File name:

dseo13b.exe

Full analysis: https://app.any.run/tasks/b5e469cb-0d25-4f46-85bf-9ccd76b9a3be
Verdict: Malicious activity
Analysis date: February 04, 2024, 20:15:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6DDEB31C98A188378F0652CD90FC50FF

SHA1:

D7922F2DCB47A37CF798DFFB824F840DDEF7FFD5

SHA256:

39036A8F2CA0430FD57D86563BC783E0F1AD3144540B87CF2EC2DDE9ABB3B8CD

SSDEEP:

24576:2YNh+XEAcdWLg0IsqNqQZpCkPdba7SYLa7SYra7SY0mcrCZ9eeGy71+ltipzc5TS:BNh+UAcdWLzIshQSkPdm7SYW7SY27SYb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dseo13b.exe (PID: 4092)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • dseo13b.exe (PID: 4092)

    • Executable content was dropped or overwritten

      • dseo13b.exe (PID: 4092)

    • The process creates files with name similar to system file names

      • dseo13b.exe (PID: 4092)

    • Reads the Internet Settings

      • dseo13b.exe (PID: 4092)

  • INFO

    • Checks supported languages

      • bcdedit.exe (PID: 2380)
      • dseo13b.exe (PID: 4092)

    • Reads the computer name

      • dseo13b.exe (PID: 4092)

    • Create files in a temporary directory

      • dseo13b.exe (PID: 4092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2003:03:10 18:22:47+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 49152
InitializedDataSize: 12288
UninitializedDataSize: -
EntryPoint: 0x646b
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dseo13b.exe bcdedit.exe no specs dseo13b.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
532"C:\Users\admin\AppData\Local\Temp\dseo13b.exe" C:\Users\admin\AppData\Local\Temp\dseo13b.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\dseo13b.exe
c:\windows\system32\ntdll.dll
2380"C:\Windows\bcdedit.exe" /set TESTSIGNING ONC:\Windows\bcdedit.exedseo13b.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\windows\bcdedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
4092"C:\Users\admin\AppData\Local\Temp\dseo13b.exe" C:\Users\admin\AppData\Local\Temp\dseo13b.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\dseo13b.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
252
Read events
243
Write events
9
Delete events
0

Modification events

(PID) Process:(4092) dseo13b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4092) dseo13b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4092) dseo13b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4092) dseo13b.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2380) bcdedit.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{345b46fd-a9f9-11e7-a83c-e8a4f72b1d33}\Elements\16000049
Operation:writeName:Element
Value:
01
Executable files
5
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\rebootnt.exeexecutable
MD5:C459E252866435ED8B928D1509C28DE2
SHA256:4887FF02F8E45F5E03E351CB5156111659CC1B04FDCA9DAE3BD75CB99381DEDE
4092dseo13b.exeC:\Windows\bcdedit.exeexecutable
MD5:C216469F755493B29518B9ECBEE99CBC
SHA256:3D88DD98F488D92F724B1D253C966E92C4B2664A8B0AC03D5850D6D768B5FEB5
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\v0000005.488executable
MD5:C216469F755493B29518B9ECBEE99CBC
SHA256:3D88DD98F488D92F724B1D253C966E92C4B2664A8B0AC03D5850D6D768B5FEB5
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\default.bmpimage
MD5:4B6AD7D5E4B4F631F7F78DD049E5326B
SHA256:B76620E328E1C40C43965FF65023C995C455B4EC150D55024ABFF46718EA9EC9
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\English.vlgtext
MD5:AA00F72BFC4B20E2EF89A6D705C19345
SHA256:ADA22EB8E66B404689FABF256E185DD0A9005B7BC7E6C616DB27ED7DBEC080A5
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\vise32ex.dllexecutable
MD5:54925D8AEA245A7BE34EC34402B2865B
SHA256:EE0D08A2B5888B1E127F11FEE8BF91D274E4126D571C62654B97270A11BE7C0F
4092dseo13b.exeC:\Users\admin\AppData\Local\Temp\~vis0000\miscdata.xyzbinary
MD5:A0064E619964DE638FDCF7EA18319EDB
SHA256:96EA911FB86245D8D57B8AF1F8680A0D531B84FA931CC7E6EAF6FC7AA745F8AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dseo13b.exe