File name:

EcMenu_x64.exe

Full analysis: https://app.any.run/tasks/c14fc8ca-b0a2-4688-9a6f-1cd05fbb1105
Verdict: Malicious activity
Analysis date: November 30, 2024, 13:02:37
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
autoit
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 5 sections
MD5:

D4CAE9981946B6E2FB1CF52EEDD10261

SHA1:

721E03A68539A11C72A0BE3849DBB34A4989E3FA

SHA256:

4FC2CCF80F1DA2B3DB3F1E03A343865E255A176637FBB39B4DFE790692C7E250

SSDEEP:

24576:+2DW/xb2X2YIbpQsu3/PNLlQ7HyR12Cv7OubJmnFNmmFx:+2EiXoQsW/PNhQLJFjFNmW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • EcMenu_x64.exe (PID: 6340)

    • Reads the date of Windows installation

      • EcMenu_x64.exe (PID: 6340)

    • Reads security settings of Internet Explorer

      • EcMenu_x64.exe (PID: 6340)

  • INFO

    • Checks supported languages

      • EcMenu_x64.exe (PID: 6340)
      • EcMenu_x64.exe (PID: 6536)

    • Reads mouse settings

      • EcMenu_x64.exe (PID: 6340)
      • EcMenu_x64.exe (PID: 6536)

    • Reads the computer name

      • EcMenu_x64.exe (PID: 6536)
      • EcMenu_x64.exe (PID: 6340)

    • The process uses AutoIt

      • EcMenu_x64.exe (PID: 6536)

    • Create files in a temporary directory

      • EcMenu_x64.exe (PID: 6536)
      • EcMenu_x64.exe (PID: 6340)

    • Process checks computer location settings

      • EcMenu_x64.exe (PID: 6340)

    • The process uses the downloaded file

      • EcMenu_x64.exe (PID: 6340)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2010:04:16 07:47:52+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware
PEType: PE32+
LinkerVersion: 9
CodeSize: 613376
InitializedDataSize: 254464
UninitializedDataSize: -
EntryPoint: 0x1d47c
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.0
ProductVersionNumber: 1.6.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 1.6.0.0
Comments: Easily add to right-click menu options
FileDescription: Easy Context Menu
LegalCopyright: Copyright © 2014 - 2015 www.sordum.org All Rights Reserved.
Coder: By BlueLife
CompanyName: www.sordum.org
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
112
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ecmenu_x64.exe no specs ecmenu_x64.exe

Process information

PID
CMD
Path
Indicators
Parent process
6340"C:\Users\admin\Desktop\EcMenu_x64.exe" C:\Users\admin\Desktop\EcMenu_x64.exeexplorer.exe
User:
admin
Company:
www.sordum.org
Integrity Level:
MEDIUM
Description:
Easy Context Menu
Exit code:
0
Version:
1.6.0.0
Modules
Images
c:\users\admin\desktop\ecmenu_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
6536"C:\Users\admin\Desktop\EcMenu_x64.exe" /IsAdmin C:\Users\admin\Desktop\EcMenu_x64.exe
EcMenu_x64.exe
User:
admin
Company:
www.sordum.org
Integrity Level:
HIGH
Description:
Easy Context Menu
Version:
1.6.0.0
Modules
Images
c:\users\admin\desktop\ecmenu_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\gdi32.dll
Total events
298
Read events
298
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
6340EcMenu_x64.exeC:\Users\admin\AppData\Local\Temp\aut62A5.tmpbinary
MD5:117C2BB90BD840682F8393297BFE1901
SHA256:4C455C727BC82959CC044E8AA7F5ED3A27BFE35B95CEE2C99DA06D0AD4E68CBE
6340EcMenu_x64.exeC:\Users\admin\AppData\Local\Temp\cvsftwftext
MD5:101799D3FAEC5796B02CF5BEE1B7D143
SHA256:3082F7A2ECEDF8E1E2B6BBAE46F56305A8ED423A4F6FEB175EDBC6CED339DC31
6536EcMenu_x64.exeC:\Users\admin\AppData\Local\Temp\rbexwrmtext
MD5:101799D3FAEC5796B02CF5BEE1B7D143
SHA256:3082F7A2ECEDF8E1E2B6BBAE46F56305A8ED423A4F6FEB175EDBC6CED339DC31
6536EcMenu_x64.exeC:\Users\admin\Desktop\Files\Items.initext
MD5:4EE6F3BBD09723F1B6ED6353BCED55CC
SHA256:772B1A481C39D497F44524B17E76675C32B0E8B57822923E08306CC441ED5E72
6536EcMenu_x64.exeC:\Users\admin\Desktop\Files\EcMenu.initext
MD5:BA8C49EB4C55388BF6690A7B58BCE4E0
SHA256:6B88FCD42CF3DB2F3A7F8010B8A2D87CBD8EB801063642DE5B94070D8A2A10F8
6536EcMenu_x64.exeC:\Users\admin\AppData\Local\Temp\aut6555.tmpbinary
MD5:117C2BB90BD840682F8393297BFE1901
SHA256:4C455C727BC82959CC044E8AA7F5ED3A27BFE35B95CEE2C99DA06D0AD4E68CBE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
19
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 216.58.212.174
whitelisted
self.events.data.microsoft.com
  • 20.50.201.204
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EcMenu_x64.exe