File name:

BoseUpdaterInstaller_7.1.13.5238.exe

Full analysis: https://app.any.run/tasks/8b7ca74c-caac-49d1-8f1d-50793e4638c0
Verdict: Malicious activity
Analysis date: May 23, 2024, 11:24:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

81F6218BCF4CB298C0BEECFC3E428D63

SHA1:

73F09DAC335DBCF5DB151726DBD15C96C0074A8E

SHA256:

423E7009C7F9F42166D27BECC780BF72C551E2075391CE98D80F46A5ABCA0373

SSDEEP:

98304:HlhwePBeox3ImKbttvReOWOn251c1nyRMwUtH8YS1RYCH1s7tjQEor62qK0WDMOa:i2Z9YoEEFayZ8H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

    • Creates a software uninstall entry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

    • The process drops C-runtime libraries

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

  • INFO

    • Reads the machine GUID from the registry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)
      • BOSEUPDATER.EXE (PID: 752)

    • Reads the computer name

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)
      • BOSEUPDATER.EXE (PID: 752)

    • Checks supported languages

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)
      • BOSEUPDATER.EXE (PID: 752)

    • Creates files in the program directory

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4084)

    • Manual execution by a user

      • BOSEUPDATER.EXE (PID: 752)

    • Create files in a temporary directory

      • BOSEUPDATER.EXE (PID: 752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 15:32:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 9928704
InitializedDataSize: 45056
UninitializedDataSize: 17203200
EntryPoint: 0x19e0780
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 7.1.13.5238
ProductVersionNumber: 7.1.13.5238
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Bose Corporation
FileDescription: Bose® Device Updater
FileVersion: 7.1.13.5238
InternalName: BoseUpdaterInstaller.exe
LegalCopyright: � Bose Corporation 2024. All rights reserved.
OriginalFileName: BoseUpdaterInstaller.exe
ProductName: Bose Updater
ProductVersion: 7.1.13.5238
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start boseupdaterinstaller_7.1.13.5238.exe boseupdater.exe boseupdaterinstaller_7.1.13.5238.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Program Files\Bose Updater\BOSEUPDATER.EXE" /initC:\Program Files\Bose Updater\BOSEUPDATER.EXE
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Version:
7.1.13.5238
Modules
Images
c:\program files\bose updater\boseupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
3980"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exeexplorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Exit code:
3221226540
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
4084"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
HIGH
Description:
Bose® Device Updater
Exit code:
0
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
Total events
513
Read events
499
Write events
10
Delete events
4

Modification events

(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:delete keyName:(default)
Value:
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:delete keyName:(default)
Value:
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:UninstallString
Value:
"C:\Program Files\Bose Updater\uninstall.exe" /uninstall
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayName
Value:
Bose Updater
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:Publisher
Value:
Bose Corporation
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayVersion
Value:
7.1.13.5238
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bose Updater\BOSEUPDATER.EXE,0
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoModify
Value:
1
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoRepair
Value:
1
(PID) Process:(4084) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:writeName:URL Protocol
Value:
Executable files
19
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\AWS-CPP-SDK-S3.DLLexecutable
MD5:B64E1DB05C2E794C8DB0CE9127C10EA0
SHA256:F21BCD19F480E3B39D550667E2F18BC15B6F4F46336BAF3CCD587FB4C45212CF
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\AWS-CPP-SDK-CORE.DLLexecutable
MD5:FAB66E1C94590B55E377665F26AC31B5
SHA256:8CD3EF7B0183FB255841C4DFDA31413126006DA28CE672BEEAAC21F421D2F154
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5NETWORK.DLLexecutable
MD5:78932F74452BD17566E2E4FDCD8368D6
SHA256:E94054F7F5EFEBDA73F2A075745B9391FF2AC1215B6BC55A6402BCC5AED880FF
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\LIBGLESV2.DLLexecutable
MD5:D4A37250588E61E50AD7F9D129F0D37E
SHA256:785768F643F00CC013FBAB8D620F3C1D3ABEC8BBECA5942BA31834DEA269774B
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\LIBEGL.DLLexecutable
MD5:0469918FC1E19FC3F198CD14BE4E1E22
SHA256:5DD84A436F1BEE9FC1FDF6285DB21E4ACB52BB63CD86C53C23B440F021E03401
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\BOSEUPDATER.EXEexecutable
MD5:7BD86AC7842694E9AA6577A8C2321351
SHA256:1E9A43954EC45C50D92CE69E34461B306277D826BE551E81CDF96B9617C29835
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\CONCRT140.DLLexecutable
MD5:35628D71CF20D4F8AAFB0ABA8DF14B70
SHA256:B2C8A0FBCD4C2EB9BC1AAB03F8FDB2D72D78573A54F3E83D44C95246C4F2D168
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5WIDGETS.DLLexecutable
MD5:4E44578216ABF3654056015EF4C8A9C3
SHA256:91BB41088F847FB73641FA556EDA6D67BACB67560B8ABF6EA1F0C885390004F8
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\SSLEAY32.DLLexecutable
MD5:EE856A00410ECED8CC609936D01F954E
SHA256:B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
4084BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\VSCORELIB140.DLLexecutable
MD5:43BD447470FC404AAED0BC75A4FF1F5F
SHA256:70863045102274C9BF78BAA4D2774B334F92329567A3DD6C246E7876F6B851A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
BOSEUPDATER.EXE
"Bose Updater startup ver 7.1.13.5238"
BOSEUPDATER.EXE
"Loading translations"
BOSEUPDATER.EXE
"Loaded locale: en, suffix: en, result = true"
BOSEUPDATER.EXE
"Starting web server"
BOSEUPDATER.EXE
"Tray available: 1"
BOSEUPDATER.EXE
"Loading settings"
BOSEUPDATER.EXE
"Listening now"
BOSEUPDATER.EXE
"Creating notification icon"
BOSEUPDATER.EXE
"Loaded icon: 1 :/images/favicon.png"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BoseUpdaterInstaller_7.1.13.5238.exe