File name:

VulkanRT-1.1.108.0-Installer.exe

Full analysis: https://app.any.run/tasks/b37b2453-2864-4145-a444-16c35ae00693
Verdict: Malicious activity
Analysis date: May 30, 2024, 16:42:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

17A8ECD0DCC2602E3A33D7FAE316AF48

SHA1:

B8F232BBA1B58CA97A484DAFD5E9CA9E0460F895

SHA256:

69417ED67917F86325B71146DFEB5ACF113284DE1709656CDEE3F17161C0DFC8

SSDEEP:

49152:27PsNDf8FLZB7TSAJpoKSY9DSnYHeX80XYC4tY0zcgXtKGTineb/l0tkHie8:27Ps58FLZBvRphSY9un6ajXYRtYecQtm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Drops the executable file immediately after the start

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Executable content was dropped or overwritten

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

  • INFO

    • Creates files in the program directory

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Create files in a temporary directory

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Checks supported languages

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)

    • Reads the computer name

      • VulkanRT-1.1.108.0-Installer.exe (PID: 4088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:06:26 20:51:49+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 30208
InitializedDataSize: 316416
UninitializedDataSize: 8192
EntryPoint: 0x3920
OSVersion: 5.1
ImageVersion: 6
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.1.108.0
ProductVersionNumber: 1.1.108.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Vulkan Runtime Installer
FileVersion: 1.1.108.0
LegalCopyright: Copyright (c) 2015-2019 LunarG, Inc.
ProductName: Vulkan Runtime
ProductVersion: 1.1.108.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vulkanrt-1.1.108.0-installer.exe vulkanrt-1.1.108.0-installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3972"C:\Users\admin\AppData\Local\Temp\VulkanRT-1.1.108.0-Installer.exe" C:\Users\admin\AppData\Local\Temp\VulkanRT-1.1.108.0-Installer.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Vulkan Runtime Installer
Exit code:
3221226540
Version:
1.1.108.0
Modules
Images
c:\users\admin\appdata\local\temp\vulkanrt-1.1.108.0-installer.exe
c:\windows\system32\ntdll.dll
4088"C:\Users\admin\AppData\Local\Temp\VulkanRT-1.1.108.0-Installer.exe" C:\Users\admin\AppData\Local\Temp\VulkanRT-1.1.108.0-Installer.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Vulkan Runtime Installer
Exit code:
0
Version:
1.1.108.0
Modules
Images
c:\users\admin\appdata\local\temp\vulkanrt-1.1.108.0-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 325
Read events
2 325
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
4088VulkanRT-1.1.108.0-Installer.exeC:\Windows\System32\vulkaninfo.exeexecutable
MD5:7F4B736DCC95185631647E8989D68FB2
SHA256:87B95F54C924A259AED773AFC3F48534124565292DB083EC6C9A865A0F243119
4088VulkanRT-1.1.108.0-Installer.exeC:\Windows\System32\vulkan-1.dllexecutable
MD5:C09ADD6B74A8CD212E8D98716D718AE7
SHA256:371BF5ABD3F653072422CA76E086A96792FBE62D928B5C8717324C4C6F0BB3EC
4088VulkanRT-1.1.108.0-Installer.exeC:\Windows\System32\vulkaninfo-1-999-0-0-0.exeexecutable
MD5:7F4B736DCC95185631647E8989D68FB2
SHA256:87B95F54C924A259AED773AFC3F48534124565292DB083EC6C9A865A0F243119
4088VulkanRT-1.1.108.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nso4E13.tmp\System.dllexecutable
MD5:CDCC61D937631E58F367E85D57AD7A4F
SHA256:112F492850A4F9E601D0B390FF448B54758E7A9F6CDA96E2D69CF3D61F3C98C0
4088VulkanRT-1.1.108.0-Installer.exeC:\Windows\System32\vulkan-1-999-0-0-0.dllexecutable
MD5:C09ADD6B74A8CD212E8D98716D718AE7
SHA256:371BF5ABD3F653072422CA76E086A96792FBE62D928B5C8717324C4C6F0BB3EC
4088VulkanRT-1.1.108.0-Installer.exeC:\Users\admin\AppData\Local\Temp\V.bmpimage
MD5:2847FC29B1868269E7CFDD26AC2C5421
SHA256:7CC26EDB31BBA22743A85FC499BF5FF01937581B423B6A111E13B8E100217FF3
4088VulkanRT-1.1.108.0-Installer.exeC:\Users\admin\AppData\Local\Temp\nso4E13.tmp\AccessControl.dllexecutable
MD5:5B7B7F22F6F7078A5DDB42748E997B43
SHA256:8CBC8B044E5B0A894F4AA6A44DAD2A8550C1C5A7A6D79361E1A40F83E882F2D9
4088VulkanRT-1.1.108.0-Installer.exeC:\Program Files\VulkanRT\install.logtext
MD5:92E432A2489E426ECB613CA3E1ADC01E
SHA256:87EF94EA0AF7AA0A20DD95001BE71E1BB180CE3EAFDB5D8B09E56B6EDA1FA1F9
4088VulkanRT-1.1.108.0-Installer.exeC:\Program Files\VulkanRT\VulkanRT-License.txttext
MD5:35BEF536976A0C0830120E1580CDE1F7
SHA256:0EE04EC8A581D112D8D1D55B3EE3710B3EC7A373FCFDAB497F0252EA99D6164F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VulkanRT-1.1.108.0-Installer.exe