File name:

UC232A_Windows_Setup.exe

Full analysis: https://app.any.run/tasks/f27d54a3-cda4-4feb-b359-4a2ef60a97a0
Verdict: Malicious activity
Analysis date: May 08, 2024, 19:07:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5:

535F2124CBCE3903082E6A391DE3EF86

SHA1:

FB212D2614DE0275FC350B6C8D057525190EA8D8

SHA256:

49280A15191065129E434F96444B29AF83AA54D85FB6912030C62AB7AD2E4440

SSDEEP:

98304:iej5MMjMpeHuhMiIHn+VXOTC5HmcdpkicJypsfLiz5I:D1lCveNH+VXOGAcELypCLb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • UC232A_Windows_Setup.exe (PID: 3976)
      • Win7_x86.exe (PID: 2108)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • UC232A_Windows_Setup.exe (PID: 3976)

    • Executable content was dropped or overwritten

      • UC232A_Windows_Setup.exe (PID: 3976)
      • Win7_x86.exe (PID: 2108)

    • Reads the Internet Settings

      • UC232A_Windows_Setup.exe (PID: 3976)

    • Searches for installed software

      • Win7_x86.exe (PID: 2108)

  • INFO

    • Create files in a temporary directory

      • UC232A_Windows_Setup.exe (PID: 3976)
      • Win7_x86.exe (PID: 2108)

    • Checks supported languages

      • UC232A_Windows_Setup.exe (PID: 3976)
      • Win7_x86.exe (PID: 2108)

    • Reads the computer name

      • UC232A_Windows_Setup.exe (PID: 3976)
      • Win7_x86.exe (PID: 2108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (v2.x) (54.1)
.exe | Win32 EXE PECompact compressed (generic) (38)
.exe | Win32 Executable (generic) (4.1)
.exe | Generic Win/DOS Executable (1.8)
.exe | DOS Executable Generic (1.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:03:10 06:44:01+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 44544
InitializedDataSize: 67529216
UninitializedDataSize: -
EntryPoint: 0x32dc
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.84.1
ProductVersionNumber: 1.0.82.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Aten International Co., Ltd.
FileDescription: UC232A_Windows_Setup
FileVersion: 1,0,084,001
InternalName: Win32
LegalCopyright: Copyright (R) 2010 Aten International Co., Ltd. All rights reserved.
OriginalFileName: UC232A_Windows_Setup
ProductName: UC232A
ProductVersion: 1,0,084,001
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start uc232a_windows_setup.exe win7_x86.exe no specs win7_x86.exe

Process information

PID
CMD
Path
Indicators
Parent process
2108"C:\Users\admin\AppData\Local\Temp\Win7_x86.exe" C:\Users\admin\AppData\Local\Temp\Win7_x86.exe
UC232A_Windows_Setup.exe
User:
admin
Company:
Acresso Software Inc.
Integrity Level:
HIGH
Description:
Setup.exe
Version:
15.0.498
Modules
Images
c:\users\admin\appdata\local\temp\win7_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3976"C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exe" C:\Users\admin\AppData\Local\Temp\UC232A_Windows_Setup.exe
explorer.exe
User:
admin
Company:
Aten International Co., Ltd.
Integrity Level:
MEDIUM
Description:
UC232A_Windows_Setup
Exit code:
1
Version:
1,0,084,001
Modules
Images
c:\users\admin\appdata\local\temp\uc232a_windows_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
4008"C:\Users\admin\AppData\Local\Temp\Win7_x86.exe" C:\Users\admin\AppData\Local\Temp\Win7_x86.exeUC232A_Windows_Setup.exe
User:
admin
Company:
Acresso Software Inc.
Integrity Level:
MEDIUM
Description:
Setup.exe
Exit code:
3221226540
Version:
15.0.498
Modules
Images
c:\users\admin\appdata\local\temp\win7_x86.exe
c:\windows\system32\ntdll.dll
Total events
2 712
Read events
2 704
Write events
8
Delete events
0

Modification events

(PID) Process:(3976) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3976) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3976) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3976) UC232A_Windows_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
7
Suspicious files
4
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\setup.exeexecutable
MD5:8D699C26857440661FAD1AED839FFC79
SHA256:350E4CFC8A692FC8382571D64EF00F6F4D4F997B85BB687E67EA222CDB2556AC
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\_Setup.dllexecutable
MD5:7DE2D19C870587B8FFC5A446E9B6E29A
SHA256:35EEF33D1890A6E34D647F86F24C730B4F741C9D33FCCE01CFB12D2B8E55B5D1
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\setup.inxbinary
MD5:E4A666806086CBA08FCB0DC6C5D9E332
SHA256:9C355EAE9D02A3BE3A9C1168A5EC892982FE03531694DE4CE06C45F6C3E2A6EA
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\_Setup.dllexecutable
MD5:7DE2D19C870587B8FFC5A446E9B6E29A
SHA256:35EEF33D1890A6E34D647F86F24C730B4F741C9D33FCCE01CFB12D2B8E55B5D1
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\data1.cabcompressed
MD5:3CD05E4970687F111B054DF8B398F863
SHA256:24AF0CFE23930B141821B14C82866C52651404F2652DFB5038E363603149253E
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\data1.hdrcompressed
MD5:259251089656D9E95AD016F6C4258F3E
SHA256:D1FD9A1B93666F883E3B9B99DC635E4B45A2DADA30F1651D6D39312E24526868
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\setup.iniini
MD5:0435BE75957769DD251A4B471B3546A8
SHA256:F34D47198FC25AF951F33307367385201706C15D060709B45E789632B7F01C8C
3976UC232A_Windows_Setup.exeC:\Users\admin\AppData\Local\Temp\Win7_x86.exeexecutable
MD5:4C651FBB3D6393E7EB351BC817CDD912
SHA256:7505DBDB1EF3515A7FEA4380B66789D38A606EDBE506294906F7E0E57E42FE99
2108Win7_x86.exeC:\Users\admin\AppData\Local\Temp\{280C441A-9FEE-4496-A41B-953C89ED4CDB}\Disk1\layout.binbinary
MD5:AAA8C5B42385B898BA3B1F4ACED743D4
SHA256:5842C1D215B7C29AED427FAC49CDA9D8D55E035CB5EAC622D0023C68A3FDC570
3976UC232A_Windows_Setup.exeC:\Users\admin\AppData\Local\Temp\setup.iss.installtext
MD5:16198647C6015D37EA6E393F71027BAD
SHA256:77C41E3AB0CD2EADB551D2D467C913E77D431FB80BF938A7474B310B8C224694
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
UC232A_Windows_Setup.exe
----- keyreturnvalue : 2 ----
UC232A_Windows_Setup.exe
C:\Users\admin\AppData\Local\Temp\setup.iss.install
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UC232A_Windows_Setup.exe