File name:

sims-4-updater-v1.3.4.exe

Full analysis: https://app.any.run/tasks/f423b92b-0b73-41d0-8c4f-a9f18fff2d13
Verdict: Malicious activity
Analysis date: September 07, 2024, 18:03:20
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
pyinstaller
python
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

D34CE38D2811B4014DC5576D7671A780

SHA1:

FB0948BDA56D6AB2D70E490A5CD9E77EA3F06D17

SHA256:

7D30BA7852E9047E93C2488CB0305AD71551692FF42A295225BC8EFBE7E8053C

SSDEEP:

98304:RsiYNXu8M+DHmOVWjtKxgJpNC0ErFqTGJbU8U0OBTfMXFSYAbYpB4RplQ94geo7d:H1YYCyPuI3pIwhqbr6TnYlF7KbI4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • sims-4-updater-v1.3.4.exe (PID: 5704)

    • Application launched itself

      • sims-4-updater-v1.3.4.exe (PID: 5704)

    • Executable content was dropped or overwritten

      • sims-4-updater-v1.3.4.exe (PID: 5704)

    • Process drops python dynamic module

      • sims-4-updater-v1.3.4.exe (PID: 5704)

    • The process drops C-runtime libraries

      • sims-4-updater-v1.3.4.exe (PID: 5704)

    • Loads Python modules

      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • Starts CMD.EXE for commands execution

      • sims-4-updater-v1.3.4.exe (PID: 2476)

  • INFO

    • Reads the computer name

      • sims-4-updater-v1.3.4.exe (PID: 5704)
      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • Checks supported languages

      • sims-4-updater-v1.3.4.exe (PID: 5704)
      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • PyInstaller has been detected (YARA)

      • sims-4-updater-v1.3.4.exe (PID: 5704)
      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • Create files in a temporary directory

      • sims-4-updater-v1.3.4.exe (PID: 5704)
      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • Reads the machine GUID from the registry

      • sims-4-updater-v1.3.4.exe (PID: 2476)

    • Checks proxy server information

      • sims-4-updater-v1.3.4.exe (PID: 2476)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (57.6)
.exe | Win64 Executable (generic) (36.9)
.exe | Generic Win/DOS Executable (2.6)
.exe | DOS Executable Generic (2.6)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:07:09 00:12:23+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.32
CodeSize: 165888
InitializedDataSize: 137728
UninitializedDataSize: -
EntryPoint: 0xafb0
OSVersion: 5.2
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
124
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT sims-4-updater-v1.3.4.exe THREAT sims-4-updater-v1.3.4.exe cmd.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2476"C:\Users\admin\Desktop\sims-4-updater-v1.3.4.exe" C:\Users\admin\Desktop\sims-4-updater-v1.3.4.exe
sims-4-updater-v1.3.4.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\sims-4-updater-v1.3.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
5704"C:\Users\admin\Desktop\sims-4-updater-v1.3.4.exe" C:\Users\admin\Desktop\sims-4-updater-v1.3.4.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\sims-4-updater-v1.3.4.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6368C:\WINDOWS\system32\cmd.exe /c "updater_readme.txt"C:\Windows\System32\cmd.exesims-4-updater-v1.3.4.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
361
Read events
361
Write events
0
Delete events
0

Modification events

No data
Executable files
76
Suspicious files
4
Text files
926
Unknown types
0

Dropped files

PID
Process
Filename
Type
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_bz2.pydexecutable
MD5:86D1B2A9070CD7D52124126A357FF067
SHA256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_tkinter.pydexecutable
MD5:8DA8E5348D9F9572CE9216AC8A628C2B
SHA256:06B96357F5DD83D0D8105127E7AAEACB834DDF1AE03FA46AAFFDC1E5FD0A7621
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_decimal.pydexecutable
MD5:20C77203DDF9FF2FF96D6D11DEA2EDCF
SHA256:9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\VCRUNTIME140.dllexecutable
MD5:F34EB034AA4A9735218686590CBA2E8B
SHA256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_win32sysloader.pydexecutable
MD5:F9C9445BE13026F8DB777E2BBC26651D
SHA256:C953DB1F67BBD92114531FF44EE4D76492FDD3CF608DA57D5C04E4FE4FDD1B96
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_lzma.pydexecutable
MD5:7447EFD8D71E8A1929BE0FAC722B42DC
SHA256:60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_socket.pydexecutable
MD5:819166054FEC07EFCD1062F13C2147EE
SHA256:E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_ctypes.pydexecutable
MD5:1635A0C5A72DF5AE64072CBB0065AEBE
SHA256:1EA3DD3DF393FA9B27BF6595BE4AC859064CD8EF9908A12378A6021BBA1CB177
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_multiprocessing.pydexecutable
MD5:A9A0588711147E01EED59BE23C7944A9
SHA256:7581EDEA33C1DB0A49B8361E51E6291688601640E57D75909FB2007B2104FA4C
5704sims-4-updater-v1.3.4.exeC:\Users\admin\AppData\Local\Temp\_MEI57042\_uuid.pydexecutable
MD5:B68C98113C8E7E83AF56BA98FF3AC84A
SHA256:990586F2A2BA00D48B59BDD03D3C223B8E9FB7D7FAB6D414BAC2833EB1241CA2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
21
DNS requests
8
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6880
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6192
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6880
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6192
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6880
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6192
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
6880
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 216.58.212.174
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
gist.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
shared
rentry.co
  • 104.26.2.16
  • 172.67.75.40
  • 104.26.3.16
unknown
rentry.org
  • 164.132.58.105
unknown

Threats

PID
Process
Class
Message
2256
svchost.exe
Misc activity
ET INFO Pastebin Service Domain in DNS Lookup (rentry .co)
2476
sims-4-updater-v1.3.4.exe
Misc activity
ET INFO Observed Pastebin Service Domain (rentry .co in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sims-4-updater-v1.3.4.exe