File name:

Cabinet.exe

Full analysis: https://app.any.run/tasks/e40a68e0-6ac5-4b5f-a997-3cb0c4a21920
Verdict: Malicious activity
Analysis date: June 21, 2025, 15:50:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
ims-api
generic
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:

5455A66BF75773B92C8D491A3B8DD467

SHA1:

74A0D8EA1836B5DC2784F0F5FE64BE43E3CB1429

SHA256:

4ECE3B8B563207AB8B00126E9B7AAF4EF62B84899C008DCB43A4F9E67C90B198

SSDEEP:

98304:co5jsZHnS4TQsMDUUxeQRA+Idrp2a/TguPiFq/D6NKoVaFK7j3gT1qX6ZEZEkhZ7:wgRKoVs0Xj5ATrguTyXo7rguQ70I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Cabinet.exe (PID: 6224)

    • Reads security settings of Internet Explorer

      • Cabinet.exe (PID: 6224)
      • PupilCab.exe (PID: 4944)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3148)
      • cmd.exe (PID: 5552)
      • cmd.exe (PID: 3676)

    • Possible usage of Discord/Telegram API has been detected (YARA)

      • PupilCab.exe (PID: 4944)

    • Starts CMD.EXE for commands execution

      • PupilCab.exe (PID: 4944)

  • INFO

    • The sample compiled with english language support

      • Cabinet.exe (PID: 6224)

    • Creates files or folders in the user directory

      • Cabinet.exe (PID: 6224)

    • Reads the computer name

      • Cabinet.exe (PID: 6224)
      • PupilCab.exe (PID: 4944)
      • MonDriver.exe (PID: 5564)
      • MonDriver.exe (PID: 2848)
      • MonDriver.exe (PID: 2228)
      • MonDriver.exe (PID: 2292)
      • MonDriver.exe (PID: 4768)
      • MonDriver.exe (PID: 5552)
      • MonDriver.exe (PID: 6764)
      • MonDriver.exe (PID: 1296)
      • MonDriver.exe (PID: 2692)
      • MonDriver.exe (PID: 5716)
      • MonDriver.exe (PID: 5288)
      • MonDriver.exe (PID: 5712)
      • MonDriver.exe (PID: 5764)
      • MonDriver.exe (PID: 4688)
      • MonDriver.exe (PID: 4312)
      • MonDriver.exe (PID: 6688)
      • MonDriver.exe (PID: 1212)
      • MonDriver.exe (PID: 3000)
      • MonDriver.exe (PID: 4768)
      • MonDriver.exe (PID: 3608)
      • MonDriver.exe (PID: 4460)
      • MonDriver.exe (PID: 1044)
      • MonDriver.exe (PID: 5032)
      • MonDriver.exe (PID: 2848)
      • MonDriver.exe (PID: 6388)
      • MonDriver.exe (PID: 5652)
      • MonDriver.exe (PID: 5348)
      • MonDriver.exe (PID: 2468)
      • MonDriver.exe (PID: 4312)
      • MonDriver.exe (PID: 6472)
      • MonDriver.exe (PID: 2116)
      • MonDriver.exe (PID: 6428)
      • MonDriver.exe (PID: 3880)
      • MonDriver.exe (PID: 4688)
      • MonDriver.exe (PID: 1296)
      • MonDriver.exe (PID: 1868)
      • MonDriver.exe (PID: 4760)
      • MonDriver.exe (PID: 6612)
      • MonDriver.exe (PID: 3844)
      • MonDriver.exe (PID: 5716)
      • MonDriver.exe (PID: 6124)
      • MonDriver.exe (PID: 3504)
      • MonDriver.exe (PID: 1380)
      • MonDriver.exe (PID: 6336)
      • MonDriver.exe (PID: 320)
      • MonDriver.exe (PID: 5644)
      • MonDriver.exe (PID: 3540)
      • MonDriver.exe (PID: 2168)
      • MonDriver.exe (PID: 6016)
      • MonDriver.exe (PID: 1644)
      • MonDriver.exe (PID: 6684)
      • MonDriver.exe (PID: 1204)
      • MonDriver.exe (PID: 472)
      • MonDriver.exe (PID: 1440)
      • MonDriver.exe (PID: 6808)
      • MonDriver.exe (PID: 2356)
      • MonDriver.exe (PID: 4832)
      • MonDriver.exe (PID: 2220)
      • MonDriver.exe (PID: 5240)
      • MonDriver.exe (PID: 5504)
      • MonDriver.exe (PID: 5532)
      • MonDriver.exe (PID: 4664)
      • MonDriver.exe (PID: 304)
      • MonDriver.exe (PID: 4412)
      • MonDriver.exe (PID: 3672)
      • MonDriver.exe (PID: 3876)
      • MonDriver.exe (PID: 2292)
      • MonDriver.exe (PID: 6676)
      • MonDriver.exe (PID: 1192)
      • MonDriver.exe (PID: 3580)
      • MonDriver.exe (PID: 4444)
      • MonDriver.exe (PID: 2396)
      • MonDriver.exe (PID: 756)
      • MonDriver.exe (PID: 1336)
      • MonDriver.exe (PID: 5652)
      • MonDriver.exe (PID: 2880)
      • MonDriver.exe (PID: 5284)
      • MonDriver.exe (PID: 472)
      • MonDriver.exe (PID: 4460)
      • MonDriver.exe (PID: 6584)
      • MonDriver.exe (PID: 1352)
      • MonDriver.exe (PID: 4960)
      • MonDriver.exe (PID: 5220)
      • MonDriver.exe (PID: 3640)
      • MonDriver.exe (PID: 2220)
      • MonDriver.exe (PID: 3588)
      • MonDriver.exe (PID: 4752)
      • MonDriver.exe (PID: 3572)
      • MonDriver.exe (PID: 1812)
      • MonDriver.exe (PID: 5240)
      • MonDriver.exe (PID: 6308)
      • MonDriver.exe (PID: 6016)
      • MonDriver.exe (PID: 4892)
      • MonDriver.exe (PID: 1212)
      • MonDriver.exe (PID: 4888)
      • MonDriver.exe (PID: 5244)
      • MonDriver.exe (PID: 760)
      • MonDriver.exe (PID: 5876)
      • MonDriver.exe (PID: 3108)

    • Checks supported languages

      • Cabinet.exe (PID: 6224)
      • PupilCab.exe (PID: 4944)
      • MonDriver.exe (PID: 5564)
      • MonDriver.exe (PID: 2228)
      • MonDriver.exe (PID: 2292)
      • MonDriver.exe (PID: 2848)
      • MonDriver.exe (PID: 4312)
      • MonDriver.exe (PID: 4768)
      • MonDriver.exe (PID: 6764)
      • MonDriver.exe (PID: 1296)
      • MonDriver.exe (PID: 5552)
      • MonDriver.exe (PID: 2692)
      • MonDriver.exe (PID: 5716)
      • MonDriver.exe (PID: 5288)
      • MonDriver.exe (PID: 4688)
      • MonDriver.exe (PID: 5712)
      • MonDriver.exe (PID: 5764)
      • MonDriver.exe (PID: 1212)
      • MonDriver.exe (PID: 6688)
      • MonDriver.exe (PID: 3000)
      • MonDriver.exe (PID: 4768)
      • MonDriver.exe (PID: 4460)
      • MonDriver.exe (PID: 3608)
      • MonDriver.exe (PID: 1044)
      • MonDriver.exe (PID: 5032)
      • MonDriver.exe (PID: 2848)
      • MonDriver.exe (PID: 6388)
      • MonDriver.exe (PID: 5652)
      • MonDriver.exe (PID: 5348)
      • MonDriver.exe (PID: 4312)
      • MonDriver.exe (PID: 2468)
      • MonDriver.exe (PID: 6472)
      • MonDriver.exe (PID: 2116)
      • MonDriver.exe (PID: 6428)
      • MonDriver.exe (PID: 3880)
      • MonDriver.exe (PID: 4688)
      • MonDriver.exe (PID: 1296)
      • MonDriver.exe (PID: 1868)
      • MonDriver.exe (PID: 4760)
      • MonDriver.exe (PID: 6612)
      • MonDriver.exe (PID: 3844)
      • MonDriver.exe (PID: 5716)
      • MonDriver.exe (PID: 6124)
      • MonDriver.exe (PID: 3504)
      • MonDriver.exe (PID: 1380)
      • MonDriver.exe (PID: 6336)
      • MonDriver.exe (PID: 320)
      • MonDriver.exe (PID: 5644)
      • MonDriver.exe (PID: 3540)
      • MonDriver.exe (PID: 2168)
      • MonDriver.exe (PID: 6016)
      • MonDriver.exe (PID: 1644)
      • MonDriver.exe (PID: 1204)
      • MonDriver.exe (PID: 6684)
      • MonDriver.exe (PID: 1440)
      • MonDriver.exe (PID: 472)
      • MonDriver.exe (PID: 2356)
      • MonDriver.exe (PID: 6808)
      • MonDriver.exe (PID: 4832)
      • MonDriver.exe (PID: 2220)
      • MonDriver.exe (PID: 5240)
      • MonDriver.exe (PID: 5504)
      • MonDriver.exe (PID: 5532)
      • MonDriver.exe (PID: 4412)
      • MonDriver.exe (PID: 4664)
      • MonDriver.exe (PID: 3672)
      • MonDriver.exe (PID: 304)
      • MonDriver.exe (PID: 472)
      • MonDriver.exe (PID: 3876)
      • MonDriver.exe (PID: 2292)
      • MonDriver.exe (PID: 6676)
      • MonDriver.exe (PID: 1192)
      • MonDriver.exe (PID: 4444)
      • MonDriver.exe (PID: 3580)
      • MonDriver.exe (PID: 2396)
      • MonDriver.exe (PID: 756)
      • MonDriver.exe (PID: 1336)
      • MonDriver.exe (PID: 5652)
      • MonDriver.exe (PID: 2880)
      • MonDriver.exe (PID: 5284)
      • MonDriver.exe (PID: 4752)
      • MonDriver.exe (PID: 4960)
      • MonDriver.exe (PID: 4460)
      • MonDriver.exe (PID: 5220)
      • MonDriver.exe (PID: 1352)
      • MonDriver.exe (PID: 3640)
      • MonDriver.exe (PID: 2220)
      • MonDriver.exe (PID: 3588)
      • MonDriver.exe (PID: 3572)
      • MonDriver.exe (PID: 6584)
      • MonDriver.exe (PID: 1812)
      • MonDriver.exe (PID: 5240)
      • MonDriver.exe (PID: 6308)
      • MonDriver.exe (PID: 5244)
      • MonDriver.exe (PID: 6016)
      • MonDriver.exe (PID: 4892)
      • MonDriver.exe (PID: 1212)
      • MonDriver.exe (PID: 4888)
      • MonDriver.exe (PID: 5876)
      • MonDriver.exe (PID: 760)
      • MonDriver.exe (PID: 3108)

    • Creates files in the program directory

      • Cabinet.exe (PID: 6224)
      • PupilCab.exe (PID: 4944)

    • Reads the machine GUID from the registry

      • PupilCab.exe (PID: 4944)

    • Process checks computer location settings

      • PupilCab.exe (PID: 4944)

    • Compiled with Borland Delphi (YARA)

      • PupilCab.exe (PID: 4944)

    • Checks proxy server information

      • slui.exe (PID: 3844)

    • Reads the software policy settings

      • slui.exe (PID: 3844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (68.6)
.exe | Win32 EXE PECompact compressed (generic) (26)
.exe | Win32 Executable (generic) (2.8)
.exe | Generic Win/DOS Executable (1.2)
.exe | DOS Executable Generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:08:09 08:13:39+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 3478016
InitializedDataSize: 24564736
UninitializedDataSize: -
EntryPoint: 0x3527fc
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 6.0.2.1
ProductVersionNumber: 6.0.2.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: GRAND
FileDescription: Cabinet
FileVersion: 6.0.2.1
ProgramID: com.embarcadero.Cabinet
ProductName: Cabinet
ProductVersion: 6.0.2.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
440
Monitored processes
310
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cabinet.exe pupilcab.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs slui.exe cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cmd.exe no specs conhost.exe no specs mondriver.exe no specs cabinet.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
320"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
472"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
472"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
516"cmd.exe" /c "C:\ProgramData\CabinetPupils\MonDriver.exe "C:\Windows\SysWOW64\cmd.exePupilCab.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
592"cmd.exe" /c "C:\ProgramData\CabinetPupils\MonDriver.exe "C:\Windows\SysWOW64\cmd.exePupilCab.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
756"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
760"C:\ProgramData\CabinetPupils\MonDriver.exe "C:\ProgramData\CabinetPupils\MonDriver.execmd.exe
User:
admin
Integrity Level:
HIGH
Description:
MonDriver
Exit code:
0
Version:
6.0.2.1
Modules
Images
c:\programdata\cabinetpupils\mondriver.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
768"cmd.exe" /c "C:\ProgramData\CabinetPupils\MonDriver.exe "C:\Windows\SysWOW64\cmd.exePupilCab.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1028\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 230
Read events
9 230
Write events
0
Delete events
0

Modification events

No data
Executable files
14
Suspicious files
17
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
6224Cabinet.exeC:\ProgramData\CabinetPupils\libeay32.dllexecutable
MD5:D3AFB153011566F447E2612732D0925B
SHA256:F32E7C3FFAF3DB93DA44852C0859E5D7A53E7A638C358F6F8BBF981B5616BA6A
6224Cabinet.exeC:\ProgramData\CabinetPupils\libssl32.dllexecutable
MD5:F0B439CCAD4238004001FCCA94FB24FE
SHA256:1E6FB714037D30A6809AC7D1A46F63A8BB858BF33C97AFAA3DDA0D42C337DDEC
6224Cabinet.exeC:\ProgramData\CabinetPupils\updCabinet.exeexecutable
MD5:9617A49FF7F05935F924C8DB22ED55D3
SHA256:CFCBB39263354568EA8491B0925D48499F03C4D3706A4D659D51B48FFFEBAC7F
6224Cabinet.exeC:\ProgramData\CabinetPupils\svcl64.exeexecutable
MD5:49977A93043B27A0D11EDBE30E5A3CE4
SHA256:9BEB888D5C3049AA698A130AC48E4A49C84449F0AC5ADAA993C3C04145EB9671
6224Cabinet.exeC:\ProgramData\CabinetPupils\ssleay32.dllexecutable
MD5:1CCC098E544D3EE7A619E23343F8FD35
SHA256:D4313CE3EDA3132A1B93EAE5E5E40ADD937B748B3033B24B114A390465642C25
6224Cabinet.exeC:\ProgramData\CabinetPupils\ukr.bitbinary
MD5:C7C93BDBCDC45FE1508BE8C8DEE0356A
SHA256:FFEE8381238070717310A862BAC39A6B69C8A6C625440B6006A04B619AFA380A
6224Cabinet.exeC:\ProgramData\CabinetPupils\crin.exeexecutable
MD5:C56CD6A873E360C58DC80796E1FF6CDE
SHA256:BA4F0F99A57739A9BC7612C95496305FDA3AFBFEA012C9478A66299F69C650DF
6224Cabinet.exeC:\ProgramData\CabinetPupils\crin.bakexecutable
MD5:C56CD6A873E360C58DC80796E1FF6CDE
SHA256:BA4F0F99A57739A9BC7612C95496305FDA3AFBFEA012C9478A66299F69C650DF
6224Cabinet.exeC:\ProgramData\CabinetPupils\MonDriver.exeexecutable
MD5:29E9C03A4F4D05065DAAD1BBA21C8283
SHA256:8372B23CB712F37ABDECBD250AC5BC9D9CF3F2CE6538713C308F5881D19149BF
6224Cabinet.exeC:\ProgramData\CabinetPupils\PupilCab.exeexecutable
MD5:55C84EC1126646E07A090B452B4DB66C
SHA256:E3C36CBB95B78A881FD7FF2EED738A884364599F045B5C9E5E94304820BFDC10
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
74
DNS requests
27
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
184.25.50.10:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.25.50.10:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1128
SIHClient.exe
GET
200
184.24.77.27:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
20.190.160.17:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
POST
400
20.190.160.17:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
POST
200
20.190.160.20:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
184.25.50.10:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
184.25.50.10:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 184.25.50.10
  • 184.25.50.8
  • 184.24.77.27
  • 184.24.77.18
  • 184.24.77.23
  • 184.24.77.22
  • 184.24.77.30
  • 184.24.77.24
  • 184.24.77.19
  • 184.24.77.29
  • 184.24.77.31
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.160.3
  • 40.126.32.136
  • 20.190.160.64
  • 40.126.32.140
  • 20.190.160.14
  • 20.190.160.65
  • 20.190.160.131
  • 40.126.32.76
  • 40.126.31.71
  • 40.126.31.67
  • 40.126.31.129
  • 20.190.159.128
  • 20.190.159.68
  • 40.126.31.128
  • 40.126.31.2
  • 40.126.31.1
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.249
whitelisted
nexusrules.officeapps.live.com
  • 52.111.229.43
whitelisted
cabinet.org.ua
  • 51.79.20.123
unknown
s3.bene.space
  • 37.27.114.62
unknown
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO HTTP POST contains pass= in cleartext
Potential Corporate Privacy Violation
ET INFO HTTP POST contains pass= in cleartext
Potential Corporate Privacy Violation
ET INFO HTTP POST contains pass= in cleartext
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Cabinet.exe