File name:

nerest pc (старая).exe

Full analysis: https://app.any.run/tasks/6dfe61f2-49b8-413d-aa32-c914fd294b82
Verdict: Malicious activity
Threats:

Blank Grabber is an infostealer written in Python. It is designed to steal a wide array of data, such as browser login credentials, crypto wallets, Telegram sessions, and Discord tokens. It is an open-source malware, with its code available on GitHub and regularly receiving updates. Blank Grabber builder’s simple interface lets threat actors even with basic skills to deploy it and conduct attacks.

Malware Trends Tracker     >>>
Analysis date: October 26, 2024, 11:24:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
discord
blankgrabber
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

C1FB1BBE7D7092D9564ECB4574B0EBC0

SHA1:

26382179312B4F28D1DDEB2309D33598DBA7C9A7

SHA256:

66F411B1154CB7D7287B4A437541BBA84E1AF1133C21024C768823A8A6B3CE87

SSDEEP:

98304:f6Co+GmE/ZsG6TRAXfjE+DkVkFOBNdtLOSA2ibMlq0TYCZ2ukfqqQVH68DcDo0nZ:Wqxqek44a+bAdjRnbdUT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • nerest pc (старая).exe (PID: 5604)

    • Application launched itself

      • nerest pc (старая).exe (PID: 5604)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:10:19 21:43:56+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 172032
InitializedDataSize: 94208
UninitializedDataSize: -
EntryPoint: 0xcdb0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 10.0.26100.1150
ProductVersionNumber: 10.0.26100.1150
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Dism Image Servicing Utility
FileVersion: 10.0.26100.1150 (WinBuild.160101.0800)
InternalName: dism
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: DISM.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.26100.1150
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start nerest pc (старая).exe no specs nerest pc (старая).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5592"C:\Users\admin\AppData\Local\Temp\nerest pc (старая).exe" C:\Users\admin\AppData\Local\Temp\nerest pc (старая).exenerest pc (старая).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Dism Image Servicing Utility
Version:
10.0.26100.1150 (WinBuild.160101.0800)
5604"C:\Users\admin\AppData\Local\Temp\nerest pc (старая).exe" C:\Users\admin\AppData\Local\Temp\nerest pc (старая).exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Dism Image Servicing Utility
Version:
10.0.26100.1150 (WinBuild.160101.0800)
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
47
DNS requests
23
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
208.95.112.1:80
http://ip-api.com/json/?fields=225545
unknown
shared
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
104.126.37.153:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
192.168.100.255:138
whitelisted
142.250.185.131:443
gstatic.com
GOOGLE
US
whitelisted
23.213.166.81:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.128:443
www.bing.com
Akamai International B.V.
DE
whitelisted
104.126.37.130:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.bing.com
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.185
  • 104.126.37.171
  • 104.126.37.144
  • 104.126.37.179
  • 104.126.37.186
  • 104.126.37.130
  • 104.126.37.155
  • 104.126.37.128
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.139
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 172.217.16.206
whitelisted
gstatic.com
  • 142.250.185.131
whitelisted
login.live.com
  • 20.190.159.68
  • 40.126.31.73
  • 20.190.159.64
  • 20.190.159.4
  • 20.190.159.0
  • 20.190.159.75
  • 20.190.159.73
  • 20.190.159.2
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
th.bing.com
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.137
  • 104.126.37.139
  • 104.126.37.186
  • 104.126.37.179
  • 104.126.37.171
  • 104.126.37.131
  • 104.126.37.153
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 88.221.169.152
whitelisted

Threats

PID
Process
Class
Message
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
A Network Trojan was detected
STEALER [ANY.RUN] BlankGrabber (SkochGrabber) Generic External IP Check
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nerest pc (старая).exe