File name: | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe |
Full analysis: | https://app.any.run/tasks/25105d5f-7a3f-41c6-bb72-b57231fb0bdf |
Verdict: | Malicious activity |
Analysis date: | January 11, 2025, 00:45:28 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections |
MD5: | D671321FF7DCE4A8E0F6B180556FCB2D |
SHA1: | 794A41CC79681B2F3A1D5788B34CDA28EC92F2F2 |
SHA256: | 3998D04D564BA0F40F4CA6EBE2C01EC0278A555C5B6ED4A6C86F8D88F24917AC |
SSDEEP: | 24576:Hfuj5DuFRSfWJUq5kUe+fuj5DuFRSfWJUq5kUeofuj5DuFRSfWJUq5kUe+fuj5Dh:Hfuj56FRSfWJ9kUe+fuj56FRSfWJ9kUi |
.exe | | | UPX compressed Win32 Executable (64.2) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.6) |
.exe | | | Win32 Executable (generic) (10.6) |
.exe | | | Generic Win/DOS Executable (4.7) |
.exe | | | DOS Executable Generic (4.7) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x7f80 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
6268 | "C:\Users\admin\Desktop\3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe" | C:\Users\admin\Desktop\3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | — | ||
MD5:— | SHA256:— | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.tmp | executable | |
MD5:183FDF99FCCDA193C158F146D0BDEA3F | SHA256:FA9037981419323CB186305B1A364F8D7BD31D4E17A944BA449AAFC3A34660A9 | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef_200_percent.pak.tmp | executable | |
MD5:25DC476C264A81A5CC3DF5C2715B15E9 | SHA256:03FFBF777B1799B5C0F789A32B45924F6F54A5FEDEC7178AC4895EE5C7D8CBCE | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.tmp | executable | |
MD5:E05632F28500692844076F130408BAEA | SHA256:59331656DD4F8E9A3782BF12C388315930D948762D0B277DBA2B8CB00AFA2156 | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.tmp | executable | |
MD5:B4549C6159996EE89AB4DCFFFFBDA93F | SHA256:A608B993057056E53AB154A61970B1D8C2170B7B5DC699F43A0EFCA3548F043A | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.tmp | executable | |
MD5:C401D0AD03C4ED14E9D26FB599483C56 | SHA256:E2D66218635D8A448FE570FA0E1E6692EEB3F52965EDB9A4CEAD169AD0C091F2 | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.tmp | executable | |
MD5:63DD4CB7136065CF31FA31E0FD6DFB87 | SHA256:8F8B991547ED93F5901554FEF8C30F0520FB7E89D566DA0B048C7AA77322E79F | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:20558A503B7D228C7E7BB6D5990F480A | SHA256:0D3A8A729221D7E6E447053AD337290AF64837AB899F86D003E7F2563071EA04 | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:20558A503B7D228C7E7BB6D5990F480A | SHA256:0D3A8A729221D7E6E447053AD337290AF64837AB899F86D003E7F2563071EA04 | |||
6268 | 3998d04d564ba0f40f4ca6ebe2c01ec0278a555c5b6ed4a6c86f8d88f24917ac.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.tmp | executable | |
MD5:644EC8393CEFB154AFE868457F7EB82E | SHA256:670DA17C2FFAA0F34B063A4917EBA25587E1437B123289D2F0492C3675A4A53C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
4712 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3976 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |