File name:

claro.exe

Full analysis: https://app.any.run/tasks/235bd9db-5ac9-4f4b-a631-c00fb2a874e2
Verdict: Malicious activity
Analysis date: February 26, 2024, 15:41:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

04A76E6EFDBEA5C27F02E7F751F2C34C

SHA1:

D201F120F17A134FE5F3AA46C225ECA3016C35D8

SHA256:

53DCABEECA0E431FA8CB4054303F9F3DDACCC55C9FCE93344903D2C569435E84

SSDEEP:

49152:LXHpyD/CFccOM9+HSOMys7+33WdkCliQz0SeLKxRlcKSKmF9EAMs9ZY9BQ97AjFR:HFZgHSv7+WdNliQz0Se2x3cK1mF9EZss

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • claro.exe (PID: 3848)
      • claro.exe (PID: 2160)

  • SUSPICIOUS

    • Reads the Internet Settings

      • claro.exe (PID: 2160)
      • claro.exe (PID: 3848)

    • Executable content was dropped or overwritten

      • claro.exe (PID: 2160)
      • claro.exe (PID: 3848)

    • Reads security settings of Internet Explorer

      • claro.exe (PID: 2160)
      • claro.exe (PID: 3848)

  • INFO

    • Create files in a temporary directory

      • claro.exe (PID: 2160)
      • claro.exe (PID: 3848)

    • Manual execution by a user

      • claro.exe (PID: 3848)

    • Checks supported languages

      • claro.exe (PID: 2160)
      • wmpnscfg.exe (PID: 604)
      • Install Claro.exe (PID: 3692)
      • Install Claro.exe (PID: 3460)
      • claro.exe (PID: 3848)

    • Reads the computer name

      • claro.exe (PID: 2160)
      • claro.exe (PID: 3848)
      • wmpnscfg.exe (PID: 604)

    • Creates files or folders in the user directory

      • Install Claro.exe (PID: 3692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:07:26 12:51:34+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 92672
InitializedDataSize: 89600
UninitializedDataSize: -
EntryPoint: 0x1360
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start claro.exe install claro.exe no specs claro.exe install claro.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
604"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Users\admin\Desktop\claro.exe" C:\Users\admin\Desktop\claro.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\claro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3460"C:\Users\admin\AppData\Local\Temp\AIR50EA.tmp\Install Claro.exe" C:\Users\admin\AppData\Local\Temp\AIR50EA.tmp\Install Claro.execlaro.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe Bootstrapping Utility
Exit code:
0
Version:
33.1.1.926
Modules
Images
c:\users\admin\appdata\local\temp\air50ea.tmp\install claro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3692"C:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Install Claro.exe" C:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Install Claro.execlaro.exe
User:
admin
Company:
Adobe
Integrity Level:
MEDIUM
Description:
Adobe Bootstrapping Utility
Exit code:
0
Version:
33.1.1.926
Modules
Images
c:\users\admin\appdata\local\temp\airfcee.tmp\install claro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3848"C:\Users\admin\Desktop\claro.exe" C:\Users\admin\Desktop\claro.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\claro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
5 167
Read events
5 151
Write events
16
Delete events
0

Modification events

(PID) Process:(2160) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2160) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2160) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2160) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3848) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3848) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3848) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3848) claro.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
6
Suspicious files
4
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Install Claro.exeexecutable
MD5:0589EAE203A04C7ED207A19A6AEC2EEE
SHA256:CC094E18BB50E25C1DE0B85082246769757DF22305B5422371E324EB3459CE1B
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\AppIconsForPublish\logo_16.pngimage
MD5:EB6178BC9757A9CD322E9DB7FE008878
SHA256:AD77B3EBBF867D3FDC8FFB93F26CA59837615BD5FFE60858F3208482FABA5D19
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\assets\config\ui.xmlxml
MD5:17A4F677E7935FCFCFD152F79F5517D4
SHA256:744B2F6C33DCFA9AA01C7BC00C9322C3BCC494C4B63CEDD7E5FDF02E630D61BD
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\assets\config\config.xmlxml
MD5:2DBA1899530BEC2342E390728C814D4B
SHA256:8BB12F2578D723214AE10243CCECFB2151662C7F5335CE0B0BBB8ACA1B83B46D
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\AppIconsForPublish\logo_128.pngimage
MD5:923A201AE4510719175346291718AA2C
SHA256:07020EA9A1982DC76EA0681E26198DFA5BF5F5AA2603C00C34A681C9E48EA03D
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\.launchtext
MD5:926A70FB9492218C1C35428B37001460
SHA256:55960CC78DAE8A0ABA864FABE09A495B05678073765A939ACAE95DD0838F4C0A
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\AppIconsForPublish\logo_32.pngimage
MD5:091AC86BF4CBC170E86870AF0F703575
SHA256:ECF1C4F23B736BEECFED329EA6874C9C5B8EE5279DAC3A581A6DB3F206EDFE11
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\assets\img\icono_internacional.pngimage
MD5:582A2B4CFA3E9B16896F07BE0E8E7C59
SHA256:E80500C33B4D66CB6C5C14CD0A4D8336382637DE3FEC3EDFBB889BEE7C860AD1
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\mimetypetext
MD5:60649E4365437442732EE45233B18F0C
SHA256:D3FA026FCE131CA31A82D2340F2D0AA2012EF764DE81D7ACA91AFF7255DCB757
2160claro.exeC:\Users\admin\AppData\Local\Temp\AIRFCEE.tmp\Claro\assets\img\icono_peru.pngimage
MD5:EC2C246A358FBEECC5569E412629A898
SHA256:4A1683B1622FF5EEF67D56AC2656EE3A8BECF34664BBE16A223289DE3575CE46
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
claro.exe