download:

/Sbis3Plugin/master/win32/sbisplugin-setup-web.exe

Full analysis: https://app.any.run/tasks/eabb6b78-48e0-45f7-92c5-c5b29eeb99a5
Verdict: Malicious activity
Analysis date: May 27, 2024, 14:18:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E55205B41B09A33F517486B63BA8931A

SHA1:

735AF77D665342572D8A503D7B74F173AB36D841

SHA256:

34A5E76F07ECAC90D94CF5D5360EB4769B7C26883B4EE273FE9F3BC40985F8FB

SSDEEP:

98304:M+RhDZUicnNttUioSnXQtTWew01U1OCg55fovmQzGmYaLmPRMYrnoHGyscV41Rj4:VYg55foA350X

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • sbisplugin-setup-web.exe (PID: 1020)

  • SUSPICIOUS

    • Searches for installed software

      • sbisplugin-setup-web.exe (PID: 1020)
      • sbisplugin-setup-web.exe (PID: 1640)

  • INFO

    • Checks supported languages

      • sbisplugin-setup-web.exe (PID: 1020)
      • wmpnscfg.exe (PID: 2032)
      • sbisplugin-setup-web.exe (PID: 1640)

    • Reads the computer name

      • sbisplugin-setup-web.exe (PID: 1020)
      • wmpnscfg.exe (PID: 2032)
      • sbisplugin-setup-web.exe (PID: 1640)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2032)
      • sbisplugin-setup-web.exe (PID: 1640)
      • sbisplugin-setup-web.exe (PID: 768)

    • Create files in a temporary directory

      • sbisplugin-setup-web.exe (PID: 1020)
      • sbisplugin-setup-web.exe (PID: 1640)

    • Creates files in the program directory

      • sbisplugin-setup-web.exe (PID: 1020)
      • sbisplugin-setup-web.exe (PID: 1640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1970:06:12 19:26:45+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 3750400
InitializedDataSize: 3793920
UninitializedDataSize: -
EntryPoint: 0x358607
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 24.2148.6.0
ProductVersionNumber: 24.2148.6.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Windows, Latin1
CompanyName: Tensor
FileDescription: Saby Plugin Installer
FileVersion: 24.2148.6.0
InternalName: setup-web.exe
LegalCopyright: Copyright © Tensor
OriginalFileName: setup-web.exe
ProductName: Saby Plugin Installer
ProductVersion: 24.2148.6.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start sbisplugin-setup-web.exe wmpnscfg.exe no specs sbisplugin-setup-web.exe no specs sbisplugin-setup-web.exe sbisplugin-setup-web.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\Users\admin\Desktop\sbisplugin-setup-web.exe" C:\Users\admin\Desktop\sbisplugin-setup-web.exeexplorer.exe
User:
admin
Company:
Tensor
Integrity Level:
MEDIUM
Description:
Saby Plugin Installer
Exit code:
3221226540
Version:
24.2148.6.0
Modules
Images
c:\users\admin\desktop\sbisplugin-setup-web.exe
c:\windows\system32\ntdll.dll
1020"C:\Users\admin\Desktop\sbisplugin-setup-web.exe" C:\Users\admin\Desktop\sbisplugin-setup-web.exe
explorer.exe
User:
admin
Company:
Tensor
Integrity Level:
HIGH
Description:
Saby Plugin Installer
Exit code:
0
Version:
24.2148.6.0
Modules
Images
c:\users\admin\desktop\sbisplugin-setup-web.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
1640"C:\Users\admin\Desktop\sbisplugin-setup-web.exe" C:\Users\admin\Desktop\sbisplugin-setup-web.exe
explorer.exe
User:
admin
Company:
Tensor
Integrity Level:
HIGH
Description:
Saby Plugin Installer
Exit code:
0
Version:
24.2148.6.0
Modules
Images
c:\users\admin\desktop\sbisplugin-setup-web.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
2032"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3964"C:\Users\admin\Desktop\sbisplugin-setup-web.exe" C:\Users\admin\Desktop\sbisplugin-setup-web.exeexplorer.exe
User:
admin
Company:
Tensor
Integrity Level:
MEDIUM
Description:
Saby Plugin Installer
Exit code:
3221226540
Version:
24.2148.6.0
Modules
Images
c:\users\admin\desktop\sbisplugin-setup-web.exe
c:\windows\system32\ntdll.dll
Total events
2 875
Read events
2 875
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
13
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\Sbis3Plugin.jsonbinary
MD5:2000333A2191D0CBBE8A08E33ADB02E5
SHA256:28AADE20624DE14BB39D9A1B33CA5C33C261FBD8E43A53DA631835C185C6915C
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\file_info.txttext
MD5:340A39045C40D50DDA207BCFDECE883A
SHA256:D8A1082B68A287D591A958486DC8E132B2EF7673A21EC940917A6BA13FAB69DA
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\https...update.sbis.ru.rules.Sbis3Plugin.jsonbinary
MD5:2000333A2191D0CBBE8A08E33ADB02E5
SHA256:28AADE20624DE14BB39D9A1B33CA5C33C261FBD8E43A53DA631835C185C6915C
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\windows.i686.extensions.txtbinary
MD5:133B34C4DCD45B9071426D640E1EA677
SHA256:E3BBC31087640072E45E55ECA90ACA677636AC7FB25435EA137F71969BD266D4
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\sabyapps_install_gui.logtext
MD5:A6FDFF6D97C489272C51D210502B89A6
SHA256:EF03406D150BD218E4EA6BAF79ECE6F2DCD3716D23E9CA92CAEC12C758EFA9E9
1020sbisplugin-setup-web.exeC:\Users\admin\Desktop\sabyapps_install_gui.logcsv
MD5:8CBCC411A7232C84F352A9029DFDEE17
SHA256:7340F73C8EE4056946AE2A08A8667108A507CEEDECA977685859431AFCECE50A
1020sbisplugin-setup-web.exeC:\ProgramData\Sbis3Plugin\update-cancellation.txttext
MD5:91C544760F7DDD58739427B499F6A132
SHA256:610C5E2F6CA536B4956A8228079E92B40642F9888FBB34A30363ECCA4851F29D
1020sbisplugin-setup-web.exeC:\Users\admin\AppData\Local\Temp\SbisPlugin.Installer\version.txttext
MD5:1D1130B428539BAE878D1186D36A554C
SHA256:527AA688093F1EA6393A1AB43DB7A55901202B3ABF68B62995F7BB6BF6F5254E
1020sbisplugin-setup-web.exeC:\Users\admin\Desktop\web_setup_logs_27_05_2024_15-20-44.zipcompressed
MD5:31837EBB4DFB1E86EBA600E1B17E4829
SHA256:DD6EC5EE4EEAA773331E89F095DE8F3DD60998FCD7483A18FE2B3E1A814C23B5
1020sbisplugin-setup-web.exeC:\ProgramData\Sbis3Plugin\logs\web_installer_history\270524_15-18-34binary
MD5:F9F9BBD588E1457B0E703BB9C33B605C
SHA256:BB1FDEA95DD0F3495F66C97209A106069B9CBB918D54EFCF6B31409291717887
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
58
DNS requests
17
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
unknown
1020
sbisplugin-setup-web.exe
91.232.93.95:443
update.sbis.ru
Company Tensor LLC
RU
unknown
1020
sbisplugin-setup-web.exe
139.45.228.9:443
update-msk2.sbis.ru
JSC RetnNet
RU
unknown
1020
sbisplugin-setup-web.exe
185.167.120.80:443
update-spb1.sbis.ru
Maloe Innovacionnoe Predpriyatie Bonch IT LLC
RU
unknown
1020
sbisplugin-setup-web.exe
91.194.3.193:443
update-msk1.sbis.ru
RealHost Ltd.
RU
unknown
1020
sbisplugin-setup-web.exe
212.232.32.6:443
update-yar1.sbis.ru
Yarnet Ltd
RU
unknown
1640
sbisplugin-setup-web.exe
91.232.93.95:443
update.sbis.ru
Company Tensor LLC
RU
unknown
1640
sbisplugin-setup-web.exe
139.45.228.9:443
update-msk2.sbis.ru
JSC RetnNet
RU
unknown

DNS requests

Domain
IP
Reputation
update.sbis.ru
  • 91.232.93.95
unknown
update-msk2.sbis.ru
  • 139.45.228.9
unknown
update-spb1.sbis.ru
  • 185.167.120.80
unknown
update-msk1.sbis.ru
  • 91.194.3.193
unknown
update-yar1.sbis.ru
  • 212.232.32.6
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/Sbis3Plugin/master/win32/sbisplugin-setup-web.exe