File name:

undertale-last-breath.exe

Full analysis: https://app.any.run/tasks/81bbf1d1-1d46-4016-b8da-452517673036
Verdict: Malicious activity
Analysis date: November 09, 2024, 01:15:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

5E66DA13E983DABDFC0BD1149B513E06

SHA1:

C148C29B88D5D85555038E326DDF362D728523F5

SHA256:

8177D2261FD91FC12E5CA94B0B62430E80D16C0460BF6D218FC9563713E325EC

SSDEEP:

786432:ziQxJskSbZCgFCMzZBXpA4z4Rb9Ldjp22yqbY/4uqjW0P:IZXFVzPXploJLdjp22y5guqjf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • undertale-last-breath.exe (PID: 5976)

  • INFO

    • Checks supported languages

      • undertale-last-breath.exe (PID: 5976)

    • Reads the computer name

      • undertale-last-breath.exe (PID: 5976)

    • Create files in a temporary directory

      • undertale-last-breath.exe (PID: 5976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:18 18:44:31+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 626688
InitializedDataSize: 451584
UninitializedDataSize: -
EntryPoint: 0x77729
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows 16-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName:
FileDescription:
FileVersion:
LegalCopyright:
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
112
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start undertale-last-breath.exe

Process information

PID
CMD
Path
Indicators
Parent process
5976"C:\Users\admin\Desktop\undertale-last-breath.exe" C:\Users\admin\Desktop\undertale-last-breath.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\undertale-last-breath.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
23
Read events
23
Write events
0
Delete events
0

Modification events

No data
Executable files
16
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\clickteam-circular.mvxexecutable
MD5:670CFC229784A242BEB960A430AE9764
SHA256:671A01A39FA56A32FC0A43B16038D3077202734A7BEACD50D73439011A74A4CB
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\mmfs2.dllexecutable
MD5:200520E6E8B4D675B77971DFA9FB91B3
SHA256:763EF4484BA9B9E10E19268C045732515F0AC143CF075E6D1EA1F5ADCC77633B
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\kcwctrl.mfxexecutable
MD5:FA3AA3C51150EB5410DC3D74484D84BB
SHA256:0666E52EA54BB2BDB81216443EA0787B8FCC6292B64D6BDF285EEBF42E1BBAE6
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\mmf2d3d9.dllexecutable
MD5:C85BCC9F3049B57AA8CCBB290342FF14
SHA256:BDDDA991185A9E83B9855A109F2FCFA78CD2D5402E9DB344C6EC77F6CE69A0C5
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\mp3flt.sftexecutable
MD5:5BEBC3AE0122702B89F9262888D3A393
SHA256:81C9A9459A8E124793ADDF142CD513945D6FE600E1D67F74897898D7570E56B2
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\cctrans.dllexecutable
MD5:21E093D52A3AFE8ED5532FCAA189C067
SHA256:9B834B5D26983451EF3A11C8C2A715724DAA188FBD28597081ECB1E9ED672F87
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\DRPC.mfxexecutable
MD5:66726FDF933AD94BF73AB40430ABADD0
SHA256:163F8E16167F79BF88A4175AF056D31256775B6C68F33E00528F26585E4D0354
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\kcini.mfxexecutable
MD5:A6AD14845999C5AA7ADF2911671A7C5B
SHA256:5AF175FFB932FB653873DAD095DD40F2AB8D3FB56F287213C21BB68652DDAD2D
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\oggflt.sftexecutable
MD5:0C8C1EE3BA92189F4CE21D1B396A2765
SHA256:9E589F86317D840DF9BB74F6EE20C24CA65AFE58F4009740382F63A0F5531941
5976undertale-last-breath.exeC:\Users\admin\AppData\Local\Temp\mrtD877.tmp\waveflt.sftexecutable
MD5:57EA61DD14314EF155E80C6A0BE8A664
SHA256:92A5053CF5973A6AA228C738D55387F12F1DFA8A837D7B938C60F05B6B56B3AD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
27
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.21.20.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.21.20.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.21.20.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.21.20.133:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.21.20.133:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
2.21.20.133:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.137
  • 104.126.37.163
  • 104.126.37.160
  • 104.126.37.179
  • 104.126.37.178
  • 104.126.37.153
  • 104.126.37.171
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 2.21.20.133
  • 2.21.20.137
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
self.events.data.microsoft.com
  • 13.69.116.109
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
undertale-last-breath.exe