File name:

wnetwatcher_setup.exe

Full analysis: https://app.any.run/tasks/303145d4-b352-4ee5-8aee-5df4b6ec9626
Verdict: Malicious activity
Analysis date: January 25, 2024, 23:07:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

064ADD879014AB581A4CDCBA9CFCB6A3

SHA1:

69D0BD8143108282F6B99C8C153A4C21100477C9

SHA256:

56D8B9F5B0ED859EE99463519619E7201DCF696DAA86858FD5CE7CAEEB377BF0

SSDEEP:

12288:hT+yVvtWEbTq0ovxuG5Uag8BTSVlSB3y5cVkTVr3uL6HdSfps:ZWOTq0optuajBTSVlSZyCVkTVr3u8dSO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • wnetwatcher_setup.exe (PID: 1924)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • wnetwatcher_setup.exe (PID: 1924)

  • INFO

    • Checks supported languages

      • wnetwatcher_setup.exe (PID: 1924)
      • wmpnscfg.exe (PID: 3892)
      • WNetWatcher.exe (PID: 2804)

    • Creates files in the program directory

      • wnetwatcher_setup.exe (PID: 1924)
      • WNetWatcher.exe (PID: 2804)

    • Reads the computer name

      • WNetWatcher.exe (PID: 2804)
      • wnetwatcher_setup.exe (PID: 1924)
      • wmpnscfg.exe (PID: 3892)

    • NirSoft software is detected

      • WNetWatcher.exe (PID: 2804)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3892)

    • Create files in a temporary directory

      • wnetwatcher_setup.exe (PID: 1924)

    • Creates files or folders in the user directory

      • wnetwatcher_setup.exe (PID: 1924)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:05:03 16:08:42+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x3225
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wnetwatcher_setup.exe wnetwatcher.exe no specs wmpnscfg.exe no specs wnetwatcher_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1036"C:\Users\admin\AppData\Local\Temp\wnetwatcher_setup.exe" C:\Users\admin\AppData\Local\Temp\wnetwatcher_setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\wnetwatcher_setup.exe
c:\windows\system32\ntdll.dll
1924"C:\Users\admin\AppData\Local\Temp\wnetwatcher_setup.exe" C:\Users\admin\AppData\Local\Temp\wnetwatcher_setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\wnetwatcher_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2804"C:\Program Files\NirSoft\Wireless Network Watcher\WNetWatcher.exe"C:\Program Files\NirSoft\Wireless Network Watcher\WNetWatcher.exewnetwatcher_setup.exe
User:
admin
Company:
NirSoft
Integrity Level:
HIGH
Description:
Wireless Network Watcher
Exit code:
0
Version:
2.12
Modules
Images
c:\program files\nirsoft\wireless network watcher\wnetwatcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3892"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
991
Read events
991
Write events
0
Delete events
0

Modification events

No data
Executable files
5
Suspicious files
5
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Local\Temp\nsv955B.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Wireless Network Watcher.lnkbinary
MD5:952EBE1C769CF37F2E9946C1CE0573A6
SHA256:989E14A0E5FE301863E528DBA951CBE617B9C4AAF4753F0FCB656BB9673D4AEA
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Local\Temp\nsv955A.tmpbinary
MD5:F442BD03862C44DB385306FC0BC1CEDE
SHA256:25C162D4B65FDF106BF07A2396077CB5D2F78A9EC64BFE8DCFC9804F8051C588
1924wnetwatcher_setup.exeC:\Program Files\NirSoft\Wireless Network Watcher\uninst.exeexecutable
MD5:6AB99921D1385DD56FB4B791DA60A030
SHA256:E086E0DD1DB0ACB3F45B8352EC2CA787DC903AB4927A6153267823B189183456
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Local\Temp\nsv955B.tmp\StartMenu.dllexecutable
MD5:8262FBC2A172FF04146E7587649D7091
SHA256:AC53840D019B746AB5DABAA40D7720C9A4487C861B155926454BF8B10BD0963D
1924wnetwatcher_setup.exeC:\Program Files\NirSoft\Wireless Network Watcher\WNetWatcher.chmbinary
MD5:248FA1081A209B92469426B1557931E4
SHA256:0CB705DA5A33924AF314D9F921B4CF34C63C867F9ED2C12870FE1A0E6491C9CB
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Uninstall.lnkbinary
MD5:2F9DF4439E3437F041557520A6DB1E24
SHA256:72DE22E917879B29188E67A0FBAA44244EC0375A1B82F1CFF2FD6B08A06CAA61
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher\Wireless Network Watcher Help.lnkbinary
MD5:6273E77378C72BFB62783B82F20C3167
SHA256:C3CFECFE07F2D4A56A97F7F99A592DB67FAC308558A50F41537D4F8CD5E4DC11
1924wnetwatcher_setup.exeC:\Users\admin\AppData\Local\Temp\nsv955B.tmp\ioSpecial.initext
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
1924wnetwatcher_setup.exeC:\Program Files\NirSoft\Wireless Network Watcher\WNetWatcher.exeexecutable
MD5:AA4CBB3546298FA9C67DC8412E71DD19
SHA256:DBFA6E3C7FA1706C970EAB16A5E399AE7B64F08738A4E3C13038EDD767C3976D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
11
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.1:137
unknown
4
System
192.168.100.2:137
whitelisted

DNS requests

Domain
IP
Reputation
1.100.168.192.in-addr.arpa
unknown
2.100.168.192.in-addr.arpa
unknown
182.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
wnetwatcher_setup.exe