File name:

SmartCardManager.exe

Full analysis: https://app.any.run/tasks/965c33b3-f224-463e-8cba-ef2ff7852edf
Verdict: Malicious activity
Analysis date: May 16, 2024, 08:51:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6DC5D941D8F79077EFFFC558F6306610

SHA1:

0EA34269F93A346FEC3B32A4D1154C43154850FB

SHA256:

384A41197C5C7841FFBEC7C779BCC2070669399FC914C06A143952841C0A9138

SSDEEP:

98304:h+cD4dn9AqSRTetLWNffIBCdf6EYrHXVuK2a9fsEJBqgabZ6Dl6Haxk1KVwu9vXf:5A3T8UDu+W4PRWYJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SmartCardManager.exe (PID: 3972)
      • SmartCardManager.tmp (PID: 3988)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SmartCardManager.exe (PID: 3972)
      • SmartCardManager.tmp (PID: 3988)

    • Reads the Windows owner or organization settings

      • SmartCardManager.tmp (PID: 3988)

  • INFO

    • Create files in a temporary directory

      • SmartCardManager.exe (PID: 3972)
      • SmartCardManager.tmp (PID: 3988)

    • Checks supported languages

      • SmartCardManager.exe (PID: 3972)
      • SmartCardManager.tmp (PID: 3988)

    • Reads the computer name

      • SmartCardManager.tmp (PID: 3988)

    • Creates files or folders in the user directory

      • SmartCardManager.tmp (PID: 3988)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Ecocerved s.c.a.r.l.
FileDescription: Ecocerved SmartCardManager Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: Ecocerved SmartCardManager
ProductVersion: 1.0.374
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start smartcardmanager.exe smartcardmanager.tmp ecocerved.smartcardmaganer.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2108"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
3972"C:\Users\admin\AppData\Local\Temp\SmartCardManager.exe" C:\Users\admin\AppData\Local\Temp\SmartCardManager.exe
explorer.exe
User:
admin
Company:
Ecocerved s.c.a.r.l.
Integrity Level:
MEDIUM
Description:
Ecocerved SmartCardManager Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\smartcardmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3988"C:\Users\admin\AppData\Local\Temp\is-8H621.tmp\SmartCardManager.tmp" /SL5="$20138,6393336,832512,C:\Users\admin\AppData\Local\Temp\SmartCardManager.exe" C:\Users\admin\AppData\Local\Temp\is-8H621.tmp\SmartCardManager.tmp
SmartCardManager.exe
User:
admin
Company:
Ecocerved s.c.a.r.l.
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8h621.tmp\smartcardmanager.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4016"C:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.exe"C:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.exeSmartCardManager.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
Ecocerved.SmartCardMaganer
Version:
1.0.374
Total events
2 465
Read events
2 460
Write events
5
Delete events
0

Modification events

(PID) Process:(3988) SmartCardManager.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
940F000062A9BF4C6EA7DA01
(PID) Process:(3988) SmartCardManager.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
97FB9BAF105BC42BAB9329BA0FA64AF698997277CA5C8C7CEF41163947ABBB3B
(PID) Process:(3988) SmartCardManager.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3988) SmartCardManager.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\BouncyCastle.Cryptography.dll
(PID) Process:(3988) SmartCardManager.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
3F13401B0670D0DA54315E7DCABCF053D55FEBDBB71648E4B25B9463258371CD
Executable files
21
Suspicious files
6
Text files
11
Unknown types
1

Dropped files

PID
Process
Filename
Type
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\is-7UATK.tmp
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\is-OKGB2.tmp
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.DigitalSignature.pdb
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.exe
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.exe.config
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\is-HSL7O.tmp
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Hardcodet.Wpf.TaskbarNotification.pdb
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\is-44V6K.tmp
MD5:
SHA256:
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Temp\is-O0A5J.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
3988SmartCardManager.tmpC:\Users\admin\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.pdbpdb
MD5:7E2DFF979F5C6A6DF7B7FD89982CAB8C
SHA256:A3466672CE853C2582374892367FBDD3EE9028CC1D89E11295F41E1513DA0583
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
80.82.6.175:443
assistenza.ecocerved.it
InfoCamere SCpA
IT
unknown

DNS requests

Domain
IP
Reputation
assistenza.ecocerved.it
  • 80.82.6.175
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SmartCardManager.exe