File name:

dropit.exe

Full analysis: https://app.any.run/tasks/9c9d159d-27f1-42df-8d6a-e25bf4eb9398
Verdict: Malicious activity
Analysis date: February 05, 2024, 06:06:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0A4CA077AAF62F81F05BEC275FD7E6C2

SHA1:

8D4DDC22C838A5003A4D8FF2C570B263423D528C

SHA256:

46CEAC7CCD9799C0D50E66EBC5DB3F772DE29355105336569CA985E805BB1270

SSDEEP:

49152:ARnuBD7tSq0QcNj+NM2bm5JcxboHf2ZIfDdLc3LVd4Z/c5GdgCB2hgvRzpg5fVBn:6uBftSXNj+NM2bm5JcxboHf2ZCDdLc3a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • dropit.exe (PID: 1392)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • dropit.exe (PID: 1392)
      • dropit.exe (PID: 2524)

    • Checks Windows language

      • dropit.exe (PID: 1392)

    • Reads mouse settings

      • dropit.exe (PID: 1392)
      • dropit.exe (PID: 2524)

    • Reads Environment values

      • dropit.exe (PID: 1392)

    • Create files in a temporary directory

      • dropit.exe (PID: 1392)

    • Manual execution by a user

      • explorer.exe (PID: 3456)
      • dropit.exe (PID: 2524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:10:04 10:23:19+02:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 570880
InitializedDataSize: 1148416
UninitializedDataSize: -
EntryPoint: 0x25f74
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 8.0.0.0
ProductVersionNumber: 8.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 8.0.0.0
Comments: http://www.autoitscript.com/autoit3/
FileDescription: DropIt: Personal Assistant to Automatically Manage Your Files
LegalCopyright: Andrea Luparia
Website: http://www.dropitproject.com
E-Mail: comment at the website
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dropit.exe no specs explorer.exe no specs dropit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1392"C:\Users\admin\AppData\Local\Temp\dropit.exe" C:\Users\admin\AppData\Local\Temp\dropit.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DropIt: Personal Assistant to Automatically Manage Your Files
Exit code:
0
Version:
8.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\dropit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
2524"C:\Users\admin\AppData\Local\Temp\dropit.exe" C:\Users\admin\AppData\Local\Temp\dropit.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
DropIt: Personal Assistant to Automatically Manage Your Files
Exit code:
0
Version:
8.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\dropit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
3456"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
238
Read events
238
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Extractor.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Gallery_Maker.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Archiver.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\settings.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Playlist_Maker.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\List_Maker.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Eraser.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Profiles\Default.initext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1392dropit.exeC:\Users\admin\AppData\Local\Temp\Images\Default.pngimage
MD5:283E986D13AF5F1F08934FE137135C3B
SHA256:03F8C336AF3E8C5F3AA435159FCFE4971C94E87626B0FCBA3C9F16F4E0F59645
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dropit.exe