download: | downloadEdge.aspx |
Full analysis: | https://app.any.run/tasks/eceff223-c6c4-4470-9346-d25b87410f4e |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 16:13:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 226991C242389EB4D93245C573318CDF |
SHA1: | 2788629F1415F7A99E63D4745CAF5DBE9D78FCA2 |
SHA256: | 323848F1AF8D3F1AC4B90F10E73FD231A3E5A2FB71453429B96A968A8AAAB4F5 |
SSDEEP: | 49152:O62IOLwwuYrMJY/EqLZemfbIVk45+NT5aL:O65OUwuYACDLH4L |
.exe | | | Win64 Executable (generic) (76.4) |
---|---|---|
.exe | | | Win32 Executable (generic) (12.4) |
.exe | | | Generic Win/DOS Executable (5.5) |
.exe | | | DOS Executable Generic (5.5) |
LanguageId: | en |
---|---|
UpstreamVersion: | 1.3.99.0 |
ProductVersion: | 1.3.115.45 |
ProductName: | Microsoft Edge Update |
OriginalFileName: | MicrosoftEdgeUpdateSetup.exe |
LegalCopyright: | Copyright Microsoft Corporation |
InternalName: | Microsoft Edge Update Setup |
FileVersion: | 1.3.115.45 |
FileDescription: | Microsoft Edge Update Setup |
CompanyName: | Microsoft Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.3.115.45 |
FileVersionNumber: | 1.3.115.45 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5396 |
UninitializedDataSize: | - |
InitializedDataSize: | 1657856 |
CodeSize: | 94720 |
LinkerVersion: | 14.16 |
PEType: | PE32 |
TimeStamp: | 2019:11:03 08:30:16+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 03-Nov-2019 07:30:16 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Microsoft Corporation |
FileDescription: | Microsoft Edge Update Setup |
FileVersion: | 1.3.115.45 |
InternalName: | Microsoft Edge Update Setup |
LegalCopyright: | Copyright Microsoft Corporation |
OriginalFilename: | MicrosoftEdgeUpdateSetup.exe |
ProductName: | Microsoft Edge Update |
ProductVersion: | 1.3.115.45 |
UpstreamVersion: | 1.3.99.0 |
LanguageId: | en |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000108 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 03-Nov-2019 07:30:16 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00017001 | 0x00017200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.66417 |
.rdata | 0x00019000 | 0x000073F0 | 0x00007400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.27282 |
.data | 0x00021000 | 0x00001400 | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.24299 |
.rsrc | 0x00023000 | 0x0018B874 | 0x0018BA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.98461 |
.reloc | 0x001AF000 | 0x0000124C | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.28351 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.20417 | 1166 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 4.13669 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 3.91985 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.83772 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 3.68656 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 4.50268 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86669 | 90 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
102 | 7.99987 | 1572020 | Latin 1 / Western European | UNKNOWN | B |
1223 | 3.73035 | 380 | Latin 1 / Western European | UNKNOWN | RT_STRING |
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2744 | "C:\Users\admin\Desktop\downloadEdge.aspx.exe" | C:\Users\admin\Desktop\downloadEdge.aspx.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Version: 1.3.115.45 | ||||
2576 | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&iid={aa6d67c9-5efb-5f9c-9f8e-8ee551de80ff}&lang=en" | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdate.exe | downloadEdge.aspx.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.115.45 | ||||
3788 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.115.45 | ||||
3400 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7Q0NGRDVBMEQtNzg0RC00OTUxLUEwMEItRkY5NTVEQTlFQTNGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFENTk5QUZGLUU3RTMtNEU3Ri1CRjhBLTI3ODRGN0Y5NTU4OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExNS40NSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntBQTZENjdDOS01RUZCLTVGOUMtOUY4RS04RUU1NTFERTgwRkZ9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjExNzIiLz48L2FwcD48L3JlcXVlc3Q- | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.115.45 | ||||
3832 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&iid={aa6d67c9-5efb-5f9c-9f8e-8ee551de80ff}&lang=en" /installsource taggedmi /sessionid "{CCFD5A0D-784D-4951-A00B-FF955DA9EA3F}" | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.115.45 | ||||
956 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.115.45 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\psuser.dll | executable | |
MD5:A185B9B02A951153276EFC185F376836 | SHA256:F17B889612F2FFA6B962D8CCEC83346F18797BB76D6E4C7288CD2C005E0A9114 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdateOnDemand.exe | executable | |
MD5:ED4EED79DE59E7D31DBCF75A2365D1F4 | SHA256:D6139E087E9B93D45C5682D79937ECBD0117B6A45304CC0F2E92A5768C80CA58 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | executable | |
MD5:CBB9FB68F7A55AB344FE58014FBEDEDC | SHA256:3ADEF3AE99E6552A44689C53E6957AC133EE27B67795BCE8ADC68EED9892AB13 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_ar.dll | executable | |
MD5:698C94DAFC56FE455D5A10C38D33C9B0 | SHA256:9C4E876E891B78C8B9CC1121482BD8A95198944776106FAD0F53E891C1102F55 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\psmachine.dll | executable | |
MD5:0E3A7A0A96B4C4DA2D54A7A4DCA12E36 | SHA256:B2CDD54B98BD6207F7BAA21CA503BC5401E90EC459D611AD6D3D0F1E2343320F | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_cs.dll | executable | |
MD5:A7B771D79F7372E76EE695FF5B09EBC5 | SHA256:186758923D33EB9696F09DF8C4190480621735D31EF63DDB42666BACAB75864A | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeComRegisterShellARM64.exe | executable | |
MD5:EC313EFCD0D85BDFD144299CEBDABB70 | SHA256:79933D2151938E995559B067AAC908EF21493EF75DD5F7499D0847E5B992D5F3 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdate.dll | executable | |
MD5:5F51BFD4F65774364435C7DC93FFF814 | SHA256:E09A96863D6B05FCF55AAAB5B178AEB31A518B07BE9B63E1972BB6452F8BDE25 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\psmachine_64.dll | executable | |
MD5:F14F58C344FC0390F108FCFEF80ECF56 | SHA256:E4AF450F1DFFB4C0ACC84EB25BABF20E6BC868EA65E658DD2AD3A7E1115569F8 | |||
2744 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdateBroker.exe | executable | |
MD5:FF57266F1308B553ED409616D3B40CBF | SHA256:709745D6F22DF1845C7B11A7710CEE8EB52725FC51AF2A300199A65793CA4C58 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 205.185.216.42:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | Highwinds Network Group, Inc. | US | whitelisted |
3400 | MicrosoftEdgeUpdate.exe | 52.114.74.45:443 | self.events.data.microsoft.com | Microsoft Corporation | NL | unknown |
956 | MicrosoftEdgeUpdate.exe | 40.67.252.175:443 | msedge.api.cdp.microsoft.com | Microsoft Corporation | IE | unknown |
Domain | IP | Reputation |
---|---|---|
self.events.data.microsoft.com |
| whitelisted |
msedge.api.cdp.microsoft.com |
| whitelisted |
msedge.f.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |