download:

/totalsecurity/360TS_Setup_Mini.exe

Full analysis: https://app.any.run/tasks/cfa54ac9-d8f8-4ff2-96ca-545cb98a9258
Verdict: Malicious activity
Analysis date: July 26, 2024, 06:44:20
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B3A265B11FBB00EAE9271766C1E92DE8

SHA1:

A02E7406514E3E876E4E93E5F7A812E9B2676F50

SHA256:

7DBA8B982696684F143D2C491A191D8DECBFCD81516A2D26C5FE40AEA627905C

SSDEEP:

49152:e81NYFmm7iGH1EusEurIuvJU8tWmbf8+hQAHPAkR0CGss/eg4gYoqBjd:9iF7OGVEDIuvN8mYFAvAkR0CGsV2qJd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 5832)
      • 360TS_Setup.exe (PID: 3588)

    • Scans artifacts that could help determine the target

      • 360TS_Setup_Mini.exe (PID: 2292)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 3588)

    • Executable content was dropped or overwritten

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 5832)
      • 360TS_Setup.exe (PID: 3588)

    • Potential Corporate Privacy Violation

      • 360TS_Setup_Mini.exe (PID: 2292)

    • Reads the date of Windows installation

      • 360TS_Setup_Mini.exe (PID: 2292)

    • Process requests binary or script from the Internet

      • 360TS_Setup_Mini.exe (PID: 2292)

    • Starts itself from another location

      • 360TS_Setup.exe (PID: 5832)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 3588)

    • Checks Windows Trust Settings

      • 360TS_Setup.exe (PID: 3588)

  • INFO

    • Checks supported languages

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 5832)
      • 360TS_Setup.exe (PID: 3588)

    • Create files in a temporary directory

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 5832)
      • 360TS_Setup.exe (PID: 3588)

    • Checks proxy server information

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 3588)
      • slui.exe (PID: 2668)

    • Reads the computer name

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 5832)
      • 360TS_Setup.exe (PID: 3588)

    • Disables trace logs

      • 360TS_Setup_Mini.exe (PID: 2292)

    • Process checks computer location settings

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 3588)

    • Creates files or folders in the user directory

      • 360TS_Setup_Mini.exe (PID: 2292)
      • 360TS_Setup.exe (PID: 3588)

    • Creates files in the program directory

      • 360TS_Setup.exe (PID: 5832)

    • Reads the machine GUID from the registry

      • 360TS_Setup.exe (PID: 3588)

    • Reads the software policy settings

      • 360TS_Setup.exe (PID: 3588)
      • slui.exe (PID: 2668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:07:17 08:25:27+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 423424
InitializedDataSize: 1051136
UninitializedDataSize: -
EntryPoint: 0x4d2f3
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 6.6.0.1075
ProductVersionNumber: 6.6.0.1075
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Qihoo 360 Technology Co. Ltd.
FileDescription: 360 Total Security Online Installer
FileVersion: 6, 6, 0, 1075
InternalName: 360Installer
LegalCopyright: (C) Qihoo 360 Technology Co. Ltd., All rights reserved.
OriginalFileName: 360Installer.exe
ProductName: 360 Total Security Online Installer
ProductVersion: 6, 6, 0, 1075
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
5
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start 360ts_setup_mini.exe slui.exe 360ts_setup.exe 360ts_setup.exe 360ts_setup_mini.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2292"C:\Users\admin\AppData\Local\Temp\360TS_Setup_Mini.exe" C:\Users\admin\AppData\Local\Temp\360TS_Setup_Mini.exe
explorer.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
HIGH
Description:
360 Total Security Online Installer
Exit code:
1
Version:
6, 6, 0, 1075
Modules
Images
c:\users\admin\appdata\local\temp\360ts_setup_mini.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
2668C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3588"C:\Program Files (x86)\1721976339_0\360TS_Setup.exe" /c:101 /pmode:2 /TSinstallC:\Program Files (x86)\1721976339_0\360TS_Setup.exe
360TS_Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1118
Modules
Images
c:\program files (x86)\1721976339_0\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\imm32.dll
5832"C:\Users\admin\AppData\Local\Temp\360TS_Setup.exe" /c:101 /pmode:2C:\Users\admin\AppData\Local\Temp\360TS_Setup.exe
360TS_Setup_Mini.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1118
Modules
Images
c:\users\admin\appdata\local\temp\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\imm32.dll
6176"C:\Users\admin\AppData\Local\Temp\360TS_Setup_Mini.exe" C:\Users\admin\AppData\Local\Temp\360TS_Setup_Mini.exeexplorer.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
MEDIUM
Description:
360 Total Security Online Installer
Exit code:
3221226540
Version:
6, 6, 0, 1075
Modules
Images
c:\users\admin\appdata\local\temp\360ts_setup_mini.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
6 483
Read events
6 428
Write events
51
Delete events
4

Modification events

(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\Liveup
Operation:writeName:mid
Value:
80342cb959da2233832ae840f019ccba8b56b331eb673be97c52113eab1cd1bc
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
Operation:writeName:proxytype
Value:
1
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2292) 360TS_Setup_Mini.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360TS_Setup_Mini_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
4
Suspicious files
9
Text files
3
Unknown types
4

Dropped files

PID
Process
Filename
Type
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\360TS_Setup.exe.P2P
MD5:
SHA256:
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\360TS_Setup.exe
MD5:
SHA256:
5832360TS_Setup.exeC:\Program Files (x86)\1721976339_0\360TS_Setup.exe
MD5:
SHA256:
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\{3517FFEE-B63D-49ce-BF94-8F8CE30C6461}.tmpcompressed
MD5:7D883E7A121DD2A690E3A04BB196DA6F
SHA256:9A54E77EDD072495D1A9C0BBA781F14C63F344EAAFA4F466D3DE770979691410
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\{2B3322FD-896A-48dc-8819-7E0E8688DE56}.tmp\360P2SP.dllexecutable
MD5:FC1796ADD9491EE757E74E65CEDD6AE7
SHA256:BF1B96F5B56BE51E24D6314BC7EC25F1BDBA2435F4DFC5BE87DE164FE5DE9E60
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\{A774D91F-5653-4f4e-B790-B9C738274547}.tmpimage
MD5:B1DDD3B1895D9A3013B843B3702AC2BD
SHA256:46CDA5AD256BF373F5ED0B2A20EFA5275C1FFD96864C33F3727E76A3973F4B3C
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\C__Users_admin_AppData_Local_Temp_!@t1862.tmp.membinary
MD5:512DEE7E7F43DAE845D12AEFAA7D35ED
SHA256:0590E3D04B5D75EA34583DCBB5903A1B2F41080EB93A98952FD9DDE4B8361BA7
2292360TS_Setup_Mini.exeC:\Users\admin\AppData\Local\Temp\!@t1862.tmp.dir\setup.initext
MD5:14BD5E917253C098F5DA32F0CE1A7D8A
SHA256:D167849F223C64DF2CF30E9B98D5E2C6AD1FC14EDE3C012C20F14FEE883E0C90
3588360TS_Setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\installapp[1].jsonbinary
MD5:984FBE4E50B9061451A97D8A6145E36B
SHA256:FDD7C66C476905078D37646003A738B405573CFD41D8D163823568AF7D59BA86
5832360TS_Setup.exeC:\Users\admin\AppData\Local\Temp\1721976339_00000000_base\360base.dllexecutable
MD5:B192F34D99421DC3207F2328FFE62BD0
SHA256:58F13D919F44D194827B609B6B267246ABC47134BB202472C0DFE033B9D7ED73
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
90
DNS requests
30
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2292
360TS_Setup_Mini.exe
GET
200
18.66.102.108:80
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
200
54.255.136.181:80
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1075&pid=101&os=10.0&mid=80342cb959da2233832ae840f019ccba&state=153
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
200
108.138.24.132:80
http://sd.p.360safe.com/38F1C812D5EA025FE5C1121AA32707BEAED8059B.trt
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
200
54.255.136.181:80
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=80342cb959da2233832ae840f019ccba&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=654&tdl=654&tds=644&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|6,FStatus|1,P2SS|654,P2PS|0,PDMode|2&tfl=654&tp=t&tst=1&ttdl=654&ttm=1015&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
18.245.60.102:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1118.exe
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
18.245.60.119:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1118.exe
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
18.245.60.13:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1118.exe
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
18.245.60.116:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1118.exe
unknown
whitelisted
2292
360TS_Setup_Mini.exe
GET
18.245.60.116:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1118.exe
unknown
whitelisted
4424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.20.142.122:443
www.bing.com
Akamai International B.V.
DE
whitelisted
131.253.33.254:443
a-ring-fallback.msedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1620
slui.exe
40.91.76.224:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
2292
360TS_Setup_Mini.exe
54.76.174.118:80
tr.p.360safe.com
unknown
2292
360TS_Setup_Mini.exe
54.77.42.29:3478
st.p.360safe.com
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
t-ring-fdv2.msedge.net
  • 13.107.237.254
unknown
a-ring-fallback.msedge.net
  • 131.253.33.254
unknown
www.bing.com
  • 2.20.142.122
  • 92.122.215.94
  • 92.122.215.95
  • 2.20.142.154
  • 2.20.142.138
  • 2.20.142.129
  • 92.122.215.99
  • 2.20.142.146
  • 2.20.142.145
whitelisted
google.com
  • 142.250.185.110
whitelisted
st.p.360safe.com
  • 54.77.42.29
whitelisted
s.360safe.com
  • 54.255.136.181
  • 54.254.196.234
whitelisted
tr.p.360safe.com
  • 54.76.174.118
whitelisted
iup.360safe.com
  • 18.66.102.80
  • 18.66.102.36
  • 18.66.102.115
  • 18.66.102.108
whitelisted
int.down.360safe.com
  • 18.245.60.116
  • 18.245.60.102
  • 18.245.60.13
  • 18.245.60.119
whitelisted

Threats

PID
Process
Class
Message
2292
360TS_Setup_Mini.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/totalsecurity/360TS_Setup_Mini.exe