File name:

Assassins Creed Unity_TR_Yama_v1.00.exe

Full analysis: https://app.any.run/tasks/2f42cfc5-7d3f-43c3-8539-f6686747be0c
Verdict: Malicious activity
Analysis date: June 04, 2024, 01:19:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, Nullsoft Installer self-extracting archive
MD5:

DCB1ABB4D597C462442D4A10DBD953D0

SHA1:

4FED68858D46D04C41289E0C4ED669DB38395665

SHA256:

899A4329CE762765BDAAB1839AD2DFBB45ECA4766179CD317C9617D27317CE86

SSDEEP:

98304:9oww/8/kta91YaKg1AyBKrZz7n7S7QucZqqgovuO1G:Lzp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Mutex name with non-standard characters

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Executable content was dropped or overwritten

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • The process creates files with name similar to system file names

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Reads the Internet Settings

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Reads security settings of Internet Explorer

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Reads Microsoft Outlook installation path

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Reads Internet Explorer settings

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

  • INFO

    • Reads the computer name

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Checks supported languages

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Create files in a temporary directory

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Reads the machine GUID from the registry

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)

    • Checks proxy server information

      • Assassins Creed Unity_TR_Yama_v1.00.exe (PID: 2072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (39.3)
.exe | Win32 EXE Yoda's Crypter (38.6)
.dll | Win32 Dynamic Link Library (generic) (9.5)
.exe | Win32 Executable (generic) (6.5)
.exe | Generic Win/DOS Executable (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 20480
InitializedDataSize: 569344
UninitializedDataSize: 782336
EntryPoint: 0xc44e0
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: Animus Projesi
CompanyName: www.animusprojesi.com
CompanyWebsite: http://www.animusprojesi.com
FileDescription: Assassins Creed Unity TR v1.00
FileVersion: 1
LegalCopyright: 2015
LegalTrademarks: Assassins Creed Unity ® Ubisoft
ProductName: Assassins Creed Unity Türkçe Yama
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start assassins creed unity_tr_yama_v1.00.exe assassins creed unity_tr_yama_v1.00.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2072"C:\Users\admin\AppData\Local\Temp\Assassins Creed Unity_TR_Yama_v1.00.exe" C:\Users\admin\AppData\Local\Temp\Assassins Creed Unity_TR_Yama_v1.00.exe
explorer.exe
User:
admin
Company:
www.animusprojesi.com
Integrity Level:
HIGH
Description:
Assassins Creed Unity TR v1.00
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\assassins creed unity_tr_yama_v1.00.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
3992"C:\Users\admin\AppData\Local\Temp\Assassins Creed Unity_TR_Yama_v1.00.exe" C:\Users\admin\AppData\Local\Temp\Assassins Creed Unity_TR_Yama_v1.00.exeexplorer.exe
User:
admin
Company:
www.animusprojesi.com
Integrity Level:
MEDIUM
Description:
Assassins Creed Unity TR v1.00
Exit code:
3221226540
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\assassins creed unity_tr_yama_v1.00.exe
c:\windows\system32\ntdll.dll
Total events
4 543
Read events
4 518
Write events
22
Delete events
3

Modification events

(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
(PID) Process:(2072) Assassins Creed Unity_TR_Yama_v1.00.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
Operation:delete valueName:MRUList
Value:
Executable files
5
Suspicious files
0
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\banner.jpgimage
MD5:C6C810627165284661A1697D7C51D114
SHA256:AE825DDEEB1B59A568AC64B60A46924E8262F8831B9DE6B66120AB039E6B387A
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\modern-header.bmpimage
MD5:D68E99B1C330004036CE9BFEEBDD746E
SHA256:078AB3BFA67BBCBA955C3654A0F6ADFD1EDCD9011E5490AEC3AB0AEC5F0BEF79
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\splash.gifimage
MD5:55E6565BCAB25061850C6059E73407F5
SHA256:E5360163C422C0C59EDBBFF9A8C40E2D21B71D7BFB3A674CA60035A17149D6AE
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\scroll.htmlhtml
MD5:7050668E541ABECD7CDE755C5B05883F
SHA256:A4D123678AFEB065CC160B0EA4C3EF699E57D4A6F018CE5C12FE1D2FAD0EF55A
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\oku\oku\oku.htmlhtml
MD5:D10685EFF3D3A860DFB5F1740D535F30
SHA256:DD124C141B248C69254B26BF5BE4A3186D5F7E9C7F4D07BF0D60E66279591BCE
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\modern-wizard.bmpimage
MD5:56F5304D87F64651AE5FEDAACA5BE540
SHA256:563E2600124BB0AF3986C2F18A266A615EA227AF4C3AC05E3110190D1E048709
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\oku\oku.htmlhtml
MD5:D10685EFF3D3A860DFB5F1740D535F30
SHA256:DD124C141B248C69254B26BF5BE4A3186D5F7E9C7F4D07BF0D60E66279591BCE
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
2072Assassins Creed Unity_TR_Yama_v1.00.exeC:\Users\admin\AppData\Local\Temp\nst351D.tmp\oku\scroll.htmlhtml
MD5:7050668E541ABECD7CDE755C5B05883F
SHA256:A4D123678AFEB065CC160B0EA4C3EF699E57D4A6F018CE5C12FE1D2FAD0EF55A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Assassins Creed Unity_TR_Yama_v1.00.exe