File name:

CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe

Full analysis: https://app.any.run/tasks/7412b35c-2290-4e1c-9454-7989d718d53a
Verdict: Malicious activity
Analysis date: April 04, 2024, 18:43:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

6F4547B4F8133768A0AB25A68C813E77

SHA1:

D877A5E5A5535272AFD3C2F6CFFBE17640429609

SHA256:

76EB202284796D258BED9057921F5B72CB5A1B30FB0671F4B5AF402E9D713053

SSDEEP:

24576:qfyq93DySYvloLdZD6wzGfXey9jKNW/J1a9oE5BVFTUoHPvDpzxGVCsvCaY+AA/5:6LdZOwzGXJq5B3TmVVo+AA/mmLdr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Reads the Internet Settings

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Creates a software uninstall entry

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

  • INFO

    • Checks supported languages

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Reads the computer name

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Creates files in the program directory

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)

    • Create files in a temporary directory

      • CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe (PID: 4044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (93.4)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.scr | Windows screen saver (1.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:52+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start camelcrusher-win-x64-camelcrusher.com-1-0-1.exe camelcrusher-win-x64-camelcrusher.com-1-0-1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3500"C:\Users\admin\AppData\Local\Temp\CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe" C:\Users\admin\AppData\Local\Temp\CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\camelcrusher-win-x64-camelcrusher.com-1-0-1.exe
c:\windows\system32\ntdll.dll
4044"C:\Users\admin\AppData\Local\Temp\CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe" C:\Users\admin\AppData\Local\Temp\CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\camelcrusher-win-x64-camelcrusher.com-1-0-1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 617
Read events
2 604
Write events
13
Delete events
0

Modification events

(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Camel Audio\CamelCrusher64
Operation:writeName:PluginInstallDir
Value:
C:\Program Files\VSTPlugins
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Camel Audio\CamelCrusher64
Operation:writeName:Version
Value:
1.01.0
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Camel Audio\CamelCrusher64
Operation:writeName:StartMenuGroup
Value:
Camel Audio\CamelCrusher
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:DisplayName
Value:
Camel Audio CamelCrusher64
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:DisplayVersion
Value:
1.01.0
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:Publisher
Value:
Camel Audio
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:URLInfoAbout
Value:
http://www.camelaudio.com
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Camel Audio\CamelCrusher\CamelCrusherUninstall64.exe
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:UninstallString
Value:
C:\Program Files\Camel Audio\CamelCrusher\CamelCrusherUninstall64.exe
(PID) Process:(4044) CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64
Operation:writeName:NoModify
Value:
1
Executable files
7
Suspicious files
7
Text files
13
Unknown types
1

Dropped files

PID
Process
Filename
Type
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Users\admin\AppData\Local\Temp\nst223A.tmp\NSISpcre.dllexecutable
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Users\admin\AppData\Local\Temp\nst223A.tmp\modern-wizard.bmpimage
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Users\admin\AppData\Local\Temp\nst223A.tmp\nsDialogs.dllexecutable
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Users\admin\AppData\Local\Temp\nst223A.tmp\System.dllexecutable
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Users\admin\AppData\Local\Temp\nst223A.tmp\StartMenu.dllexecutable
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\Program Files\VSTPlugins\CamelCrusher.dllexecutable
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\ProgramData\Camel Audio\CamelCrusherData\CamelCrusherManual.pdfpdf
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\ProgramData\Camel Audio\CamelCrusherData\CamelCrusherPresetsA.fxbbinary
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\ProgramData\Camel Audio\CamelCrusherData\MidiConfig.txttext
MD5:
SHA256:
4044CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exeC:\ProgramData\Camel Audio\CamelCrusherData\Skins\default\Background.pngimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CamelCrusher-Win-x64-CamelCrusher.Com-1-0-1.exe