File name:

DARTEX.EXE

Full analysis: https://app.any.run/tasks/cf6284a8-5e5b-4a0d-9097-0e9fa6a06c51
Verdict: Malicious activity
Analysis date: July 04, 2024, 08:53:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

87AB593AEC253A40AAC27BF0BE0DDA39

SHA1:

CA5A68D86A9FF36CF2350C83A3B534BCB9E78BE3

SHA256:

33F495E02208CA0AB52AF79A47BAFE1009F93D7B93BEAC84DA4FDB1B16DBA336

SSDEEP:

12288:4S8HitrsX3hsozBmvHVVsowT/VAkEMsyjhrnk3MkDJHjaW1Kt1/H6:4PitA36oz4DsowT/VAZMsyjhrnk3MkD3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DARTEX.EXE.exe (PID: 2732)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • DARTEX.EXE.exe (PID: 2732)

    • Process drops legitimate windows executable

      • DARTEX.EXE.exe (PID: 2732)

    • Reads the Internet Settings

      • DARTEX.EXE.exe (PID: 2732)

    • Executable content was dropped or overwritten

      • DARTEX.EXE.exe (PID: 2732)

    • Starts a Microsoft application from unusual location

      • Explorer.exe (PID: 680)

    • Reads security settings of Internet Explorer

      • DARTEX.EXE.exe (PID: 2732)

  • INFO

    • Checks supported languages

      • DARTEX.EXE.exe (PID: 2732)
      • Explorer.exe (PID: 680)

    • Create files in a temporary directory

      • DARTEX.EXE.exe (PID: 2732)

    • Reads the computer name

      • DARTEX.EXE.exe (PID: 2732)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:03:05 12:48:20+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 96256
InitializedDataSize: 37888
UninitializedDataSize: -
EntryPoint: 0x17d2f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.7.0.3873
ProductVersionNumber: 1.7.0.3873
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.7.0.3873
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2015 Oleg N. Scherbakov
OriginalFileName: 7ZSfxMod_x86.exe
PrivateBuild: March 5, 2016
ProductName: 7-Zip SFX
ProductVersion: 1.7.0.3873
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dartex.exe.exe explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
680"C:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\Explorer.exe" C:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\Explorer.exeDARTEX.EXE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
FileExplorer Application
Exit code:
0
Version:
6.00.6430.0 (vbl_core_mig_wadminpak(tbert).080628-0901)
Modules
Images
c:\users\admin\appdata\local\temp\2k10\ms-dart\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2732"C:\Users\admin\AppData\Local\Temp\DARTEX.EXE.exe" C:\Users\admin\AppData\Local\Temp\DARTEX.EXE.exe
explorer.exe
User:
admin
Company:
Oleg N. Scherbakov
Integrity Level:
MEDIUM
Description:
7z Setup SFX (x86)
Exit code:
0
Version:
1.7.0.3873
Modules
Images
c:\users\admin\appdata\local\temp\dartex.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
2 939
Read events
2 931
Write events
8
Delete events
0

Modification events

(PID) Process:(2732) DARTEX.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2732) DARTEX.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2732) DARTEX.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2732) DARTEX.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
6
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\Explorer.exeexecutable
MD5:52C17DEB5DC3F275AFEAF6AB9C09DB76
SHA256:B0889CACF7D0555CFAC044309DF9DB2E7F9EAB77ECA62EED786C02459F5F8A87
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\fauxshell.dllexecutable
MD5:4C342A114E67835FCC4C7413BA70038F
SHA256:F2B4C4D720764169EFBD4FF9C40DA51E9D153CBE5A388B6B6B9B637DC1500AAD
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\ru-RU\fauxshell.dll.muiexecutable
MD5:EE37F6F3CE92841747E251DD975B433B
SHA256:8A7CF30124F6A3AB0F50DE7FAF3F0100AD5861819F2136B946BB91AC23B619FF
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\MSDartCmn.dllexecutable
MD5:13CEFB251B933739D874C1B4C84685FE
SHA256:9EC9F1D05846E80E110DDF4CFC2A39177623EBEF29B1D6AA742000B2D6D45502
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\ru-RU\msdartcmn.dll.muiexecutable
MD5:8BA708ABA5A48C9674DC4426CAFF37EC
SHA256:C91D17CEEAF8C37540C3722E1BAA0E3AFC8C95F9F93ACA92998D384B363970BA
2732DARTEX.EXE.exeC:\Users\admin\AppData\Local\Temp\2k10\MS-Dart\ru-RU\explorer.exe.muiexecutable
MD5:205B2BB6BE5C2912CD53B78367F20135
SHA256:675D41AFF96B920F8CC4893D30AEA9ADA4BB86130D0A8337A83D69FA622876C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
11
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f69642324cc87bd
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1372
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
unknown
1060
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DARTEX.EXE