File name:

BoseUpdaterInstaller_7.1.13.5238.exe

Full analysis: https://app.any.run/tasks/8f9791cb-d367-45b1-addd-2558959ffcb6
Verdict: Malicious activity
Analysis date: May 24, 2024, 11:06:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

81F6218BCF4CB298C0BEECFC3E428D63

SHA1:

73F09DAC335DBCF5DB151726DBD15C96C0074A8E

SHA256:

423E7009C7F9F42166D27BECC780BF72C551E2075391CE98D80F46A5ABCA0373

SSDEEP:

98304:HlhwePBeox3ImKbttvReOWOn251c1nyRMwUtH8YS1RYCH1s7tjQEor62qK0WDMOa:i2Z9YoEEFayZ8H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Process drops legitimate windows executable

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • The process drops C-runtime libraries

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Creates a software uninstall entry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

  • INFO

    • Reads the computer name

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)
      • BOSEUPDATER.EXE (PID: 2104)

    • Checks supported languages

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)
      • BOSEUPDATER.EXE (PID: 2104)

    • Creates files in the program directory

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Reads the machine GUID from the registry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Manual execution by a user

      • BOSEUPDATER.EXE (PID: 2104)

    • Create files in a temporary directory

      • BOSEUPDATER.EXE (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 15:32:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 9928704
InitializedDataSize: 45056
UninitializedDataSize: 17203200
EntryPoint: 0x19e0780
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 7.1.13.5238
ProductVersionNumber: 7.1.13.5238
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Bose Corporation
FileDescription: Bose® Device Updater
FileVersion: 7.1.13.5238
InternalName: BoseUpdaterInstaller.exe
LegalCopyright: � Bose Corporation 2024. All rights reserved.
OriginalFileName: BoseUpdaterInstaller.exe
ProductName: Bose Updater
ProductVersion: 7.1.13.5238
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start boseupdaterinstaller_7.1.13.5238.exe boseupdater.exe boseupdaterinstaller_7.1.13.5238.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2104"C:\Program Files\Bose Updater\BOSEUPDATER.EXE" /initC:\Program Files\Bose Updater\BOSEUPDATER.EXE
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Version:
7.1.13.5238
Modules
Images
c:\program files\bose updater\boseupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
3956"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exeexplorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Exit code:
3221226540
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
4060"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
HIGH
Description:
Bose® Device Updater
Exit code:
0
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
Total events
456
Read events
443
Write events
9
Delete events
4

Modification events

(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:delete keyName:(default)
Value:
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:delete keyName:(default)
Value:
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:UninstallString
Value:
"C:\Program Files\Bose Updater\uninstall.exe" /uninstall
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayName
Value:
Bose Updater
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:Publisher
Value:
Bose Corporation
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayVersion
Value:
7.1.13.5238
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bose Updater\BOSEUPDATER.EXE,0
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoModify
Value:
1
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoRepair
Value:
1
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:writeName:URL Protocol
Value:
Executable files
19
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\MSVCP140.DLLexecutable
MD5:5FF1FCA37C466D6723EC67BE93B51442
SHA256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\CONCRT140.DLLexecutable
MD5:35628D71CF20D4F8AAFB0ABA8DF14B70
SHA256:B2C8A0FBCD4C2EB9BC1AAB03F8FDB2D72D78573A54F3E83D44C95246C4F2D168
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\EULA.TXTtext
MD5:BD114633A1BF09AEB388E01A706818C5
SHA256:FBF67F036F4EFCDA531624D21D855784560E810EE545950637BCD1F0BE3F0B0A
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\AWS-CPP-SDK-CORE.DLLexecutable
MD5:FAB66E1C94590B55E377665F26AC31B5
SHA256:8CD3EF7B0183FB255841C4DFDA31413126006DA28CE672BEEAAC21F421D2F154
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5GUI.DLLexecutable
MD5:5581175E339938F80CAFB164BE0DC4B0
SHA256:78BCA9C65600391EC4BB1FB0374169DB13E7517EBD154A11D244248B25A7D939
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\BOSEUPDATER.EXEexecutable
MD5:7BD86AC7842694E9AA6577A8C2321351
SHA256:1E9A43954EC45C50D92CE69E34461B306277D826BE551E81CDF96B9617C29835
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5NETWORK.DLLexecutable
MD5:78932F74452BD17566E2E4FDCD8368D6
SHA256:E94054F7F5EFEBDA73F2A075745B9391FF2AC1215B6BC55A6402BCC5AED880FF
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5WIDGETS.DLLexecutable
MD5:4E44578216ABF3654056015EF4C8A9C3
SHA256:91BB41088F847FB73641FA556EDA6D67BACB67560B8ABF6EA1F0C885390004F8
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5XML.DLLexecutable
MD5:D6CE2679999CE4EBA077310850897268
SHA256:C6CFF6AF4BAB546CA2AC2D6E7FD999899A411D8A861C125E6BD36778817C0428
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\VSCORELIB140.DLLexecutable
MD5:43BD447470FC404AAED0BC75A4FF1F5F
SHA256:70863045102274C9BF78BAA4D2774B334F92329567A3DD6C246E7876F6B851A3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
BOSEUPDATER.EXE
"Bose Updater startup ver 7.1.13.5238"
BOSEUPDATER.EXE
"Starting web server"
BOSEUPDATER.EXE
"Loading translations"
BOSEUPDATER.EXE
"Loaded locale: en, suffix: en, result = true"
BOSEUPDATER.EXE
"Listening now"
BOSEUPDATER.EXE
"Creating notification icon"
BOSEUPDATER.EXE
"Loading settings"
BOSEUPDATER.EXE
"Tray available: 1"
BOSEUPDATER.EXE
"Loaded icon: 1 :/images/favicon.png"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BoseUpdaterInstaller_7.1.13.5238.exe