File name:

monitor-silent.exe

Full analysis: https://app.any.run/tasks/b915418f-7d11-4155-b7d2-8c7a88e7491e
Verdict: Malicious activity
Analysis date: May 20, 2024, 15:57:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

DB88F369EFDDADCA0CF7B15E4286BA96

SHA1:

C4C6EC473F563389E5CB3D25D308A626B8302941

SHA256:

3F4BCB50E2E2CC5F2F0996F241A3083EB1A248000AE80662228AE0701480A788

SSDEEP:

98304:Ssieth0X7+imcYyqWUG3FlCbAjj7JdCZt4kJ4xC48qwEkScb93jXCUCAfKvFw2d0:pMa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • monitor-silent.exe (PID: 4008)
      • monitor-silent.exe (PID: 4040)
      • monitor-silent.exe (PID: 1872)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • monitor-silent.exe (PID: 4040)
      • monitor-silent.exe (PID: 4008)
      • monitor-silent.exe (PID: 1872)

  • INFO

    • Reads the computer name

      • monitor-silent.exe (PID: 4008)
      • monitor-silent.exe (PID: 2028)
      • monitor-silent.exe (PID: 1872)

    • Checks supported languages

      • monitor-silent.exe (PID: 4040)
      • monitor-silent.exe (PID: 4008)
      • monitor-silent.exe (PID: 2028)
      • monitor-silent.exe (PID: 1872)

    • Create files in a temporary directory

      • monitor-silent.exe (PID: 4008)
      • monitor-silent.exe (PID: 4040)
      • monitor-silent.exe (PID: 1872)

    • Manual execution by a user

      • cmd.exe (PID: 1136)

    • Reads the machine GUID from the registry

      • monitor-silent.exe (PID: 1872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.7)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:08:04 07:37:28+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.25
CodeSize: 16384
InitializedDataSize: 3459584
UninitializedDataSize: 34304
EntryPoint: 0x14e0
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows command line
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName:
FileDescription:
FileVersion: 0.0.0.0
InternalName:
LegalCopyright:
LegalTrademarks:
OriginalFileName:
ProductName:
ProductVersion: 0.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
5
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start monitor-silent.exe monitor-silent.exe cmd.exe no specs monitor-silent.exe monitor-silent.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1136"C:\Windows\system32\cmd.exe" C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1872C:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32/monitor-silent.exe -B src.parC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\monitor-silent.exe
monitor-silent.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\monitor-silent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\perl524.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
2028monitor-silent.exe -B src.parC:\Users\admin\Desktop\monitor-silent.execmd.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\desktop\monitor-silent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\user32.dll
4008"C:\Users\admin\Desktop\monitor-silent.exe" C:\Users\admin\Desktop\monitor-silent.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
3221225786
Version:
0.0.0.0
Modules
Images
c:\users\admin\desktop\monitor-silent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\user32.dll
4040C:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32/monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\monitor-silent.exe
monitor-silent.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Exit code:
2
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\monitor-silent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\perl524.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
Total events
500
Read events
500
Write events
0
Delete events
0

Modification events

No data
Executable files
110
Suspicious files
0
Text files
652
Unknown types
0

Dropped files

PID
Process
Filename
Type
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\monitor-silent.exe.4008executable
MD5:25E70A085D9EDDFDCBA50026F110A99C
SHA256:7D98E88D6115B074192678FE20FEDB93B7056CC3D2A9EB40B917007B7D2EB592
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\libgcc_s_sjlj-1.dll.4008executable
MD5:D2002A73E55FFC4E6C70642A401535B9
SHA256:A3E4F852599AB3BF5D4EEEFF5C589C412673FEA2917A3A7CA6B65A54FD576C19
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\perl524.dllexecutable
MD5:3F2DF55776F8943FCD9F1B5415BDBDEF
SHA256:18D81A3F87936178CD80C5FCD1ECE911FB5F9A1C0555A45721CE59D7BE143E90
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\libwinpthread-1.dllexecutable
MD5:2F4D054BA491E43B4827D5669317DEE8
SHA256:E5EB3BCC21CDF9EB74FC5B61F22526F6E10B2F569700D9D356BCBC0E20B4B93B
4040monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\34a8d14e.dll.4040executable
MD5:EA233E8F4286F01B38C971FCBD0884CC
SHA256:A61BC42D7EE7B81DD727EC73CDEA4949FF50E8C8D237EA50DE638CFBED95D309
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\libwinpthread-1.dll.4008executable
MD5:2F4D054BA491E43B4827D5669317DEE8
SHA256:E5EB3BCC21CDF9EB74FC5B61F22526F6E10B2F569700D9D356BCBC0E20B4B93B
4040monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\805855f4.dllexecutable
MD5:EAEC5D17BB26975B98A37F143D3ABC2E
SHA256:5A9190466E1EEEFB754EAF05257643AFFC318908E524F0F927BA267B228FA149
4040monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\110113ab.dll.4040executable
MD5:3AB350D035B8363698420B1368CA1EA0
SHA256:79BE8FBA796EBEA61455FD3A457A8EFEDF040EBCA81050EF3459D5B33E7DB2F1
4008monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\libstdc++-6.dll.4008executable
MD5:2CD6ED71A2DC6490FD69ED109E87023F
SHA256:95A513D6620B62BB6C683DF9DA3DCD6E9F036A9B883FE6FD731AD9964EF2C3B0
4040monitor-silent.exeC:\Users\admin\AppData\Local\Temp\par-61646d696e\cache-116dc69a0510af8814956dd670c1344484df5b32\91d098d1.dllexecutable
MD5:29DE9E27CD9949547727DFCE1D1B3E84
SHA256:C1FD88209BE9AC68FF81AC75651806DFB5A580633C0317C95EBC39FEE0C4483C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
monitor-silent.exe