File name:

NeatDM_setup.exe

Full analysis: https://app.any.run/tasks/438fe3c6-0940-4df0-ab4a-ce4c46d0fc8b
Verdict: Malicious activity
Analysis date: June 05, 2024, 07:31:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E9B88E7E180667206EF48711B985F4B8

SHA1:

B5ADD9F69E68863BE9FC825BE666338999F1CAD0

SHA256:

3474F9A78CF4A443EEBA53D136D0D36D860CECDF955C39075F99287FC759C69E

SSDEEP:

24576:z7blTb9gzCjHexBss+XIRTFJGcgOwg7fVA32XWu67aRq8Imj4Y3:z75uzC7usRItGcKP2XWt+sm8Y3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • NeatDM_setup.exe (PID: 3976)
      • NeatDM_setup.exe (PID: 928)
      • NeatDM_setup.tmp (PID: 1120)

    • Changes the autorun value in the registry

      • NeatDM.exe (PID: 1064)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • NeatDM_setup.exe (PID: 3976)
      • NeatDM_setup.exe (PID: 928)
      • NeatDM_setup.tmp (PID: 1120)

    • Reads the Windows owner or organization settings

      • NeatDM_setup.tmp (PID: 1120)

    • Reads the Internet Settings

      • NeatDM.exe (PID: 1064)

    • Reads security settings of Internet Explorer

      • NeatDM.exe (PID: 1064)

  • INFO

    • Create files in a temporary directory

      • NeatDM_setup.exe (PID: 3976)
      • NeatDM_setup.exe (PID: 928)

    • Checks supported languages

      • NeatDM_setup.exe (PID: 3976)
      • NeatDM_setup.tmp (PID: 3992)
      • NeatDM_setup.exe (PID: 928)
      • NeatDM_setup.tmp (PID: 1120)
      • NeatDM.exe (PID: 1064)
      • wmpnscfg.exe (PID: 2336)

    • Reads the computer name

      • NeatDM_setup.tmp (PID: 3992)
      • NeatDM_setup.tmp (PID: 1120)
      • wmpnscfg.exe (PID: 2336)
      • NeatDM.exe (PID: 1064)

    • Creates files in the program directory

      • NeatDM_setup.tmp (PID: 1120)

    • Creates a software uninstall entry

      • NeatDM_setup.tmp (PID: 1120)

    • Manual execution by a user

      • chrome.exe (PID: 116)
      • wmpnscfg.exe (PID: 2336)

    • Application launched itself

      • chrome.exe (PID: 560)
      • chrome.exe (PID: 116)

    • The process uses the downloaded file

      • chrome.exe (PID: 3008)
      • chrome.exe (PID: 116)

    • Creates files or folders in the user directory

      • NeatDM.exe (PID: 1064)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41472
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaa98
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Javad Motallebi
FileDescription: Neat Download Manager Setup
FileVersion:
LegalCopyright:
ProductName: Neat Download Manager
ProductVersion: 1.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
75
Monitored processes
40
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start neatdm_setup.exe neatdm_setup.tmp no specs neatdm_setup.exe neatdm_setup.tmp neatdm.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
560"C:\Program Files\Google\Chrome\Application\chrome.exe" https://chrome.google.com/webstore/detail/NeatDownloadManager-Extension/cpcifbdmkopohnnofedkjghjiclmhdahC:\Program Files\Google\Chrome\Application\chrome.exeNeatDM.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
692"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1604 --field-trial-handle=1156,i,7950950293960681686,16866629091127226971,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
928"C:\Users\admin\AppData\Local\Temp\NeatDM_setup.exe" /SPAWNWND=$20134 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\NeatDM_setup.exe
NeatDM_setup.tmp
User:
admin
Company:
Javad Motallebi
Integrity Level:
HIGH
Description:
Neat Download Manager Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\neatdm_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1064"C:\Program Files\Neat Download Manager\NeatDM.exe"C:\Program Files\Neat Download Manager\NeatDM.exe
NeatDM_setup.tmp
User:
admin
Company:
NeatDownloadManager
Integrity Level:
MEDIUM
Description:
Neat Download Manager (NeatDM)
Version:
1.4.24.0
Modules
Images
c:\program files\neat download manager\neatdm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1120"C:\Users\admin\AppData\Local\Temp\is-K1DSN.tmp\NeatDM_setup.tmp" /SL5="$30130,671085,57856,C:\Users\admin\AppData\Local\Temp\NeatDM_setup.exe" /SPAWNWND=$20134 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-K1DSN.tmp\NeatDM_setup.tmp
NeatDM_setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-k1dsn.tmp\neatdm_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1184"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6e6a8b38,0x6e6a8b48,0x6e6a8b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1236"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1328 --field-trial-handle=1156,i,7950950293960681686,16866629091127226971,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1788"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1156,i,7950950293960681686,16866629091127226971,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1824"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1156,i,7950950293960681686,16866629091127226971,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
10 474
Read events
10 335
Write events
125
Delete events
14

Modification events

(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
6004000014F2B66C1AB7DA01
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
9FC34F442FFAC34D940635DD4E4BBC3513FBF2119A796621D291256CF4A9B4AF
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Neat Download Manager\NeatDM.exe
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
10945FC9357DF3C27A5F0AC15FE3D40419F27A4DDEC33E59B80AAC0CC6022BAF
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D1A0938-6C9C-43D8-9E53-3CD1AF8F4FFD}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.9 (a)
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D1A0938-6C9C-43D8-9E53-3CD1AF8F4FFD}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Neat Download Manager
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D1A0938-6C9C-43D8-9E53-3CD1AF8F4FFD}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Neat Download Manager\
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D1A0938-6C9C-43D8-9E53-3CD1AF8F4FFD}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(1120) NeatDM_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D1A0938-6C9C-43D8-9E53-3CD1AF8F4FFD}_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
8
Suspicious files
89
Text files
45
Unknown types
3

Dropped files

PID
Process
Filename
Type
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1085cc.TMP
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
1120NeatDM_setup.tmpC:\Program Files\Neat Download Manager\is-BQTPL.tmpexecutable
MD5:E461193650EE17E18879B7E9C611EF85
SHA256:57BEC0AAA54841D7FD695CC90C7BFC645C39C7E24577442EFFD67EE270F39204
3976NeatDM_setup.exeC:\Users\admin\AppData\Local\Temp\is-58O0R.tmp\NeatDM_setup.tmpexecutable
MD5:832DAB307E54AA08F4B6CDD9B9720361
SHA256:CC783A04CCBCA4EDD06564F8EC88FE5A15F1E3BB26CEC7DE5E090313520D98F3
1120NeatDM_setup.tmpC:\Program Files\Neat Download Manager\is-7086O.tmpexecutable
MD5:A30D1632F4FA759C94A16F4A0F451867
SHA256:60B06DB7DFEB6FFFB1BE82F8AD059D61BDB1B1A3889439B56EAAC162E64C0F37
1120NeatDM_setup.tmpC:\Program Files\Neat Download Manager\NeatDM.exeexecutable
MD5:A30D1632F4FA759C94A16F4A0F451867
SHA256:60B06DB7DFEB6FFFB1BE82F8AD059D61BDB1B1A3889439B56EAAC162E64C0F37
1120NeatDM_setup.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat Download Manager.lnklnk
MD5:29CD90A30D3ADB56CA3EDFDC7771B506
SHA256:0F4DF79913202C23CCC1B5F8F00421B94E2BD61BE962BDA2227FB121247AECC8
1120NeatDM_setup.tmpC:\Program Files\Neat Download Manager\unins000.datdat
MD5:95418C2764102D3D17903E9D779D5C2D
SHA256:F66DB237375A8B4F598855F1A64129A67DBAC7A33ADAE2A7DA76F83FDA6B2CAA
116chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC
SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
32
DNS requests
46
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
116
chrome.exe
239.255.255.250:1900
unknown
1236
chrome.exe
142.250.185.67:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
1236
chrome.exe
142.250.145.84:443
accounts.google.com
GOOGLE
US
unknown
1236
chrome.exe
172.217.23.100:443
www.google.com
GOOGLE
US
whitelisted
116
chrome.exe
224.0.0.251:5353
unknown
1236
chrome.exe
142.250.186.131:443
update.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 142.250.185.67
whitelisted
accounts.google.com
  • 142.250.145.84
shared
www.google.com
  • 172.217.23.100
whitelisted
update.googleapis.com
  • 142.250.186.131
unknown
chrome.google.com
  • 142.250.186.110
whitelisted
chromewebstore.google.com
  • 172.217.16.206
unknown
www.gstatic.com
  • 142.250.184.195
whitelisted
fonts.gstatic.com
  • 142.250.184.227
whitelisted
ssl.gstatic.com
  • 142.250.186.67
whitelisted
lh3.googleusercontent.com
  • 142.250.186.129
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NeatDM_setup.exe