File name:

Business-in-a-Box_Setup.exe

Full analysis: https://app.any.run/tasks/751404bd-3f47-4f1a-8ac0-5c9a12a72301
Verdict: Malicious activity
Analysis date: June 11, 2024, 15:37:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

229F858C0C0D73F3D1067052D1C5780F

SHA1:

A05A3F22176AF9D87457CA40757C09FA779E9D5C

SHA256:

719EF4C81DC4EA2697764F9D4786A9D68ABF8017DB1FF68BF85AD88D6CDE6497

SSDEEP:

24576:TbGrwjx7nF+Jfa28s6MUasRDkHWDhV3pMmm+sD4vWoqcMHJ8ax/WNCYPMW02WDxg:TbGrwjx7nF+Jfa2l6MUasRoHWDhV3pME

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Actions looks like stealing of personal data

      • Business-in-a-Box_Setup.exe (PID: 2104)

  • SUSPICIOUS

    • Reads browser cookies

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Reads security settings of Internet Explorer

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Reads the Internet Settings

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Executable content was dropped or overwritten

      • Business-in-a-Box_Setup.exe (PID: 2104)

  • INFO

    • Creates files or folders in the user directory

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Checks supported languages

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Reads the computer name

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Checks proxy server information

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Reads the machine GUID from the registry

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Create files in a temporary directory

      • Business-in-a-Box_Setup.exe (PID: 2104)

    • Creates files in the program directory

      • Business-in-a-Box_Setup.exe (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (28.6)
.exe | UPX compressed Win32 Executable (28)
.exe | Win32 EXE Yoda's Crypter (27.5)
.dll | Win32 Dynamic Link Library (generic) (6.8)
.exe | Win32 Executable (generic) (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:14 18:32:23+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 720896
InitializedDataSize: 20480
UninitializedDataSize: 802816
EntryPoint: 0x173e90
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 6.3.1.0
ProductVersionNumber: 6.3.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Biztree Inc.
FileDescription: Business-in-a-Box Installation Wizard
FileVersion: 6.3.1
InternalName: Business-in-a-Box_Setup.exe
LegalCopyright: (c) 2001-2019, Biztree Inc. All rights reserved.
OriginalFileName: Business-in-a-Box_Setup.exe
ProductName: Business-in-a-Box
ProductVersion: 6.3.1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start business-in-a-box_setup.exe business-in-a-box_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2104"C:\Users\admin\Desktop\Business-in-a-Box_Setup.exe" C:\Users\admin\Desktop\Business-in-a-Box_Setup.exe
explorer.exe
User:
admin
Company:
Biztree Inc.
Integrity Level:
HIGH
Description:
Business-in-a-Box Installation Wizard
Version:
6.3.1
Modules
Images
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
3968"C:\Users\admin\Desktop\Business-in-a-Box_Setup.exe" C:\Users\admin\Desktop\Business-in-a-Box_Setup.exeexplorer.exe
User:
admin
Company:
Biztree Inc.
Integrity Level:
MEDIUM
Description:
Business-in-a-Box Installation Wizard
Exit code:
3221226540
Version:
6.3.1
Modules
Images
c:\users\admin\desktop\business-in-a-box_setup.exe
c:\windows\system32\ntdll.dll
Total events
670
Read events
644
Write events
20
Delete events
6

Modification events

(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2104) Business-in-a-Box_Setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
1
Suspicious files
2
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2104Business-in-a-Box_Setup.exeC:\Program Files\Business-in-a-Box 2019\BIBMain.upd
MD5:
SHA256:
2104Business-in-a-Box_Setup.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2104Business-in-a-Box_Setup.exeC:\Program Files\Business-in-a-Box 2019\unrar.dllexecutable
MD5:98AA3D4A9AE300A839F36381A1790741
SHA256:1EBF9D3625896A0A9133CE8E4E7EF2D2C217204DF9CE178DBE69D009FDDBA2E2
2104Business-in-a-Box_Setup.exeC:\Users\admin\AppData\Local\Temp\BTD5594.tmptext
MD5:0B8EE649332698151171B34CA6C38DB4
SHA256:1C3E2F1A6CE495819704FE357C496EDD3AE1EF16049848C650A79C0A678BEFA9
2104Business-in-a-Box_Setup.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
2104Business-in-a-Box_Setup.exeC:\Program Files\Business-in-a-Box 2019\btdact.bl1xml
MD5:753433966268F9A0B88BC3FB6CB7E8D9
SHA256:5B70CD83E889D96F6147EA2E108D8CC69A6C596983433B8463C87611AB73A22F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
11
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
Business-in-a-Box_Setup.exe
GET
302
72.32.212.125:80
http://www.biztree.com/dist/downloadurls/BIB7_win32.txt
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.245.175.125:80
http://cdn.biztree.com/dist/biztree.bl1
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
200
3.164.163.32:80
http://software.biztree.com/dist/downloadurls/BIB7_win32.txt
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.244.28.27:80
http://download.biztree.com/beta/BIB7-042/BIBMain.upd
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.244.28.27:80
http://download.biztree.com/dist/2015/Libraries/V700/BTDocEN.upd
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.245.175.125:80
http://cdn.biztree.com/dist/biztree.bl1
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
200
18.245.175.125:80
http://cdn.biztree.com/dist/biztree.bl1
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.244.28.27:80
http://download.biztree.com/beta/BIB7-042/BIBMain.upd
unknown
unknown
2104
Business-in-a-Box_Setup.exe
GET
18.244.28.27:80
http://download.biztree.com/beta/BIB7-042/BIBMain.upd
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
Business-in-a-Box_Setup.exe
72.32.212.125:80
www.biztree.com
RMH-14
US
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2104
Business-in-a-Box_Setup.exe
3.164.163.32:80
software.biztree.com
US
unknown
2104
Business-in-a-Box_Setup.exe
18.245.175.125:80
cdn.biztree.com
US
unknown
2104
Business-in-a-Box_Setup.exe
18.244.28.27:80
download.biztree.com
US
unknown

DNS requests

Domain
IP
Reputation
www.biztree.com
  • 72.32.212.125
whitelisted
software.biztree.com
  • 3.164.163.32
whitelisted
cdn.biztree.com
  • 18.245.175.125
whitelisted
download.biztree.com
  • 18.244.28.27
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Business-in-a-Box_Setup.exe