File name: | downloadEdge.aspx |
Full analysis: | https://app.any.run/tasks/9190e943-f397-4e31-86a0-cea73dc4d615 |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 20:28:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 1D065827894AF28CA6D740A8604C99F5 |
SHA1: | 46C8A37890E984226C590AD3857EDFE1FF433858 |
SHA256: | 3F0CF2E08607F9D77BC9C043729E14FAD6D5D4676F2746D848AA9AC6F326E385 |
SSDEEP: | 49152:Z6+ONgzWvqBtqSKgPQNkQmO0RrePFbe+Utczjjcym7IChVOV:Z6RgSvq+SJ8POrCFb7acXjcym7IuV2 |
.exe | | | Win32 Executable (generic) (52.9) |
---|---|---|
.exe | | | Generic Win/DOS Executable (23.5) |
.exe | | | DOS Executable Generic (23.5) |
LanguageId: | en |
---|---|
UpstreamVersion: | 1.3.99.0 |
ProductVersion: | 1.3.117.15 |
ProductName: | Microsoft Edge Update |
OriginalFileName: | MicrosoftEdgeUpdateSetup.exe |
LegalCopyright: | Copyright Microsoft Corporation |
InternalName: | Microsoft Edge Update Setup |
FileVersion: | 1.3.117.15 |
FileDescription: | Microsoft Edge Update Setup |
CompanyName: | Microsoft Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.3.117.15 |
FileVersionNumber: | 1.3.117.15 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5751 |
UninitializedDataSize: | - |
InitializedDataSize: | 1664512 |
CodeSize: | 95744 |
LinkerVersion: | 14.16 |
PEType: | PE32 |
TimeStamp: | 2019:11:12 03:24:41+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 12-Nov-2019 02:24:41 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Microsoft Corporation |
FileDescription: | Microsoft Edge Update Setup |
FileVersion: | 1.3.117.15 |
InternalName: | Microsoft Edge Update Setup |
LegalCopyright: | Copyright Microsoft Corporation |
OriginalFilename: | MicrosoftEdgeUpdateSetup.exe |
ProductName: | Microsoft Edge Update |
ProductVersion: | 1.3.117.15 |
UpstreamVersion: | 1.3.99.0 |
LanguageId: | en |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000118 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 12-Nov-2019 02:24:41 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001744F | 0x00017600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.66831 |
.rdata | 0x00019000 | 0x00007568 | 0x00007600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24882 |
.data | 0x00021000 | 0x00001400 | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.24743 |
.rsrc | 0x00023000 | 0x0018D108 | 0x0018D200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.9846 |
.reloc | 0x001B1000 | 0x00001270 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.34218 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.20417 | 1166 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 4.13669 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 3.91985 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.83772 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 3.68656 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 4.50268 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86669 | 90 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
102 | 7.99989 | 1578310 | Latin 1 / Western European | UNKNOWN | B |
1223 | 3.73035 | 380 | Latin 1 / Western European | UNKNOWN | RT_STRING |
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
956 | "C:\Users\admin\Desktop\downloadEdge.aspx.exe" | C:\Users\admin\Desktop\downloadEdge.aspx.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Version: 1.3.117.15 | ||||
2056 | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&lang=en" | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdate.exe | downloadEdge.aspx.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.117.15 | ||||
3028 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
1948 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMTcuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTcuMTUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MjlGNTNFMEUtODMxNy00QzdGLUI3MkYtRjFEMjhBQUNDRDY1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezM5Qzc1RkMwLUREMTEtNDc0QS1CM0YwLTdBRDA1QzBBRUJCMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExNy4xNSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjIxODgiLz48L2FwcD48L3JlcXVlc3Q- | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
788 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&lang=en" /installsource taggedmi /sessionid "{29F53E0E-8317-4C7F-B72F-F1D28AACCD65}" | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.117.15 | ||||
2748 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.117.15 |
PID | Process | Filename | Type | |
---|---|---|---|---|
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdateOnDemand.exe | executable | |
MD5:5F447A5C5CC3F861F8D680B58A9C18D9 | SHA256:6B07496E21331F2CE59C4139F7CD6CAB158C84C176DDDB05C79BC797FCDB4E80 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdateBroker.exe | executable | |
MD5:91AB6CD1BB54C3BABCE8EB64683DA136 | SHA256:BB548B3B6D8E6F989DD38AFA1D7B8BA4F2A8670344A7B88D2071FD8B9805DF37 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\MicrosoftEdgeUpdate.exe | — | |
MD5:52A3903F10AED2D499E18ED25C061579 | SHA256:700E67636D3B7D1882D17BE38DF83726FD47535C4A995AFD449F033D1EBB423B | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_bg.dll | executable | |
MD5:72D262B04F8F224A5A9F72A62779F22D | SHA256:C3E812D4EC42A044C0639EB82F4FD2E15817D93F3952E76B1FED27CC32EFF8EB | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_ar.dll | executable | |
MD5:6C0255082CD75DAC9F0FDA4607ED8BA1 | SHA256:F62B656E28A70B93581104E20EBF83A4F382D9E2DF9F790CE10D2185CBBA115B | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_am.dll | executable | |
MD5:5BF45BC6C487CB8E1D6D2EF0402B5D44 | SHA256:40EE0B3BBE411C16F583E5DF6561885BF06BB11AA5B0E11A2017BDDCEAD9FB57 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_cs.dll | executable | |
MD5:C31389F3C74C1F479CC8FBA11505ABEC | SHA256:5CF59ECBE1E94AF556CFCDA8AFC8469C8E572F0678D28F964426149BAABB0976 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\msedgeupdateres_ca.dll | executable | |
MD5:F6B76DC99FD70D8A1D91D2B2D68DCFBA | SHA256:F30B878BDE946AD0A57F0DD6370D75A8AB7F1739283636978CC820B2E8FCE968 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\psuser_arm64.dll | executable | |
MD5:E5551CCBC8CD7EEA77409F728906C757 | SHA256:9840D0E4DF252BC12136FA6F8B1299BFB3CBD5C14EB9B5AE5342AD457DAE4967 | |||
956 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA37E.tmp\psmachine_arm64.dll | executable | |
MD5:2701F2BBFF8EC278BD3BE39CD6D30CF8 | SHA256:3FADC71E31C97107F2A18E09E44F88A9B76D8FFB53CA0E9299701FF899921FFF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | — | 2.16.186.74:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a2f645e3-bf00-48f3-8201-cae194365ffd?P1=1575404979&P2=402&P3=2&P4=D%2fOu%2fmtLbC%2bHW3FIin6O%2fSY55pwtZJterWqKt5Ph6FhuhvWc%2fuXWoGpN1%2fNFEwpfP6yTgtPZlAP0L28Iwq%2b6xg%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2748 | MicrosoftEdgeUpdate.exe | 40.67.252.175:443 | msedge.api.cdp.microsoft.com | Microsoft Corporation | IE | unknown |
— | — | 2.16.186.74:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | Akamai International B.V. | — | whitelisted |
1948 | MicrosoftEdgeUpdate.exe | 52.114.158.91:443 | self.events.data.microsoft.com | Microsoft Corporation | US | unknown |
Domain | IP | Reputation |
---|---|---|
self.events.data.microsoft.com |
| whitelisted |
msedge.api.cdp.microsoft.com |
| whitelisted |
msedge.f.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |