File name:

MBTB_Setup_V3.4.5.0.exe

Full analysis: https://app.any.run/tasks/aebfe2f9-b4ba-4bcc-a5ae-73c618f89ee6
Verdict: Malicious activity
Analysis date: November 12, 2023, 10:32:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

78C2526D1F01E9CBD48D73777C1A34DC

SHA1:

9BA2252736D1707166D44D6ACEE2FF7491B4E0EA

SHA256:

3C457DC7C5E316816F3F57E29AAA7DC9B9EBE73F798AC7FD551A386D4475C864

SSDEEP:

98304:0p+ocDnqKb2cX+8XsHRBAa3A2iwyEuKJtaNXrfyNLwt0qaYE3VCNUhueRmKjRc+W:nviU15h/hqV1xvv7UTDdWal1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)

    • Process drops legitimate windows executable

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)

    • The process creates files with name similar to system file names

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)

    • Reads the Internet Settings

      • MBTB.UI.exe (PID: 3516)

  • INFO

    • Create files in a temporary directory

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)

    • Reads the computer name

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)
      • MBTB.UI.exe (PID: 3516)

    • Checks supported languages

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)
      • MBTB.UI.exe (PID: 3516)

    • Manual execution by a user

      • MBTB.UI.exe (PID: 3516)

    • Reads the machine GUID from the registry

      • MBTB.UI.exe (PID: 3516)

    • Creates files or folders in the user directory

      • MBTB.UI.exe (PID: 3516)

    • Creates files in the program directory

      • MBTB_Setup_V3.4.5.0.exe (PID: 2900)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:52+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start mbtb_setup_v3.4.5.0.exe mbtb.ui.exe no specs wisptis.exe no specs wisptis.exe mbtb_setup_v3.4.5.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2900"C:\Users\admin\AppData\Local\Temp\MBTB_Setup_V3.4.5.0.exe" C:\Users\admin\AppData\Local\Temp\MBTB_Setup_V3.4.5.0.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\mbtb_setup_v3.4.5.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3416"C:\Users\admin\AppData\Local\Temp\MBTB_Setup_V3.4.5.0.exe" C:\Users\admin\AppData\Local\Temp\MBTB_Setup_V3.4.5.0.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\mbtb_setup_v3.4.5.0.exe
c:\windows\system32\ntdll.dll
3516"C:\Morpho\MBTB\MBTB.UI.exe" C:\Morpho\MBTB\MBTB.UI.exeexplorer.exe
User:
admin
Company:
Groupe SAFRAN
Integrity Level:
MEDIUM
Description:
MBTB.UI
Exit code:
0
Version:
3.4.5
Modules
Images
c:\morpho\mbtb\mbtb.ui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3680"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\System32\wisptis.exeMBTB.UI.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Pen and Touch Input Component
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
3940"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\System32\wisptis.exe
MBTB.UI.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
24
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
Total events
1 725
Read events
1 715
Write events
10
Delete events
0

Modification events

(PID) Process:(3516) MBTB.UI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3516) MBTB.UI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3516) MBTB.UI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3516) MBTB.UI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3516) MBTB.UI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(3940) wisptis.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
MBTB.UI.exe
Executable files
67
Suspicious files
5
Text files
60
Unknown types
0

Dropped files

PID
Process
Filename
Type
2900MBTB_Setup_V3.4.5.0.exeC:\Users\admin\AppData\Local\Temp\nsh70E0.tmp\modern-wizard.bmpimage
MD5:BE1702FC37CAA60B47FDF4A296A608F7
SHA256:839D1620789DC55E2DE744C7AFF1D4D7D6CF5E34EB790FF5E27B79139F8B1BB4
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\MBTB.UI.exeexecutable
MD5:3868B6003D73B7B6171B3209B5F24E90
SHA256:9B92389FAC046650A37F4044A9B5BFB40A4DC4FD4FB173A45794550A6471B828
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\MBTB.Common.dllexecutable
MD5:2839067272FE55FEA3AB2BCE7D745013
SHA256:DB4ACF19F962082A8D5938C1C91826620C6A65CA1B24D5E17044E25BCE272DE2
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\Microsoft.Practices.EnterpriseLibrary.Common.dllexecutable
MD5:FD27BEC0828C13F832B6A43123611498
SHA256:3968CD22E70591F4DD0968C29B7B63671B630F74D4C9FDB319A48B428DA25463
2900MBTB_Setup_V3.4.5.0.exeC:\Users\admin\AppData\Local\Temp\nsh70E0.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2900MBTB_Setup_V3.4.5.0.exeC:\Users\admin\AppData\Local\Temp\nsh70E0.tmp\UserInfo.dllexecutable
MD5:7579ADE7AE1747A31960A228CE02E666
SHA256:564C80DEC62D76C53497C40094DB360FF8A36E0DC1BDA8383D0F9583138997F5
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\MBTB.AccessDevice.dllexecutable
MD5:1CCACAC492FA03AABE155CDF7F95DB3C
SHA256:770D2D04E62A25EEDF0D08B28983324D39F767DE1B8562C54F82CC43E183317F
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\Morpho.MorphoAccess.Maci.dllexecutable
MD5:99C73670650EB1E70BCA9B3F903FA75D
SHA256:59F9772BE0789306180D76DB28A30667C43B84E61BF3B2416105284C208724F7
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\Microsoft.Practices.ObjectBuilder2.dllexecutable
MD5:BF1CFE0BFE175E9D8C3116AD6FA9FCE9
SHA256:6C2AF5BC5EA7932AD69EDDA81278A742ED84272A61A9776929AF46019F1DC729
2900MBTB_Setup_V3.4.5.0.exeC:\Morpho\MBTB\log4net.dllexecutable
MD5:B89CB7F3F1A1E2807E708F5435DEB13D
SHA256:27D26AAB42F7CAB35BF51D0536C67ED553FC97B670226B868805E7C6927E5C87
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MBTB_Setup_V3.4.5.0.exe