URL:

http://cdn.discordapp.com/attachments/1260277390009958564/1269734665380429965/Snake_IT_Project.zip?ex=66b1240e&is=66afd28e&hm=38be7d331e5115ad484087db1af6ab6d5328393a9e070526b51f93454a1b36c3&

Full analysis: https://app.any.run/tasks/370fe360-8583-40ed-9100-bb9d91895d6c
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 04, 2024, 21:18:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
payload
stealer
Indicators:
MD5:

DD0D3DA79B6701B8787FE942FE6E9E0E

SHA1:

F22DF50224BDC119DE7412A58E2213C2BC9CB0D4

SHA256:

537DE62CBC0BAD6999D728B74BEA2B1C8299692811F9F4CB618AAAD283D592BC

SSDEEP:

3:N1KdBLGWdy6//Op5QdGRLcLTca7XhfZHV4GtS8DMXEdXdhY1h7xNED6TryKYSW8:CX/y6X+5hRLod7XhfZHVLtS8QXEdXXYP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Snake_IT_Project.exe (PID: 4540)
      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Actions looks like stealing of personal data

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

  • SUSPICIOUS

    • Discord domain found in command line (probably downloading payload)

      • msedge.exe (PID: 6288)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 1216)
      • Snake_IT_Project.exe (PID: 4540)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Snake_IT_Project.exe (PID: 4540)

    • Drops 7-zip archiver for unpacking

      • Snake_IT_Project.exe (PID: 4540)

    • The process creates files with name similar to system file names

      • Snake_IT_Project.exe (PID: 4540)

    • Executable content was dropped or overwritten

      • Snake_IT_Project.exe (PID: 4540)
      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Process drops legitimate windows executable

      • Snake_IT_Project.exe (PID: 4540)

    • Creates a software uninstall entry

      • Snake_IT_Project.exe (PID: 4540)

    • Starts CMD.EXE for commands execution

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 6428)
      • cmd.exe (PID: 5052)
      • cmd.exe (PID: 2096)

    • Get information on the list of running processes

      • cmd.exe (PID: 8016)
      • cmd.exe (PID: 7016)
      • Snake_IT_Project.exe (PID: 7648)
      • cmd.exe (PID: 4104)
      • Snake_IT_Project.exe (PID: 752)
      • cmd.exe (PID: 4016)
      • cmd.exe (PID: 5112)
      • cmd.exe (PID: 1860)
      • Snake_IT_Project.exe (PID: 2396)
      • cmd.exe (PID: 6652)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 6816)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 7980)
      • WMIC.exe (PID: 368)
      • WMIC.exe (PID: 7500)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 8060)

    • Cryptography encrypted command line is found

      • cmd.exe (PID: 5244)
      • cmd.exe (PID: 7024)
      • powershell.exe (PID: 7460)
      • powershell.exe (PID: 6720)
      • cmd.exe (PID: 6952)
      • cmd.exe (PID: 7620)
      • powershell.exe (PID: 1360)
      • powershell.exe (PID: 2384)
      • cmd.exe (PID: 7596)
      • powershell.exe (PID: 6500)
      • powershell.exe (PID: 7092)
      • cmd.exe (PID: 6828)

    • Detected use of alternative data streams (AltDS)

      • powershell.exe (PID: 7460)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 5244)
      • cmd.exe (PID: 7620)
      • cmd.exe (PID: 6952)
      • cmd.exe (PID: 7596)
      • cmd.exe (PID: 6828)

    • Application launched itself

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Uses WMIC.EXE to obtain BIOS management information

      • cmd.exe (PID: 1104)
      • cmd.exe (PID: 7848)
      • cmd.exe (PID: 6712)

    • Uses WMIC.EXE to obtain memory chip information

      • cmd.exe (PID: 6580)
      • cmd.exe (PID: 3068)
      • cmd.exe (PID: 3984)

    • Uses WMIC.EXE to obtain operating system information

      • cmd.exe (PID: 6512)
      • cmd.exe (PID: 3476)
      • cmd.exe (PID: 7272)

    • Accesses operating system name via WMI (SCRIPT)

      • WMIC.exe (PID: 7144)
      • WMIC.exe (PID: 6992)
      • WMIC.exe (PID: 6248)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6288)
      • msedge.exe (PID: 6532)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6288)
      • msedge.exe (PID: 6532)

    • Reads Environment values

      • identity_helper.exe (PID: 7604)
      • identity_helper.exe (PID: 1884)
      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Attempting to use instant messaging service

      • msedge.exe (PID: 6612)

    • Checks supported languages

      • identity_helper.exe (PID: 7604)
      • Snake_IT_Project.exe (PID: 4540)
      • identity_helper.exe (PID: 1884)
      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 6516)
      • Snake_IT_Project.exe (PID: 6492)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 7180)
      • Snake_IT_Project.exe (PID: 2436)
      • Snake_IT_Project.exe (PID: 2396)
      • Snake_IT_Project.exe (PID: 4192)
      • Snake_IT_Project.exe (PID: 7872)

    • Reads the computer name

      • identity_helper.exe (PID: 7604)
      • Snake_IT_Project.exe (PID: 4540)
      • Snake_IT_Project.exe (PID: 7648)
      • identity_helper.exe (PID: 1884)
      • Snake_IT_Project.exe (PID: 6516)
      • Snake_IT_Project.exe (PID: 6492)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 7180)
      • Snake_IT_Project.exe (PID: 2436)
      • Snake_IT_Project.exe (PID: 2396)
      • Snake_IT_Project.exe (PID: 7872)
      • Snake_IT_Project.exe (PID: 4192)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 6288)

    • The process uses the downloaded file

      • msedge.exe (PID: 6288)
      • msedge.exe (PID: 3540)
      • WinRAR.exe (PID: 1216)

    • Create files in a temporary directory

      • Snake_IT_Project.exe (PID: 4540)
      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Creates files or folders in the user directory

      • Snake_IT_Project.exe (PID: 4540)
      • Snake_IT_Project.exe (PID: 7648)

    • Manual execution by a user

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Reads product name

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 8080)
      • WMIC.exe (PID: 7980)
      • WMIC.exe (PID: 6648)
      • WMIC.exe (PID: 7144)
      • WMIC.exe (PID: 2480)
      • WMIC.exe (PID: 368)
      • WMIC.exe (PID: 6992)
      • WMIC.exe (PID: 5600)
      • WMIC.exe (PID: 7496)
      • WMIC.exe (PID: 7500)
      • WMIC.exe (PID: 7132)
      • WMIC.exe (PID: 6248)

    • Reads the machine GUID from the registry

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)

    • Checks proxy server information

      • Snake_IT_Project.exe (PID: 7648)
      • Snake_IT_Project.exe (PID: 752)
      • Snake_IT_Project.exe (PID: 2396)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
282
Monitored processes
144
Malicious processes
7
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs snake_it_project.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs snake_it_project.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs snake_it_project.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs snake_it_project.exe no specs wmic.exe no specs find.exe no specs wmic.exe no specs snake_it_project.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs snake_it_project.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs snake_it_project.exe no specs wmic.exe no specs wmic.exe no specs find.exe no specs snake_it_project.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs powershell.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs snake_it_project.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs snake_it_project.exe no specs wmic.exe no specs wmic.exe no specs find.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
368wmic path win32_computersystemproduct get uuidC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
752"C:\Users\admin\AppData\Local\Programs\Snake_IT_Project\Snake_IT_Project.exe" C:\Users\admin\AppData\Local\Programs\Snake_IT_Project\Snake_IT_Project.exe
explorer.exe
User:
admin
Company:
Unity-Game
Integrity Level:
MEDIUM
Description:
Snake_IT_Project
Exit code:
1
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\programs\snake_it_project\snake_it_project.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\users\admin\appdata\local\programs\snake_it_project\ffmpeg.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\dbghelp.dll
840tasklistC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1104C:\WINDOWS\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"C:\Windows\System32\cmd.exeSnake_IT_Project.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Snake_IT_Project.zip"C:\Program Files\WinRAR\WinRAR.exemsedge.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1360powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,7,104,106,19,244,3,72,70,145,69,23,254,229,195,123,51,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,168,107,224,243,105,130,17,51,102,224,140,169,25,63,129,98,209,82,74,216,20,214,48,1,80,87,163,100,64,229,54,249,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,132,11,193,237,28,124,20,248,68,43,119,128,170,188,163,135,70,173,95,25,54,72,132,203,73,66,254,134,25,129,164,238,48,0,0,0,209,12,254,148,255,228,245,184,135,231,116,216,209,99,55,22,50,218,43,53,171,135,191,123,48,106,132,195,12,39,54,231,71,239,11,215,155,70,31,236,173,237,167,158,33,172,150,130,64,0,0,0,111,170,54,27,62,222,66,183,53,90,197,175,213,50,248,82,39,84,226,43,204,78,118,131,194,34,50,93,146,1,196,126,22,88,91,165,175,223,151,47,9,17,56,1,13,30,3,242,31,213,100,134,95,181,233,109,69,108,99,91,11,54,148,132), $null, 'CurrentUser')C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\atl.dll
1432\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
63 503
Read events
63 333
Write events
166
Delete events
4

Modification events

(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6288) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge
Operation:writeName:UsageStatsInSample
Value:
1
(PID) Process:(6288) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6288) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:urlstats
Value:
0
Executable files
33
Suspicious files
224
Text files
114
Unknown types
18

Dropped files

PID
Process
Filename
Type
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe4b7c.TMP
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe4b7c.TMP
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe4b7c.TMP
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFe4b7c.TMP
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe4b7c.TMP
MD5:
SHA256:
6288msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
78
DNS requests
56
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4920
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4920
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6008
svchost.exe
HEAD
200
23.48.23.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0b8df384-7776-4d34-92b7-bfc968353145?P1=1723190736&P2=404&P3=2&P4=I7GIWsMvguE90gwfrX1k1ykCNFfNvbxz%2fNvxH4As627r3wPOgmIu%2brV7GSKlAcUXu1AOEL9jT4Uw97rKU%2fsy5A%3d%3d
unknown
whitelisted
2136
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3136
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6008
svchost.exe
GET
206
23.48.23.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0b8df384-7776-4d34-92b7-bfc968353145?P1=1723190736&P2=404&P3=2&P4=I7GIWsMvguE90gwfrX1k1ykCNFfNvbxz%2fNvxH4As627r3wPOgmIu%2brV7GSKlAcUXu1AOEL9jT4Uw97rKU%2fsy5A%3d%3d
unknown
whitelisted
6008
svchost.exe
GET
206
23.48.23.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0b8df384-7776-4d34-92b7-bfc968353145?P1=1723190736&P2=404&P3=2&P4=I7GIWsMvguE90gwfrX1k1ykCNFfNvbxz%2fNvxH4As627r3wPOgmIu%2brV7GSKlAcUXu1AOEL9jT4Uw97rKU%2fsy5A%3d%3d
unknown
whitelisted
6008
svchost.exe
GET
206
23.48.23.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0b8df384-7776-4d34-92b7-bfc968353145?P1=1723190736&P2=404&P3=2&P4=I7GIWsMvguE90gwfrX1k1ykCNFfNvbxz%2fNvxH4As627r3wPOgmIu%2brV7GSKlAcUXu1AOEL9jT4Uw97rKU%2fsy5A%3d%3d
unknown
whitelisted
6008
svchost.exe
GET
206
23.48.23.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0b8df384-7776-4d34-92b7-bfc968353145?P1=1723190736&P2=404&P3=2&P4=I7GIWsMvguE90gwfrX1k1ykCNFfNvbxz%2fNvxH4As627r3wPOgmIu%2brV7GSKlAcUXu1AOEL9jT4Uw97rKU%2fsy5A%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4664
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
5600
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
6288
msedge.exe
239.255.255.250:1900
whitelisted
6612
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6612
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
6612
msedge.exe
13.107.246.60:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
6612
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.174
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.60
whitelisted
cdn.discordapp.com
  • 162.159.129.233
  • 162.159.133.233
  • 162.159.135.233
  • 162.159.134.233
  • 162.159.130.233
shared
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.48.23.26
  • 23.48.23.51
whitelisted
update.googleapis.com
  • 142.250.185.131
whitelisted
edgeservices.bing.com
  • 95.100.146.17
  • 95.100.146.35
  • 95.100.146.26
  • 95.100.146.27
  • 95.100.146.33
  • 95.100.146.10
  • 95.100.146.32
  • 95.100.146.19
whitelisted

Threats

PID
Process
Class
Message
6612
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6612
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6612
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6612
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6612
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://cdn.discordapp.com/attachments/1260277390009958564/1269734665380429965/Snake_IT_Project.zip?ex=66b1240e&is=66afd28e&hm=38be7d331e5115ad484087db1af6ab6d5328393a9e070526b51f93454a1b36c3&