File name:

T6UV Series EN CPS setup.exe

Full analysis: https://app.any.run/tasks/f53cbaca-bb30-4d66-877b-dfbd3da0c92b
Verdict: Malicious activity
Analysis date: March 12, 2024, 09:52:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6877468AE3FD6F737A19753104D1801B

SHA1:

E558129916FE775E81F6ADBF2DAA6EFD0B877049

SHA256:

5EC618E8685CDC96BE90FBF3551EE402D7A89796C37F16819405B7F835B65905

SSDEEP:

98304:9zqGPqjIJfmXHH5fXpAz2ovQ1Bw9gfIGBvziDCED0mJVKJPjMrFPQ0TkZ96Clomk:hjO7Jry

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • T6UV Series EN CPS setup.exe (PID: 3700)
      • T6UV Series EN CPS setup.exe (PID: 2840)
      • T6UV Series EN CPS setup.tmp (PID: 3944)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • T6UV Series EN CPS setup.exe (PID: 2840)
      • T6UV Series EN CPS setup.exe (PID: 3700)
      • T6UV Series EN CPS setup.tmp (PID: 3944)

    • Reads the Windows owner or organization settings

      • T6UV Series EN CPS setup.tmp (PID: 3944)

  • INFO

    • Checks supported languages

      • T6UV Series EN CPS setup.exe (PID: 3700)
      • T6UV Series EN CPS setup.tmp (PID: 2160)
      • T6UV Series EN CPS setup.exe (PID: 2840)
      • T6UV Series EN CPS setup.tmp (PID: 3944)

    • Reads the computer name

      • T6UV Series EN CPS setup.tmp (PID: 2160)
      • T6UV Series EN CPS setup.tmp (PID: 3944)

    • Create files in a temporary directory

      • T6UV Series EN CPS setup.exe (PID: 2840)
      • T6UV Series EN CPS setup.exe (PID: 3700)

    • Creates files in the program directory

      • T6UV Series EN CPS setup.tmp (PID: 3944)

    • Creates a software uninstall entry

      • T6UV Series EN CPS setup.tmp (PID: 3944)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41984
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaad0
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: My Company, Inc.
FileDescription: T6UV Series EN CPS Setup
FileVersion:
LegalCopyright:
ProductName: T6UV Series EN CPS
ProductVersion: 1.1.8
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start t6uv series en cps setup.exe t6uv series en cps setup.tmp no specs t6uv series en cps setup.exe t6uv series en cps setup.tmp

Process information

PID
CMD
Path
Indicators
Parent process
2160"C:\Users\admin\AppData\Local\Temp\is-8FOHP.tmp\T6UV Series EN CPS setup.tmp" /SL5="$E0170,1541313,58368,C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe" C:\Users\admin\AppData\Local\Temp\is-8FOHP.tmp\T6UV Series EN CPS setup.tmpT6UV Series EN CPS setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8fohp.tmp\t6uv series en cps setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2840"C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe" /SPAWNWND=$1A01BC /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe
T6UV Series EN CPS setup.tmp
User:
admin
Company:
My Company, Inc.
Integrity Level:
HIGH
Description:
T6UV Series EN CPS Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\t6uv series en cps setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3700"C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe" C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe
explorer.exe
User:
admin
Company:
My Company, Inc.
Integrity Level:
MEDIUM
Description:
T6UV Series EN CPS Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\t6uv series en cps setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3944"C:\Users\admin\AppData\Local\Temp\is-2PD8D.tmp\T6UV Series EN CPS setup.tmp" /SL5="$18013E,1541313,58368,C:\Users\admin\AppData\Local\Temp\T6UV Series EN CPS setup.exe" /SPAWNWND=$1A01BC /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-2PD8D.tmp\T6UV Series EN CPS setup.tmp
T6UV Series EN CPS setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-2pd8d.tmp\t6uv series en cps setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
Total events
3 413
Read events
3 384
Write events
29
Delete events
0

Modification events

(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
680F00000AC62CFA6274DA01
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
81263225D17DB3C4BCA64A9D419B88CC2B8CA42611030634B89E3858AF42A90F
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\T6UV Series EN CPS\T6UV Series EN CPS.exe
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
27A17B22B794434ECEB5B465CCC86BA274F2AC7E9ECE40401A012C99391E4A0E
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB50FC8A-3387-49BE-B7C9-7993E7284C66}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (a)
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB50FC8A-3387-49BE-B7C9-7993E7284C66}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\T6UV Series EN CPS
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB50FC8A-3387-49BE-B7C9-7993E7284C66}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\T6UV Series EN CPS\
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB50FC8A-3387-49BE-B7C9-7993E7284C66}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
T6UV Series EN CPS
(PID) Process:(3944) T6UV Series EN CPS setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB50FC8A-3387-49BE-B7C9-7993E7284C66}_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
10
Suspicious files
3
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\is-2N3DV.tmpexecutable
MD5:97CBFEC13666D2C17A8BA3112712C844
SHA256:D1B0B74AAA103C795F6A0C685BB90E3FB6131F9F137F60CCE7C533D5A3015157
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\is-34CN0.tmpexecutable
MD5:802791FDBABD58D3B59FBE4A24C91C42
SHA256:88236DB4452230C512526AB1B7D5C2DE438295CD0A6B6BAAA2AE0AFB0C72ED59
3944T6UV Series EN CPS setup.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\T6UV Series EN CPS\T6UV Series EN CPS.lnkbinary
MD5:3A85FA2F9B4E4CA4E1DCB78122035423
SHA256:449B067CCB2469B623D30C4187381172BA0557931C5C7476F704356511D3D913
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\unins000.datbinary
MD5:52E5EC7A7D856610F7528078F3B63F19
SHA256:C264649E98A21A7021DA3DB936C463837CC35A76146BE641D266D8372CD8D39B
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\is-AB650.tmpexecutable
MD5:58D4CA6492C206804922F894BF44B0B1
SHA256:5FB0880F45602A56A55DFBA6E9A20A7972AC9F75E4286FD8F406372E0343AE1D
3944T6UV Series EN CPS setup.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\T6UV Series EN CPS\Uninstall T6UV Series EN CPS.lnkbinary
MD5:C98467CC509573ADCEB9DE8D580A604A
SHA256:CAA02A37D8FA9A0D8695ED6AA8CFEB828C15604A288028A707A41E392DE86E3E
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\T6UV Series EN CPS.exeexecutable
MD5:58D4CA6492C206804922F894BF44B0B1
SHA256:5FB0880F45602A56A55DFBA6E9A20A7972AC9F75E4286FD8F406372E0343AE1D
3700T6UV Series EN CPS setup.exeC:\Users\admin\AppData\Local\Temp\is-8FOHP.tmp\T6UV Series EN CPS setup.tmpexecutable
MD5:1AFBD25DB5C9A90FE05309F7C4FBCF09
SHA256:3BB0EE5569FE5453C6B3FA25AA517B925D4F8D1F7BA3475E58FA09C46290658C
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\unins000.exeexecutable
MD5:CD983F0B33227D008BE4124DE8B92FD2
SHA256:7904632680724542DF22D6901986DDBE2BA7D3C999E67F3ED7B496CE8575BFDC
3944T6UV Series EN CPS setup.tmpC:\Program Files\T6UV Series EN CPS\is-RSDM8.tmpexecutable
MD5:CD983F0B33227D008BE4124DE8B92FD2
SHA256:7904632680724542DF22D6901986DDBE2BA7D3C999E67F3ED7B496CE8575BFDC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
T6UV Series EN CPS setup.exe