URL:

https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini.exe

Full analysis: https://app.any.run/tasks/3e742e77-3a24-4847-aaa7-c672b29b7ce3
Verdict: Malicious activity
Analysis date: August 13, 2019, 13:02:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

A3B42EC5A10723CA4EC441F2D883FE28

SHA1:

3CDB2CD9A3285AECF35384AB2D9966805483BBB4

SHA256:

5146EA8932371E8D7F5F30CFDCB38D21F48B1F003BF3D858C89B91C922AB15B6

SSDEEP:

3:N8/WTVwTAAFKsyAQw6yHN:2UuFDTQPyHN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • 360TS_Setup_Mini[1].exe (PID: 3492)

    • Application was dropped or rewritten from another process

      • 360TS_Setup_Mini[1].exe (PID: 3492)
      • 360TS_Setup_Mini[1].exe (PID: 2916)

    • Changes settings of System certificates

      • 360TS_Setup_Mini[1].exe (PID: 3492)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3640)
      • 360TS_Setup_Mini[1].exe (PID: 3492)
      • iexplore.exe (PID: 2632)

    • Reads Internet Cache Settings

      • 360TS_Setup_Mini[1].exe (PID: 3492)

    • Connects to unusual port

      • 360TS_Setup_Mini[1].exe (PID: 3492)

    • Low-level read access rights to disk partition

      • 360TS_Setup_Mini[1].exe (PID: 3492)

    • Adds / modifies Windows certificates

      • 360TS_Setup_Mini[1].exe (PID: 3492)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3640)
      • iexplore.exe (PID: 2632)

    • Reads settings of System Certificates

      • 360TS_Setup_Mini[1].exe (PID: 3492)

    • Changes internet zones settings

      • iexplore.exe (PID: 2632)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start iexplore.exe iexplore.exe 360ts_setup_mini[1].exe no specs 360ts_setup_mini[1].exe

Process information

PID
CMD
Path
Indicators
Parent process
2632"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2916"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exeiexplore.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
MEDIUM
Description:
360 Total Security Online Installer
Exit code:
3221226540
Version:
6, 6, 0, 1053
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\360ts_setup_mini[1].exe
c:\systemroot\system32\ntdll.dll
3492"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\360TS_Setup_Mini[1].exe
iexplore.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
HIGH
Description:
360 Total Security Online Installer
Exit code:
0
Version:
6, 6, 0, 1053
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\360ts_setup_mini[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3640"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2632 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
702
Read events
615
Write events
84
Delete events
3

Modification events

(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{A56A6E93-BDCA-11E9-9885-5254004A04AF}
Value:
0
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(2632) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307080002000D000D00020030006301
Executable files
3
Suspicious files
2
Text files
10
Unknown types
4

Dropped files

PID
Process
Filename
Type
2632iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFBCA295DC12D54E33.TMP
MD5:
SHA256:
3492360TS_Setup_Mini[1].exeC:\Users\admin\AppData\Local\Temp\{16317D66-02BD-47d2-8D7A-89467AB3D728}.tmp
MD5:
SHA256:
3492360TS_Setup_Mini[1].exeC:\Users\admin\AppData\Local\Temp\!@tBDC6.tmp.P2P
MD5:
SHA256:
3492360TS_Setup_Mini[1].exeC:\Users\admin\AppData\Local\Temp\C__Users_admin_AppData_Local_Temp_!@tBDC6.tmp.mem
MD5:
SHA256:
3492360TS_Setup_Mini[1].exeC:\Users\admin\AppData\Local\Temp\!@tBDC6.tmp.dir\setup.ini
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF0910F29DF0E404A0.TMP
MD5:
SHA256:
2632iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A56A6E93-BDCA-11E9-9885-5254004A04AF}.dat
MD5:
SHA256:
3640iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
37
DNS requests
9
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
200
18.184.178.29:80
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=cfe1ce9b8f5123cc37f394accff90c49&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=655&tdl=655&tds=655&terr=0&tes=Status|1,ErrorCode|0,DnCount|3,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|655,P2PS|0,PDMode|2&tfl=655&tp=t&tst=1&ttdl=655&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
US
suspicious
3492
360TS_Setup_Mini[1].exe
GET
200
18.184.178.29:80
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1053&pid=101&os=6.1&mid=cfe1ce9b8f5123cc37f394accff90c49&state=153
US
suspicious
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_10.6.0.1179.exe
US
malicious
3492
360TS_Setup_Mini[1].exe
GET
200
5.254.23.114:80
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
RO
compressed
655 b
malicious
3492
360TS_Setup_Mini[1].exe
GET
200
13.35.254.218:80
http://sd.p.360safe.com/12B38B9A9007822577C031E4F55CF2105EBA139A.trt
US
torrent
13.0 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2632
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3640
iexplore.exe
5.254.23.114:443
free.360totalsecurity.com
RO
malicious
3492
360TS_Setup_Mini[1].exe
54.77.42.29:3478
st.p.360safe.com
Amazon.com, Inc.
IE
unknown
3492
360TS_Setup_Mini[1].exe
18.184.178.29:80
s.360safe.com
US
suspicious
3492
360TS_Setup_Mini[1].exe
5.254.23.114:80
free.360totalsecurity.com
RO
malicious
3492
360TS_Setup_Mini[1].exe
82.145.215.152:443
orion.ts.360.com
Opera Software AS
unknown
52.214.9.152:3478
Amazon.com, Inc.
IE
unknown
89.187.165.34:20703
O2 Czech Republic, a.s.
CZ
unknown
3492
360TS_Setup_Mini[1].exe
54.76.174.118:80
tr.p.360safe.com
Amazon.com, Inc.
IE
unknown
105.102.209.24:10034
Telecom Algeria
DZ
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
free.360totalsecurity.com
  • 5.254.23.114
whitelisted
st.p.360safe.com
  • 54.77.42.29
unknown
s.360safe.com
  • 18.184.178.29
  • 52.29.179.141
suspicious
orion.ts.360.com
  • 82.145.215.152
unknown
iup.360safe.com
  • 5.254.23.114
malicious
tr.p.360safe.com
  • 54.76.174.118
unknown
int.down.360safe.com
  • 104.192.108.18
  • 104.192.108.21
malicious
sd.p.360safe.com
  • 13.35.254.218
  • 13.35.254.32
  • 13.35.254.27
  • 13.35.254.195
whitelisted

Threats

PID
Process
Class
Message
3492
360TS_Setup_Mini[1].exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
3492
360TS_Setup_Mini[1].exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
3492
360TS_Setup_Mini[1].exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
3492
360TS_Setup_Mini[1].exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini.exe