URL:

https://notmyfault.findmysoft.com/

Full analysis: https://app.any.run/tasks/2df8f746-ee91-41a3-a1a0-d19a3beac447
Verdict: Malicious activity
Analysis date: January 25, 2024, 18:32:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

35421B8EA5042A00B1480BD844AF2C8C

SHA1:

29AC7BBD89C8F8CF39E387E4BFFE8A4CE451F89A

SHA256:

3744889BE162F4924BA7B9297792B8F760AD68445CA61EAB6E1CC2107135D7FA

SSDEEP:

3:N8hAfKhWKDRtn:2+rKXn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • notmyfault.exe (PID: 3064)
      • notmyfault.exe (PID: 1956)

    • Drops the executable file immediately after the start

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

    • Creates files in the driver directory

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

    • Drops a system driver (possible attempt to evade defenses)

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3872)
      • msedge.exe (PID: 2828)

    • The process uses the downloaded file

      • msedge.exe (PID: 1544)
      • msedge.exe (PID: 2872)

    • Checks supported languages

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)
      • notmyfault.exe (PID: 3612)

    • Manual execution by a user

      • msedge.exe (PID: 2828)
      • notmyfault.exe (PID: 2540)
      • notmyfault.exe (PID: 1956)
      • notmyfaultc.exe (PID: 1840)
      • notmyfault.exe (PID: 2164)
      • notmyfault.exe (PID: 3064)
      • notmyfault.exe (PID: 2668)
      • notmyfault.exe (PID: 3612)
      • notmyfaultc.exe (PID: 3144)
      • notmyfaultc.exe (PID: 3944)
      • notmyfaultc.exe (PID: 480)

    • Reads Environment values

      • notmyfault.exe (PID: 1956)

    • Reads product name

      • notmyfault.exe (PID: 1956)

    • Reads the computer name

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)
      • notmyfault.exe (PID: 3612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
100
Monitored processes
42
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notmyfault.exe no specs notmyfault.exe notmyfault.exe no specs notmyfault.exe notmyfaultc.exe no specs notmyfaultc.exe notmyfault.exe no specs notmyfault.exe notmyfaultc.exe no specs notmyfaultc.exe

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1252 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
420"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1184 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
480"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exeexplorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
MEDIUM
Description:
Driver Bug Test Program
Exit code:
3221226540
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfaultc.exe
c:\windows\system32\ntdll.dll
660"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
972"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1544"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1708"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3704 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1840"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exeexplorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
MEDIUM
Description:
Driver Bug Test Program
Exit code:
3221226540
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfaultc.exe
c:\windows\system32\ntdll.dll
1956"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfault.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfault.exe
explorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
HIGH
Description:
Driver Bug Test Program
Exit code:
0
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
6 661
Read events
6 563
Write events
91
Delete events
7

Modification events

(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000002B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
Operation:writeName:NextId
Value:
8193
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:FullScreen
Value:
no
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:Window_Placement
Value:
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
(PID) Process:(3872) iexplore.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\11A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
28
Suspicious files
390
Text files
135
Unknown types
0

Dropped files

PID
Process
Filename
Type
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F27QLW3D\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datbinary
MD5:A8AA095C24CB90AF586058511C581014
SHA256:2E3145205758AEE9F8816ED5C0A1E275466B0E35CDD91BA9FEA64D867AA8B20C
3872iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QBCSK7UL\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B8B7NMVA\desktop.initext
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EAAR1WR3\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416binary
MD5:55540A230BDAB55187A841CFE1AA1545
SHA256:D73494E3446B02167573B3CDE3AE1C8584AC26E15E45AC3EC0326708425D90FB
3772iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416binary
MD5:778D2B335C0FD0A85ACBE84505832F66
SHA256:F81A97D2C3167F38FC99ACAF5C04A5E91FDDE4E77BBD8B1876D87548353FF16A
3872iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
145
DNS requests
156
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3872
iexplore.exe
GET
200
95.101.23.88:80
http://www.bing.com/favicon.ico
unknown
image
4.19 Kb
unknown
3772
iexplore.exe
GET
200
18.239.255.59:80
http://x.ss2.us/x.cer
unknown
binary
1.27 Kb
unknown
3772
iexplore.exe
GET
200
2.23.154.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a95ea3f716910628
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3872
iexplore.exe
95.101.23.88:80
www.bing.com
Akamai International B.V.
AT
unknown
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
3772
iexplore.exe
18.172.242.60:443
notmyfault.findmysoft.com
US
unknown
3772
iexplore.exe
18.239.255.59:80
x.ss2.us
US
unknown
192.168.100.255:138
unknown
239.255.255.250:1900
unknown
3772
iexplore.exe
2.23.154.65:80
ctldl.windowsupdate.com
Akamai International B.V.
AT
unknown
3772
iexplore.exe
142.251.208.136:443
www.googletagmanager.com
GOOGLE
US
unknown
3772
iexplore.exe
142.251.39.72:443
ssl.google-analytics.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
notmyfault.findmysoft.com
  • 18.172.242.60
unknown
www.bing.com
  • 95.101.23.88
whitelisted
x.ss2.us
  • 18.239.255.59
whitelisted
ctldl.windowsupdate.com
  • 2.23.154.65
whitelisted
ssl.google-analytics.com
  • 142.251.39.72
whitelisted
www.findmysoft.com
  • 18.172.242.88
unknown
www.googletagmanager.com
  • 142.251.208.136
whitelisted
img.findmysoft.com
  • 18.239.255.78
shared
www.signidata.com
  • 18.172.242.17
whitelisted
stats.g.doubleclick.net
  • 74.125.133.157
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://notmyfault.findmysoft.com/