File name:

Setup.exe

Full analysis: https://app.any.run/tasks/3cf606dc-023c-4f51-bb32-6351d3802cae
Verdict: Malicious activity
Analysis date: February 12, 2024, 22:58:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F20C43704B8382C0F30309CC15130187

SHA1:

8814C4795E177ACA493535CA66D4F7BB3DC3A46A

SHA256:

4E7F1C3363C2C235C0EBE67A20DEA81F7666A48899629DD30B27C4C919EE87E5

SSDEEP:

98304:o3AqBonu/OtnjkaKIAIAkzxxjvp6p4pcatlLsk3uaT5JDofHXslgbodepWlfxEXi:orHk1szaM98qwNs9hs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup.exe (PID: 3772)
      • Setup.tmp (PID: 3660)
      • unins000.exe (PID: 1492)
      • _iu14D2N.tmp (PID: 3460)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 3772)
      • Setup.tmp (PID: 3660)
      • unins000.exe (PID: 1492)
      • _iu14D2N.tmp (PID: 3460)

    • Process drops legitimate windows executable

      • Setup.tmp (PID: 3660)
      • _iu14D2N.tmp (PID: 3460)

    • Reads the Windows owner or organization settings

      • Setup.tmp (PID: 3660)
      • _iu14D2N.tmp (PID: 3460)

    • Starts itself from another location

      • unins000.exe (PID: 1492)

    • Starts application with an unusual extension

      • unins000.exe (PID: 1492)

    • Reads the Internet Settings

      • Setup.tmp (PID: 3660)

  • INFO

    • Checks supported languages

      • Setup.exe (PID: 3772)
      • Setup.tmp (PID: 3660)
      • unins000.exe (PID: 1492)
      • _iu14D2N.tmp (PID: 3460)

    • Create files in a temporary directory

      • Setup.exe (PID: 3772)
      • Setup.tmp (PID: 3660)
      • unins000.exe (PID: 1492)
      • _iu14D2N.tmp (PID: 3460)

    • Creates files in the program directory

      • Setup.tmp (PID: 3660)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 3660)

    • Reads the computer name

      • Setup.tmp (PID: 3660)

    • Application launched itself

      • msedge.exe (PID: 2444)
      • msedge.exe (PID: 2064)

    • Manual execution by a user

      • msedge.exe (PID: 2064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:10:02 05:04:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 140800
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: DODI-Repacks
FileDescription: ELDEN RING Setup
FileVersion: 0.0.0
LegalCopyright: DODI-Repacks
ProductName: ELDEN RING
ProductVersion: 0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
68
Monitored processes
30
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup.exe setup.tmp unins000.exe _iu14d2n.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
392"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3872 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
664"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2220 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
896"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3892 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
956"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1320,i,11661985508246342320,17229109986620222644,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1316"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1484"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3224 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1492"C:\Program Files\DODI-Repacks\ELDEN RING\Uninstall\unins000.exe" /verysilentC:\Program Files\DODI-Repacks\ELDEN RING\Uninstall\unins000.exe
Setup.tmp
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
2024"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3612 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1288,i,2557163026884723382,11853113836243208146,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
36
Suspicious files
42
Text files
69
Unknown types
75

Dropped files

PID
Process
Filename
Type
3772Setup.exeC:\Users\admin\AppData\Local\Temp\is-E52P9.tmp\Setup.tmpexecutable
MD5:6E4E83302159EC46E10280ABE1D62CE1
SHA256:BB22238B9DE45D10013CDF18B66D13646137BF5DDC075C781A160EF8739B2FD7
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Autorun1.jpgimage
MD5:3688F2762FF4A7EB53589DD5D5696FB6
SHA256:F0BDD416AD9BA0914629C288A806C2087E7ECAD5B382D911AA1B4BC2DFD3F448
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Exit.pngimage
MD5:91F97AA4B051E7B2991E5456D2C8655B
SHA256:0FF3FBFBB177D5FFC8B577F821A91F9D39F13F5F548F9570C12CB85CCEF526E3
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\botva2.dllexecutable
MD5:619BF9DDCB5FE39EE9E5B0167E7F4F0D
SHA256:609661A14733F6E9C2C2F2FF9C274F8A4CBEDAFF4DD32049AA5161F8D7083D6A
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Light.pngimage
MD5:5036FBDD45FEC2AD2F18C0FA51A584BE
SHA256:9813C13B925CA95D4038C827E5EFA1BF6C00AED41C65B7E7D5907DDF68866847
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Setup1.jpgimage
MD5:05C02EAB0B5C8AD19446DD4E61FD986C
SHA256:BA74EEFDBCA7362751CDF774C0E03052D6EC8FD6F2733E7D43A1F9E88A1AB284
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Lockscreen.jpgimage
MD5:3613F0066ECE2AF9AFC564088FFF27E3
SHA256:2E68CB653FC1311241BC31DD06432492D1130D409A8DCFBCB7FE1A6CBA6E57BD
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\Lockscreen_overlay.pngimage
MD5:F5F4FE2B811E5A07AE1184579CF36557
SHA256:D66BBF3A8D5F5890C3DBC95E77068ABB10F3DB4EBD0C71AE5DBF15D99174889C
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\cls.iniini
MD5:3A0A9EE1BDEA8710547EF36EF5320183
SHA256:4AC50ED1C47CF3AC7CC63FFE995ECB72A929DD6015F13AAAB3B099EB3C58085B
3660Setup.tmpC:\Users\admin\AppData\Local\Temp\is-MSN76.tmp\unarc.dllexecutable
MD5:56A2BCECBD3CDDD6F4A35361BF4920D6
SHA256:5FCFAC18758A12E0E717A5189F379922A32B5AC12F26491E638D70B54AE1DCAB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
52
DNS requests
74
Threats
2

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2060
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2064
msedge.exe
239.255.255.250:1900
unknown
2060
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2060
msedge.exe
172.67.166.133:443
www.dodi-repacks.site
CLOUDFLARENET
US
unknown
2060
msedge.exe
216.58.206.35:443
www.recaptcha.net
GOOGLE
US
whitelisted
2060
msedge.exe
2.18.29.128:443
www.bing.com
Akamai International B.V.
PL
unknown
2060
msedge.exe
142.250.186.67:443
www.gstatic.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.dodi-repacks.site
  • 172.67.166.133
  • 104.21.58.252
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.recaptcha.net
  • 216.58.206.35
whitelisted
www.bing.com
  • 2.18.29.128
  • 2.18.29.200
  • 2.18.29.184
  • 2.18.29.235
  • 2.18.29.234
  • 2.18.29.155
  • 2.18.29.232
  • 2.18.29.233
  • 2.18.29.131
  • 2.18.29.171
  • 2.18.29.170
  • 2.18.29.195
  • 2.18.29.176
  • 2.18.29.154
  • 2.18.29.168
  • 2.18.29.177
whitelisted
www.gstatic.com
  • 142.250.186.67
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
fonts.gstatic.com
  • 142.250.185.99
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
dodi-repacks.site
  • 172.67.166.133
  • 104.21.58.252
unknown

Threats

PID
Process
Class
Message
2060
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2060
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image hosting service ImgBB
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe