File name:

LuaMani.Updater.V2.4.exe

Full analysis: https://app.any.run/tasks/128c1187-7f3a-49e4-8fc8-a574ec528e36
Verdict: Malicious activity
Analysis date: November 02, 2025, 17:40:33
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
nuitka
python
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

40752F2A055A4E85F0681E75191095D1

SHA1:

93BB5BD802E91A404B8E93DEC061F66C0035F37E

SHA256:

7B6862A926537656084F882AD08D4A97BBAF74347F5EBFF847235C3834817D6D

SSDEEP:

196608:XWS8nWz4Nnca52m31If2IqhpFezUzh5aeZhemiYzNldZVf4:diWynN5Of2I4Jz2Meu3TA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Process drops python dynamic module

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • NUITKA compiler has been detected

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • The process drops C-runtime libraries

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Executable content was dropped or overwritten

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Application launched itself

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Loads Python modules

      • LuaMani.Updater.V2.4.exe (PID: 8108)

    • There is functionality for taking screenshot (YARA)

      • LuaMani.Updater.V2.4.exe (PID: 8108)

  • INFO

    • Checks supported languages

      • LuaMani.Updater.V2.4.exe (PID: 7484)
      • LuaMani.Updater.V2.4.exe (PID: 8108)

    • The sample compiled with english language support

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Create files in a temporary directory

      • LuaMani.Updater.V2.4.exe (PID: 7484)

    • Reads the computer name

      • LuaMani.Updater.V2.4.exe (PID: 8108)

    • Application based on Rust

      • LuaMani.Updater.V2.4.exe (PID: 8108)

    • Checks proxy server information

      • slui.exe (PID: 8184)

    • Reads the software policy settings

      • slui.exe (PID: 8184)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:10:28 21:28:26+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 146432
InitializedDataSize: 17505792
UninitializedDataSize: -
EntryPoint: 0xc894
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start luamani.updater.v2.4.exe luamani.updater.v2.4.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
7484"C:\Users\admin\Desktop\LuaMani.Updater.V2.4.exe" C:\Users\admin\Desktop\LuaMani.Updater.V2.4.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\luamani.updater.v2.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
8108C:\Users\admin\Desktop\LuaMani.Updater.V2.4.exeC:\Users\admin\Desktop\LuaMani.Updater.V2.4.exeLuaMani.Updater.V2.4.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\luamani.updater.v2.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
8184C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
3 820
Read events
3 820
Write events
0
Delete events
0

Modification events

No data
Executable files
38
Suspicious files
10
Text files
934
Unknown types
0

Dropped files

PID
Process
Filename
Type
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_brotli.pydexecutable
MD5:5ED46A7126DBDB70F3C60530E35BA035
SHA256:67DFA82DCAED04ED3F358D84B18D1375D59126161DE92E00164D36087B179D4D
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_elementtree.pydexecutable
MD5:6D422B0996D3C625B4BA5F1648541363
SHA256:58339737DD818A6D0BAC98403158677F2F7D54ADC7C673B9A8A18C8B19AB11F6
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_ctypes.pydexecutable
MD5:0AC143334E94105FACADDC5FB20FC691
SHA256:DFA65498C77E71F038883337D2B5FFD92508489E79E6EE5E96DDEC4ECF2A7FA1
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_ssl.pydexecutable
MD5:25DA0255096A1B094CCBA672A6B1D6DD
SHA256:FAF716D309349DBD54EFD7FB402BD42ED21A537614AC0DA89ED92BA307ECBF15
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_decimal.pydexecutable
MD5:702E1BF0FFAB5193217F6A028EF60BEE
SHA256:F55D81378A3261A7073FB71AEE674152265B6F24BA6F375F9B939D5A117D8E6B
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_wmi.pydexecutable
MD5:B21B5AC59BC63DA2F59FEAA70DE04F07
SHA256:3BE5E14E9A9DC49F099209DEE98B9CB5E31ADE3B0DEAB52277026BB14DF5BDB6
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_hashlib.pydexecutable
MD5:7573B8A4D0D7831380D7C12E7FBF0160
SHA256:1A3010B06C2FCD625DECE3DD0883CA060E98B94ADC062B06CB1A671CFC3B5CAF
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_cffi_backend.pydexecutable
MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
SHA256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\_socket.pydexecutable
MD5:C19DBEE6C084BA12B0A7BAA8EA3F8B50
SHA256:127A39D2198F17DD9B573904FE7E4040C7C8718753E6C4EDEE2FF6C35F487FAC
7484LuaMani.Updater.V2.4.exeC:\Users\admin\AppData\Local\Temp\onefile_7484_134065788461474281\libcrypto-3.dllexecutable
MD5:AE5B2E9A3410839B31938F24B6FC5CD8
SHA256:CCFFFDDCD3DEFB8D899026298AF9AF43BC186130F8483D77E97C93233D5F27D7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
46
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6416
svchost.exe
GET
200
23.216.77.5:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
unknown
POST
200
40.126.32.74:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
unknown
7952
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
unknown
whitelisted
5596
MoUsoCoreWorker.exe
GET
200
23.216.77.5:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
10.3 Kb
unknown
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
compressed
29.1 Kb
unknown
7952
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
unknown
whitelisted
7952
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
unknown
whitelisted
7952
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6416
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
5596
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5040
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6416
svchost.exe
23.216.77.5:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5596
MoUsoCoreWorker.exe
23.216.77.5:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5596
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
204
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6416
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.216.77.5
  • 23.216.77.13
  • 23.216.77.42
  • 23.216.77.6
  • 23.216.77.43
  • 23.216.77.16
  • 23.216.77.41
  • 23.216.77.15
  • 23.216.77.7
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.14
  • 20.190.160.2
  • 20.190.160.130
  • 40.126.32.133
  • 20.190.160.131
  • 20.190.160.22
  • 20.190.160.132
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
slscr.update.microsoft.com
  • 135.232.92.137
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
activation-v2.sls.microsoft.com
  • 4.154.209.85
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.21
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LuaMani.Updater.V2.4.exe