File name:

NXiSAS.exe

Full analysis: https://app.any.run/tasks/25a07330-406d-410a-974f-0d625f26cce3
Verdict: Malicious activity
Analysis date: May 13, 2024, 02:34:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

044912F16A950CD4E197B730C41DFCBB

SHA1:

82081128732C197ABE3D5F50C814BDB61BE3FD79

SHA256:

59778594CBE8F3AAD11EBFA2A7C7E89BFFAF6057AB85BC4BB570297764236E46

SSDEEP:

98304:xj2edHQlBS5RPFVOCD4FZMXVcKVX27taeld18UKSH7w2Cm2UK658cj/GiBz4xNC1:DK+UwTi9x+0BS/IXI54Sz3hZ5Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • NXiSAS.exe (PID: 4076)
      • iSASNXHTTPS.exe (PID: 2116)

    • Creates a writable file in the system directory

      • iSASNXHTTPS.exe (PID: 2116)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iSASNXHTTPS.exe (PID: 2116)
      • NXiSAS.exe (PID: 4076)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • NXiSAS.exe (PID: 4076)

    • Executes as Windows Service

      • iSASWebLauncher.exe (PID: 2108)

    • The process creates files with name similar to system file names

      • NXiSAS.exe (PID: 4076)

    • Checks Windows Trust Settings

      • iSASNXHTTPS.exe (PID: 2116)

    • Creates a software uninstall entry

      • NXiSAS.exe (PID: 4076)

  • INFO

    • Checks supported languages

      • NXiSAS.exe (PID: 4076)
      • wmpnscfg.exe (PID: 328)
      • iSASWebLauncher.exe (PID: 2108)
      • iSASNXHTTPS.exe (PID: 2116)

    • Reads the computer name

      • wmpnscfg.exe (PID: 328)
      • NXiSAS.exe (PID: 4076)
      • iSASWebLauncher.exe (PID: 2108)
      • iSASNXHTTPS.exe (PID: 2116)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 328)

    • Create files in a temporary directory

      • NXiSAS.exe (PID: 4076)

    • Creates files in the program directory

      • NXiSAS.exe (PID: 4076)
      • iSASNXHTTPS.exe (PID: 2116)

    • Reads the machine GUID from the registry

      • iSASNXHTTPS.exe (PID: 2116)

    • Reads the software policy settings

      • iSASNXHTTPS.exe (PID: 2116)

    • Reads CPU info

      • iSASNXHTTPS.exe (PID: 2116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:43+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x3645
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2024.3.29.0
ProductVersionNumber: 2024.3.29.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Korean
CharacterSet: Windows, Korea (Shift - KSC 5601)
CompanyName: Coocon Corp.
FileDescription: https://www.coocon.net
FileVersion: 2024.3.29.0
InternalName: NXISAS
LegalCopyright: -
ProductName: NXISAS
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
5
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start nxisas.exe isasweblauncher.exe isasnxhttps.exe wmpnscfg.exe no specs nxisas.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
328"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2108"C:\Program Files\Coocon\NXiSAS\iSASWebLauncher.exe"C:\Program Files\Coocon\NXiSAS\iSASWebLauncher.exe
services.exe
User:
SYSTEM
Company:
coocon
Integrity Level:
SYSTEM
Description:
iSASWebLauncher
Version:
2023.9.1.0
Modules
Images
c:\program files\coocon\nxisas\isasweblauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2116"C:\Program Files\Coocon\NXiSAS\iSASNXHTTPS.exe" AppParametersC:\Program Files\Coocon\NXiSAS\iSASNXHTTPS.exe
iSASWebLauncher.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
iSASNXHTTPS
Version:
2030.2024.3.29
Modules
Images
c:\program files\coocon\nxisas\isasnxhttps.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
3964"C:\Users\admin\AppData\Local\Temp\NXiSAS.exe" C:\Users\admin\AppData\Local\Temp\NXiSAS.exeexplorer.exe
User:
admin
Company:
Coocon Corp.
Integrity Level:
MEDIUM
Description:
https://www.coocon.net
Exit code:
3221226540
Version:
2024.3.29.0
Modules
Images
c:\users\admin\appdata\local\temp\nxisas.exe
c:\windows\system32\ntdll.dll
4076"C:\Users\admin\AppData\Local\Temp\NXiSAS.exe" C:\Users\admin\AppData\Local\Temp\NXiSAS.exe
explorer.exe
User:
admin
Company:
Coocon Corp.
Integrity Level:
HIGH
Description:
https://www.coocon.net
Exit code:
0
Version:
2024.3.29.0
Modules
Images
c:\users\admin\appdata\local\temp\nxisas.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
7 705
Read events
7 680
Write events
22
Delete events
3

Modification events

(PID) Process:(4076) NXiSAS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NXISAS
Operation:writeName:DisplayName
Value:
NXISAS 2024.3.29.0
(PID) Process:(4076) NXiSAS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NXISAS
Operation:writeName:UninstallString
Value:
C:\Program Files\Coocon\NXiSAS\uninst.exe
(PID) Process:(4076) NXiSAS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NXISAS
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Coocon\NXiSAS\iSASNXWS.exe
(PID) Process:(4076) NXiSAS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NXISAS
Operation:writeName:DisplayVersion
Value:
2024.3.29.0
(PID) Process:(4076) NXiSAS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NXISAS
Operation:writeName:Publisher
Value:
Coocon Corp.
(PID) Process:(2116) iSASNXHTTPS.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2116) iSASNXHTTPS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(2116) iSASNXHTTPS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2116) iSASNXHTTPS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(2116) iSASNXHTTPS.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
Executable files
28
Suspicious files
6
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4076NXiSAS.exeC:\Users\admin\AppData\Local\Temp\nsj4191.tmp\LangDLL.dllexecutable
MD5:014A3BE4A7C1CCB217916DBF4F222BD1
SHA256:09ACFC5EE34A1DFA1AF3A9D34F00C3B1327B56641FEEBD536E13752349C08AC8
4076NXiSAS.exeC:\Users\admin\AppData\Local\Temp\nsj4191.tmp\SimpleSC.dllexecutable
MD5:7B89329C6D8693FB2F6A4330100490A0
SHA256:1620CDF739F459D1D83411F93648F29DCF947A910CC761E85AC79A69639D127D
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\iSASHSM.dllexecutable
MD5:8EF7472ED6B0AAA5B8EF7CDCA4D771C9
SHA256:492C140EDB12AB84C2FBF0B237A7F3BDB5DD6751C1F383447A2E121BA003B300
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\ssleay32.dllexecutable
MD5:4E878F285836AF91B97274B5FBE68ED8
SHA256:4739B017099E7D36D91551E2BD4107E452756EE20F602FBB1C44E77BD3F87089
4076NXiSAS.exeC:\Users\admin\AppData\Local\Temp\nsj4191.tmp\nsProcess.dllexecutable
MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
SHA256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\iSASNXHTTPS.exeexecutable
MD5:D4B16484524B8F9F8D82BC08B468EC5E
SHA256:7584E7C967A85384DED45DC32A0ACFC1F6873ECC30BC4ED1F936F5BEDBB57852
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\iSASNXWS.exeexecutable
MD5:1E1EA38B52978D06C0E99AB971AE5EBE
SHA256:6096C70DE6E7758F6E4CFE565408BB792A22E746E53FC4E91177BE9A700937C8
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\iSASWebLauncher.exeexecutable
MD5:C21A2D69574FDCF5C0585D76364EAC24
SHA256:051AC786C7A0B87F48C776AD25E45F02B5981B626270DB43AC8D92AE3BC9536E
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\RIUS64.dllexecutable
MD5:30AC8D345A0ACD6F3E8D426C0780BD33
SHA256:8F0A0177E614074A41DE95698B5A86B5B7CC9E7D616BEF365A359A547F7585D1
4076NXiSAS.exeC:\Program Files\Coocon\NXiSAS\libeay32.dllexecutable
MD5:2B0482A078A1B50713DEE8D5BF49EEDB
SHA256:27FCE00F66FC06B8E1BEB7780A0A1D787CEB7D44889CFD314FD5CC85BDFC697E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
8
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2108
iSASWebLauncher.exe
GET
200
220.73.162.237:80
http://ibase.cybercfo.co.kr/isas/update/module/iSASNXHTTPS.ini
unknown
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA9HeLqVGlwrvbOQ88kITbQ%3D
unknown
unknown
2116
iSASNXHTTPS.exe
GET
200
220.73.162.237:80
http://ibase.cybercfo.co.kr/isas/update/module/NXiSSL.iBz
unknown
unknown
2116
iSASNXHTTPS.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7744cd105b3a9c8c
unknown
unknown
2116
iSASNXHTTPS.exe
GET
200
220.73.162.237:80
http://ibase.cybercfo.co.kr/isas/update/module/NXiSSL.ini
unknown
unknown
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
2108
iSASWebLauncher.exe
220.73.162.237:80
ibase.cybercfo.co.kr
Korea Telecom
KR
unknown
2116
iSASNXHTTPS.exe
220.73.162.237:80
ibase.cybercfo.co.kr
Korea Telecom
KR
unknown
2116
iSASNXHTTPS.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2116
iSASNXHTTPS.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ibase.cybercfo.co.kr
  • 220.73.162.237
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NXiSAS.exe