File name:

BoseUpdaterInstaller_7.1.13.5238.exe

Full analysis: https://app.any.run/tasks/8f9791cb-d367-45b1-addd-2558959ffcb6
Verdict: Malicious activity
Analysis date: May 24, 2024, 11:06:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

81F6218BCF4CB298C0BEECFC3E428D63

SHA1:

73F09DAC335DBCF5DB151726DBD15C96C0074A8E

SHA256:

423E7009C7F9F42166D27BECC780BF72C551E2075391CE98D80F46A5ABCA0373

SSDEEP:

98304:HlhwePBeox3ImKbttvReOWOn251c1nyRMwUtH8YS1RYCH1s7tjQEor62qK0WDMOa:i2Z9YoEEFayZ8H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Process drops legitimate windows executable

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Creates a software uninstall entry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • The process drops C-runtime libraries

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

  • INFO

    • Checks supported languages

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)
      • BOSEUPDATER.EXE (PID: 2104)

    • Reads the computer name

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)
      • BOSEUPDATER.EXE (PID: 2104)

    • Reads the machine GUID from the registry

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Creates files in the program directory

      • BoseUpdaterInstaller_7.1.13.5238.exe (PID: 4060)

    • Create files in a temporary directory

      • BOSEUPDATER.EXE (PID: 2104)

    • Manual execution by a user

      • BOSEUPDATER.EXE (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:15 15:32:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 9928704
InitializedDataSize: 45056
UninitializedDataSize: 17203200
EntryPoint: 0x19e0780
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 7.1.13.5238
ProductVersionNumber: 7.1.13.5238
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Bose Corporation
FileDescription: Bose® Device Updater
FileVersion: 7.1.13.5238
InternalName: BoseUpdaterInstaller.exe
LegalCopyright: � Bose Corporation 2024. All rights reserved.
OriginalFileName: BoseUpdaterInstaller.exe
ProductName: Bose Updater
ProductVersion: 7.1.13.5238
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start boseupdaterinstaller_7.1.13.5238.exe boseupdater.exe boseupdaterinstaller_7.1.13.5238.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2104"C:\Program Files\Bose Updater\BOSEUPDATER.EXE" /initC:\Program Files\Bose Updater\BOSEUPDATER.EXE
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Version:
7.1.13.5238
Modules
Images
c:\program files\bose updater\boseupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
3956"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exeexplorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
MEDIUM
Description:
Bose® Device Updater
Exit code:
3221226540
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
4060"C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe" C:\Users\admin\AppData\Local\Temp\BoseUpdaterInstaller_7.1.13.5238.exe
explorer.exe
User:
admin
Company:
Bose Corporation
Integrity Level:
HIGH
Description:
Bose® Device Updater
Exit code:
0
Version:
7.1.13.5238
Modules
Images
c:\users\admin\appdata\local\temp\boseupdaterinstaller_7.1.13.5238.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ole32.dll
Total events
456
Read events
443
Write events
9
Delete events
4

Modification events

(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:delete keyName:(default)
Value:
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:delete keyName:(default)
Value:
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:UninstallString
Value:
"C:\Program Files\Bose Updater\uninstall.exe" /uninstall
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayName
Value:
Bose Updater
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:Publisher
Value:
Bose Corporation
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayVersion
Value:
7.1.13.5238
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bose Updater\BOSEUPDATER.EXE,0
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoModify
Value:
1
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bose Updater
Operation:writeName:NoRepair
Value:
1
(PID) Process:(4060) BoseUpdaterInstaller_7.1.13.5238.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\btu
Operation:writeName:URL Protocol
Value:
Executable files
19
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\LIBGLESV2.DLLexecutable
MD5:D4A37250588E61E50AD7F9D129F0D37E
SHA256:785768F643F00CC013FBAB8D620F3C1D3ABEC8BBECA5942BA31834DEA269774B
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\LIBEGL.DLLexecutable
MD5:0469918FC1E19FC3F198CD14BE4E1E22
SHA256:5DD84A436F1BEE9FC1FDF6285DB21E4ACB52BB63CD86C53C23B440F021E03401
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5GUI.DLLexecutable
MD5:5581175E339938F80CAFB164BE0DC4B0
SHA256:78BCA9C65600391EC4BB1FB0374169DB13E7517EBD154A11D244248B25A7D939
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5CORE.DLLexecutable
MD5:DB58C7E71AA35D2CC47B57828590F569
SHA256:4714F75569ABA7CEBD6B13466527B190ADC1999AEF5C8F1F73CB2472282FAF6C
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\MSVCP140.DLLexecutable
MD5:5FF1FCA37C466D6723EC67BE93B51442
SHA256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5SERIALPORT.DLLexecutable
MD5:2E865BF5B0B2D297D272D5E8BF740235
SHA256:52C8BD89CD5B4543D5F393DA9B7B04601CD4811D62A8EEDEF6DB971A8FE2F298
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\SSLEAY32.DLLexecutable
MD5:EE856A00410ECED8CC609936D01F954E
SHA256:B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\QT5WIDGETS.DLLexecutable
MD5:4E44578216ABF3654056015EF4C8A9C3
SHA256:91BB41088F847FB73641FA556EDA6D67BACB67560B8ABF6EA1F0C885390004F8
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\PLATFORMS\QWINDOWS.DLLexecutable
MD5:8D82F89BCA48D7DE90C17AC37F754F16
SHA256:AC3A36B775AC8B9CD1E3C3A7AC9DD31E0CC0A12B84D5942E97D77DA20992D005
4060BoseUpdaterInstaller_7.1.13.5238.exeC:\Program Files\Bose Updater\VCRUNTIME140.DLLexecutable
MD5:A37EE36B536409056A86F50E67777DD7
SHA256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
BOSEUPDATER.EXE
"Bose Updater startup ver 7.1.13.5238"
BOSEUPDATER.EXE
"Starting web server"
BOSEUPDATER.EXE
"Loading translations"
BOSEUPDATER.EXE
"Loaded locale: en, suffix: en, result = true"
BOSEUPDATER.EXE
"Listening now"
BOSEUPDATER.EXE
"Creating notification icon"
BOSEUPDATER.EXE
"Loading settings"
BOSEUPDATER.EXE
"Tray available: 1"
BOSEUPDATER.EXE
"Loaded icon: 1 :/images/favicon.png"
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BoseUpdaterInstaller_7.1.13.5238.exe