File name:

7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe

Full analysis: https://app.any.run/tasks/58020d00-68a0-4951-936f-c289ee22818f
Verdict: Malicious activity
Analysis date: December 14, 2024, 11:51:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

239C5F964B458A0A935A4B42D74BCBDA

SHA1:

7A037D3BD8817ADF6E58734B08E807A84083F0CE

SHA256:

7809AB9C004FBD18F185C7B54554440D7B31F201980AEE6E0C62A97C0E4A984C

SSDEEP:

98304:0yajfotkOzKlcDgKGjKF+f14/ndvOva0b:99gd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Reads the date of Windows installation

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)

    • Executing commands from a ".bat" file

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Starts CMD.EXE for commands execution

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 2192)

  • INFO

    • Reads the computer name

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Create files in a temporary directory

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Reads Environment values

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Checks supported languages

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • chcp.com (PID: 3208)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • chcp.com (PID: 372)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • chcp.com (PID: 2136)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • chcp.com (PID: 3984)
      • chcp.com (PID: 536)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • chcp.com (PID: 4840)
      • chcp.com (PID: 5036)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • chcp.com (PID: 4512)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • chcp.com (PID: 4668)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • chcp.com (PID: 244)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • chcp.com (PID: 5244)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • chcp.com (PID: 2512)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • chcp.com (PID: 3744)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
      • chcp.com (PID: 4308)
      • chcp.com (PID: 2972)

    • Reads the machine GUID from the registry

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Process checks computer location settings

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)

    • Changes the display of characters in the console

      • cmd.exe (PID: 3692)
      • cmd.exe (PID: 1468)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 5448)
      • cmd.exe (PID: 5316)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 4308)
      • cmd.exe (PID: 1448)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 4872)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 1224)
      • cmd.exe (PID: 556)

    • The process uses the downloaded file

      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5560)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5200)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3816)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1296)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3808)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4932)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5564)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 5540)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3688)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3612)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1172)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 3436)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4336)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 4052)
      • 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe (PID: 1140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

AssemblyVersion: 0.0.0.1
ProductVersion: 0.0.0.1
ProductName: Windows Security Service
OriginalFileName: Windows Security Service
LegalTrademarks: Windows Security Service
LegalCopyright: Windows Security Service
InternalName: Windows Security Service
FileVersion: 0.0.0.1
FileDescription: Windows Security Service
CompanyName: Windows Security Service
Comments: -
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 0.0.0.1
FileVersionNumber: 0.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 4
ImageVersion: -
OSVersion: 4
EntryPoint: 0x31e56e
UninitializedDataSize: -
InitializedDataSize: 3584
CodeSize: 3261952
LinkerVersion: 8
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2023:06:28 12:02:39+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
192
Monitored processes
76
Malicious processes
22
Suspicious processes
5

Behavior graph

Click at the process to see the details
start 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs svchost.exe 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe cmd.exe no specs conhost.exe no specs chcp.com no specs ping.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
5560"C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe" C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
explorer.exe
User:
admin
Company:
Windows Security Service
Integrity Level:
MEDIUM
Description:
Windows Security Service
Exit code:
0
Version:
0.0.0.1
Modules
Images
c:\users\admin\desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3692C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\eNLPD8QMxnjf.bat" "C:\Windows\System32\cmd.exe7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
3288\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3208chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2600ping -n 10 localhost C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
5200"C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe" C:\Users\admin\Desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
cmd.exe
User:
admin
Company:
Windows Security Service
Integrity Level:
MEDIUM
Description:
Windows Security Service
Exit code:
0
Version:
0.0.0.1
Modules
Images
c:\users\admin\desktop\7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1468C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\7d6XKyr7frWN.bat" "C:\Windows\System32\cmd.exe7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
2160\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
372chcp 65001C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
Total events
16 138
Read events
16 123
Write events
15
Delete events
0

Modification events

(PID) Process:(5560) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5200) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3816) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(1296) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3808) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(4932) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5564) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(5540) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3688) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
(PID) Process:(3612) 7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Windows Security Service
Value:
"C:\Users\admin\AppData\Roaming\SubDir\Client.exe"
Executable files
0
Suspicious files
0
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
49327809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\R14c3OwZ26jN.battext
MD5:9FFD2AD1E385646D2C8F54BD12015D9B
SHA256:0A68FFF6A1D8ACCF5BB8AD1B930C053489A464DF2528A996B56CD4802BA1524B
12967809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\rKdGF8IntLy5.battext
MD5:4EF8F54428090E45BFDD22B5A8DC8D40
SHA256:DF127776039B1715F781D15F6F98FBFCA1B5D499BB352DEAB9DE4D31D8B0819F
55607809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\eNLPD8QMxnjf.battext
MD5:A98A9E75D33F1C59EB10D8755A6C1213
SHA256:11486E0CAA1A74B48F4AACB2306B07A71B14475DED0626A57A8DB02F7E3A31B3
52007809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\7d6XKyr7frWN.battext
MD5:8ABA75EE3B79E8F832D4331C85F31998
SHA256:F1D160C02E37506608AE4367C00EE17BA8590FB51DE33E8A6E5FE14315866AEA
34367809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\aTqdnVBSOnzE.battext
MD5:38859C9EF714F475A4B3D67D8B66C769
SHA256:67F1628449412C07A59760C6D402077B75C2694D85F0692AA6AA876D9DB86FA3
55407809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\DVTFD9zFnTM8.battext
MD5:FDCA25FE11756B8D79AB086AC3ADFDAD
SHA256:494706062CA26FD8C296727FD32ACF77D5EDDC01245D5C93CD6F15083BFF14C3
38167809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\FraRRo4VWMYT.battext
MD5:8E62C2EF6F817C99EF06067FF22E5047
SHA256:0E72E8B40E2000405BB1ADB133CD5C221662BC6E22C0396016FAB09839FF151C
36887809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\tIsZQmXp6o95.battext
MD5:CA7BFE9496CD3088D4DA883CEA0B5E2E
SHA256:8ADD264E32EB2D5CA60338F2BC513D0CC6822F26954FA98D061B2F71200B8443
11407809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\hdbIVv1BB7to.battext
MD5:47F3D644A05B507D378564DC0A0989B1
SHA256:562FBDB4E0C8F31D1DF184F723644C7AC061F83EFFB7E466ACF94E53631FB636
40527809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exeC:\Users\admin\AppData\Local\Temp\XQX8hE50WToN.battext
MD5:554E0418082A7134DA09C1634EC1666A
SHA256:02707AE358F86CE6510CE3E16FCBE32D9D7101A532CC45FEF349E2345DC6AF7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
19
DNS requests
22
Threats
30

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.32.238.112:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4300
svchost.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4300
svchost.exe
GET
200
23.32.238.112:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.38.73.129:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
4300
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.19.80.89:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
4300
svchost.exe
23.32.238.112:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.32.238.112:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4300
svchost.exe
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.38.73.129:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
www.bing.com
  • 2.19.80.89
  • 2.19.80.27
  • 2.19.80.56
whitelisted
google.com
  • 172.217.23.110
whitelisted
crl.microsoft.com
  • 23.32.238.112
  • 23.32.238.107
whitelisted
www.microsoft.com
  • 23.38.73.129
whitelisted
VIPEEK1990-25013.portmap.host
malicious
self.events.data.microsoft.com
  • 20.42.65.89
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
Potential Corporate Privacy Violation
ET POLICY DNS Query to a Reverse Proxy Service Observed
Misc activity
ET INFO DNS Query for Port Mapping/Tunneling Service Domain (.portmap .host)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
7809ab9c004fbd18f185c7b54554440d7b31f201980aee6e0c62a97c0e4a984c.exe