File name:

83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc

Full analysis: https://app.any.run/tasks/19f0cb1d-d73d-41b9-bc05-b2782de24ba9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 02, 2023, 14:00:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
stop
loader
vodkagats
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

B8DC3028562DF4C7D77306AB31778BD6

SHA1:

DC0B2AA06D1C5E472060FD0EEA07C89D093B9ABC

SHA256:

83546201DB335F52721ED313B9078DE267EAF1C5D58168B99E35B2836BF4F0FC

SSDEEP:

24576:xxeoVuNFZPu1IFuy5S6LY5tTKOs/VAkqgYRLT4ZB/SEGL6vGkUx4qzzPrre2N0B7:xxeoVu/1ucuy5S6LItTKOaVAkqgYRLTa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)

    • Stop is detected

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • VODKAGATS has been detected (SURICATA)

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

  • SUSPICIOUS

    • Application launched itself

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2144)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 1840)

    • Checks Windows Trust Settings

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Reads settings of System Certificates

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Reads the Internet Settings

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Reads security settings of Internet Explorer

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Uses ICACLS.EXE to modify access control lists

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)

    • Process requests binary or script from the Internet

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

  • INFO

    • Checks proxy server information

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Checks supported languages

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2144)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • wmpnscfg.exe (PID: 3832)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 1840)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Reads the computer name

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • wmpnscfg.exe (PID: 3832)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Creates files or folders in the user directory

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Reads the machine GUID from the registry

      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 3476)
      • 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe (PID: 2424)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:21 19:22:18+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 672256
InitializedDataSize: 5103104
UninitializedDataSize: -
EntryPoint: 0x758f
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 18.0.0.0
ProductVersionNumber: 8.0.0.0
FileFlagsMask: 0x183a
FileFlags: (none)
FileOS: Unknown (0x20461)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Faeroese
CharacterSet: Unknown (31F6)
LegalCopyright: Copyright (C) 2023, parking
OriginalFileName: bigthing.exe
ProductsVersion: 36.47.26.15
ProductName: SolarOmir
ProductionVersion: 1.24.17.52
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe no specs 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe icacls.exe no specs 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe #STOP 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1840"C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe" --Admin IsNotAutoStart IsNotTaskC:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2144"C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe" C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
2424"C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe" --Admin IsNotAutoStart IsNotTaskC:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
3264icacls "C:\Users\admin\AppData\Local\20a95d81-623e-4cb9-9e3c-65cc37494cac" /deny *S-1-1-0:(OI)(CI)(DE,DC)C:\Windows\System32\icacls.exe83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
3476"C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe" C:\Users\admin\AppData\Local\Temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
3832"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
8 344
Read events
8 283
Write events
61
Delete events
0

Modification events

(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3476) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2424) 83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
1
Suspicious files
8
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:22986CBB07E8D63B560DEF082856035E
SHA256:BDFDAB4FBACF68A311AD4CFC658979E22CB1B4D0FD1CCC20CABB5B467D48B03A
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\geo[1].jsontext
MD5:26CF038DA5547260524ADE05D4973E44
SHA256:5A9B1F60E45B5926AD79EC1B021E4CE80835B01A50456EDB72A2800130982BF6
242483546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\get[1].htmbinary
MD5:03A5D0F1D811C9C3EB350FFC9AB56FDC
SHA256:B0F5456C0043DA825300976A6D1C469F70C9E1541F0365931E922E7F43612544
242483546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\Local\bowsakkdestx.txtbinary
MD5:03A5D0F1D811C9C3EB350FFC9AB56FDC
SHA256:B0F5456C0043DA825300976A6D1C469F70C9E1541F0365931E922E7F43612544
242483546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\SystemID\PersonalID.txttext
MD5:281F8380140B5AA1DCBADBC6BAD136E3
SHA256:B4E01189528DBF62273C4447B1AF29C2FEF7A90EBD1421992C6049C537D44177
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:C64EC2CD47046B7B42A3694908BB95A3
SHA256:643540A2A3529D7367C6DA5C1E942E8E8F99EE82807F7FF4F43ED263BAB3DAC7
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:F5FE15D36611567067D1EDC55EE9B5FD
SHA256:3CF44A9BFCC890FE97F7712B154073B97743B8EDA7A2BA1589170860C325DA27
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
347683546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:CEA1F54A05B6F832AA5D662C3673D269
SHA256:C81F779F487C67D60AE54697C03D5A97F7D9A0A87385CFA490D02EF11FB4B04B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
11
DNS requests
6
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?067af9b499822491
unknown
compressed
4.66 Kb
unknown
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
GET
200
14.33.209.147:80
http://zexeq.com/raud/get.php?pid=6E3AAB7CB29BC9495DFDE01272C66F39&first=true
unknown
binary
559 b
unknown
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
GET
14.33.209.147:80
http://zexeq.com/files/1/build3.exe
unknown
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?20da42ca9bb40799
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
188.114.97.3:443
api.2ip.ua
CLOUDFLARENET
NL
unknown
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
172.217.16.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
188.114.97.3:443
api.2ip.ua
CLOUDFLARENET
NL
unknown
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
14.33.209.147:80
zexeq.com
Korea Telecom
KR
unknown
1080
svchost.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
api.2ip.ua
  • 188.114.97.3
  • 188.114.96.3
shared
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.pki.goog
  • 172.217.16.131
whitelisted
colisumy.com
unknown
zexeq.com
  • 14.33.209.147
  • 211.181.24.133
  • 211.104.254.139
  • 115.88.24.200
  • 58.151.148.90
  • 189.232.44.70
  • 181.168.176.36
  • 211.168.53.110
  • 123.213.233.131
  • 190.218.32.77
unknown

Threats

PID
Process
Class
Message
1080
svchost.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Address Lookup DNS Query (2ip .ua)
3476
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
Potentially Bad Traffic
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
Potentially Bad Traffic
ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI)
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET MALWARE Win32/Filecoder.STOP Variant Public Key Download
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
A Network Trojan was detected
ET MALWARE Win32/Vodkagats Loader Requesting Payload
2424
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
83546201db335f52721ed313b9078de267eaf1c5d58168b99e35b2836bf4f0fc