URL:

https://notmyfault.findmysoft.com/

Full analysis: https://app.any.run/tasks/2df8f746-ee91-41a3-a1a0-d19a3beac447
Verdict: Malicious activity
Analysis date: January 25, 2024, 18:32:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

35421B8EA5042A00B1480BD844AF2C8C

SHA1:

29AC7BBD89C8F8CF39E387E4BFFE8A4CE451F89A

SHA256:

3744889BE162F4924BA7B9297792B8F760AD68445CA61EAB6E1CC2107135D7FA

SSDEEP:

3:N8hAfKhWKDRtn:2+rKXn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

    • Drops the executable file immediately after the start

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

  • SUSPICIOUS

    • Creates files in the driver directory

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

    • Executable content was dropped or overwritten

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

    • Drops a system driver (possible attempt to evade defenses)

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3064)

  • INFO

    • Manual execution by a user

      • msedge.exe (PID: 2828)
      • notmyfault.exe (PID: 2540)
      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 2668)
      • notmyfault.exe (PID: 3612)
      • notmyfaultc.exe (PID: 1840)
      • notmyfault.exe (PID: 2164)
      • notmyfault.exe (PID: 3064)
      • notmyfaultc.exe (PID: 3944)
      • notmyfaultc.exe (PID: 480)
      • notmyfaultc.exe (PID: 3144)

    • Application launched itself

      • msedge.exe (PID: 2828)
      • iexplore.exe (PID: 3872)

    • The process uses the downloaded file

      • msedge.exe (PID: 1544)
      • msedge.exe (PID: 2872)

    • Checks supported languages

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3612)
      • notmyfault.exe (PID: 3064)

    • Reads product name

      • notmyfault.exe (PID: 1956)

    • Reads Environment values

      • notmyfault.exe (PID: 1956)

    • Reads the computer name

      • notmyfault.exe (PID: 1956)
      • notmyfault.exe (PID: 3612)
      • notmyfault.exe (PID: 3064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
100
Monitored processes
42
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notmyfault.exe no specs notmyfault.exe notmyfault.exe no specs notmyfault.exe notmyfaultc.exe no specs notmyfaultc.exe notmyfault.exe no specs notmyfault.exe notmyfaultc.exe no specs notmyfaultc.exe

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1252 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
420"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1184 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
480"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exeexplorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
MEDIUM
Description:
Driver Bug Test Program
Exit code:
3221226540
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfaultc.exe
c:\windows\system32\ntdll.dll
660"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
972"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1544"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1708"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3704 --field-trial-handle=1204,i,9611542461738270442,16524807817427124413,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1840"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfaultc.exeexplorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
MEDIUM
Description:
Driver Bug Test Program
Exit code:
3221226540
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfaultc.exe
c:\windows\system32\ntdll.dll
1956"C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfault.exe" C:\Users\admin\AppData\Local\Temp\Temp1_NotMyFault_4.20 (1).zip\notmyfault.exe
explorer.exe
User:
admin
Company:
Sysinternals - www.sysinternals.com
Integrity Level:
HIGH
Description:
Driver Bug Test Program
Exit code:
0
Version:
4.20
Modules
Images
c:\users\admin\appdata\local\temp\temp1_notmyfault_4.20 (1).zip\notmyfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
6 661
Read events
6 563
Write events
91
Delete events
7

Modification events

(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000002B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
Operation:writeName:NextId
Value:
8193
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:FullScreen
Value:
no
(PID) Process:(3872) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:Window_Placement
Value:
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
(PID) Process:(3872) iexplore.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\11A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
28
Suspicious files
390
Text files
135
Unknown types
0

Dropped files

PID
Process
Filename
Type
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F27QLW3D\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B8B7NMVA\desktop.initext
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.initext
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
3772iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar7E27.tmpcat
MD5:9C0C641C06238516F27941AA1166D427
SHA256:4276AF3669A141A59388BC56A87F6614D9A9BDDDF560636C264219A7EB11256F
3772iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:6933A0A014507868058AFFA3E5401C7F
SHA256:F598765D89F47B10414821E622EEDD090D09F593DAF27CC849EF22DC85806F71
3772iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab7E26.tmpcompressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
3872iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHHK0RPV\favicon[1].icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
3772iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
3872iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoimage
MD5:DA597791BE3B6E732F0BC8B20E38EE62
SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
145
DNS requests
156
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3872
iexplore.exe
GET
200
95.101.23.88:80
http://www.bing.com/favicon.ico
unknown
image
4.19 Kb
unknown
3772
iexplore.exe
GET
200
18.239.255.59:80
http://x.ss2.us/x.cer
unknown
binary
1.27 Kb
unknown
3772
iexplore.exe
GET
200
2.23.154.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a95ea3f716910628
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3872
iexplore.exe
95.101.23.88:80
www.bing.com
Akamai International B.V.
AT
unknown
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
3772
iexplore.exe
18.172.242.60:443
notmyfault.findmysoft.com
US
unknown
3772
iexplore.exe
18.239.255.59:80
x.ss2.us
US
unknown
192.168.100.255:138
unknown
239.255.255.250:1900
unknown
3772
iexplore.exe
2.23.154.65:80
ctldl.windowsupdate.com
Akamai International B.V.
AT
unknown
3772
iexplore.exe
142.251.208.136:443
www.googletagmanager.com
GOOGLE
US
unknown
3772
iexplore.exe
142.251.39.72:443
ssl.google-analytics.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
notmyfault.findmysoft.com
  • 18.172.242.60
unknown
www.bing.com
  • 95.101.23.88
whitelisted
x.ss2.us
  • 18.239.255.59
whitelisted
ctldl.windowsupdate.com
  • 2.23.154.65
whitelisted
ssl.google-analytics.com
  • 142.251.39.72
whitelisted
www.findmysoft.com
  • 18.172.242.88
unknown
www.googletagmanager.com
  • 142.251.208.136
whitelisted
img.findmysoft.com
  • 18.239.255.78
shared
www.signidata.com
  • 18.172.242.17
whitelisted
stats.g.doubleclick.net
  • 74.125.133.157
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://notmyfault.findmysoft.com/