11CBB05752AFD | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\$Recycle.Bin\S-1-5-21-3896776584-4254864009-862391680-1000\desktop.ini.exe | executable | |
MD5:08721DAA3F6DF6BE71326972D1A526A1 | SHA256:D900B0E52CBB0586AB521FA64CA893732FF4B6F7674C207AF4A11CBB05752AFD | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\bootsqm.dat.tmp | executable | |
MD5:71570DE7697C35CB3257BDD34FB2F80F | SHA256:0852DD2C50D6CEE3804A6F5AF7B8E41B66BF396F048F9DE22CF3C97B09989DE7 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\CCleaner.exe.tmp | executable | |
MD5:EFBC0F83CA9415F94624E41717D8D83D | SHA256:73AE6B08DAE51269EEB1B24862AC94D8DE9845A7D0E0AA7C2A028EC46B2FA184 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\CCleaner64.exe.tmp | executable | |
MD5:CA10423FA08727C0CB0DB81E25463FAA | SHA256:CD44BFD5D58E672072B9158097CD4D4143F853BAF53B3A6AC1E873BFC053B778 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1026.dll.tmp | executable | |
MD5:9CB214A9C96189E761FC7A8856D08F24 | SHA256:ECBAE0E075571124E386F61574F11E001B3F5D4F821E668075B78B12B7B26E20 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1025.dll.tmp | executable | |
MD5:24CD0212B0AB1490F210AC1DB369E5B3 | SHA256:E524C902097F2F5D36823704FD7CBBE0CE74445695E650AC7AF5F57F1026B143 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1028.dll.tmp | executable | |
MD5:7F1FD7F365E468A297797DA07452289D | SHA256:5E2430517D8E1B8803855E13C2C2E87734CC7ED3B613638D38A8B0B54BA417A2 | |||
| 1416 | 1257bdd9c0a8c6f2f36ae769b44d6930.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\CCleaner\Lang\lang-1027.dll.tmp | executable | |
MD5:DB0FC3D551A2FDA091865B6CB5C71223 | SHA256:2AD877C745937C17DF223F06EC4707DD6BDE002BBB23AD9682817F0C787EEB3A | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 224.0.0.252:5355 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
360 | svchost.exe | 224.0.0.252:5355 | — | — | — | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |