File name:

ligma.exe

Full analysis: https://app.any.run/tasks/3946a58a-1a9c-4a3c-a13f-577d4a6150db
Verdict: Malicious activity
Threats:

Blank Grabber is an infostealer written in Python. It is designed to steal a wide array of data, such as browser login credentials, crypto wallets, Telegram sessions, and Discord tokens. It is an open-source malware, with its code available on GitHub and regularly receiving updates. Blank Grabber builder’s simple interface lets threat actors even with basic skills to deploy it and conduct attacks.

Malware Trends Tracker     >>>
Analysis date: January 19, 2025, 00:06:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
python
blankgrabber
pyinstaller
lumma
stealer
growtopia
discordgrabber
generic
susp-powershell
ims-api
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

A3D86FABBA9C330006A1735A15B4093B

SHA1:

F2AD62A418C0AC80CD08C2931F4C751E6ECDF8B2

SHA256:

8FA12A1A416D0B49877BB24CCB1587CC1A3398A88B22D9BCB6E2D534B2ECF30C

SSDEEP:

98304:XJ3mWu8MFZlu/gbH90KU+meINVq6btHfktEzafhOsE+XZ0hHHZPthn6YDEp1QFSq:M4UrAz5o+t

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BlankGrabber has been detected

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Executing a file with an untrusted certificate

      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)
      • ligma.exe (PID: 6544)

    • Adds path to the Windows Defender exclusion list

      • cmd.exe (PID: 6576)
      • ligma.exe (PID: 6544)

    • Changes settings for checking scripts for malicious actions

      • powershell.exe (PID: 6692)

    • Changes settings for protection against network attacks (IPS)

      • powershell.exe (PID: 6692)

    • Antivirus name has been found in the command line (generic signature)

      • cmd.exe (PID: 6584)

    • Changes settings for sending potential threat samples to Microsoft servers

      • powershell.exe (PID: 6692)

    • Resets Windows Defender malware definitions to the base version

      • MpCmdRun.exe (PID: 7040)

    • Changes settings for reporting to Microsoft Active Protection Service (MAPS)

      • powershell.exe (PID: 6692)

    • Changes antivirus protection settings for downloading files from the Internet (IOAVProtection)

      • powershell.exe (PID: 6692)

    • Changes Controlled Folder Access settings

      • powershell.exe (PID: 6692)

    • GROWTOPIA has been detected (YARA)

      • ligma.exe (PID: 6544)

    • DISCORDGRABBER has been detected (YARA)

      • ligma.exe (PID: 6544)

    • Changes settings for real-time protection

      • powershell.exe (PID: 6692)

    • LUMMA has been detected (SURICATA)

      • chrome.exe (PID: 5000)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Application launched itself

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6496)

    • Process drops python dynamic module

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Process drops legitimate windows executable

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Executable content was dropped or overwritten

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Loads Python modules

      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6544)

    • Reads security settings of Internet Explorer

      • ligma.exe (PID: 6316)

    • Reads the date of Windows installation

      • ligma.exe (PID: 6316)

    • Found strings related to reading or modifying Windows Defender settings

      • ligma.exe (PID: 6544)

    • Starts CMD.EXE for commands execution

      • ligma.exe (PID: 6544)

    • Script disables Windows Defender's IPS

      • cmd.exe (PID: 6584)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6576)
      • cmd.exe (PID: 6584)

    • Script adds exclusion path to Windows Defender

      • cmd.exe (PID: 6576)

    • Script disables Windows Defender's real-time protection

      • cmd.exe (PID: 6584)

    • Contacting a server suspected of hosting an CnC

      • chrome.exe (PID: 5000)

    • Possible usage of Discord/Telegram API has been detected (YARA)

      • ligma.exe (PID: 6544)

  • INFO

    • Create files in a temporary directory

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6496)
      • ligma.exe (PID: 6544)
      • MpCmdRun.exe (PID: 7040)

    • Reads the computer name

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6496)
      • ligma.exe (PID: 6544)
      • MpCmdRun.exe (PID: 7040)

    • Checks supported languages

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6496)
      • ligma.exe (PID: 6544)
      • MpCmdRun.exe (PID: 7040)

    • The sample compiled with english language support

      • ligma.exe (PID: 6296)
      • ligma.exe (PID: 6496)

    • Reads the machine GUID from the registry

      • ligma.exe (PID: 6316)
      • ligma.exe (PID: 6544)

    • The process uses the downloaded file

      • ligma.exe (PID: 6316)

    • Process checks computer location settings

      • ligma.exe (PID: 6316)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6672)
      • powershell.exe (PID: 6692)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 6692)
      • powershell.exe (PID: 6672)

    • PyInstaller has been detected (YARA)

      • ligma.exe (PID: 6496)
      • ligma.exe (PID: 6544)

    • Manual execution by a user

      • chrome.exe (PID: 7132)

    • Application launched itself

      • chrome.exe (PID: 7132)

    • Found Base64 encoded reflection usage via PowerShell (YARA)

      • ligma.exe (PID: 6544)

    • UPX packer has been detected

      • ligma.exe (PID: 6544)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:01:07 16:27:09+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.41
CodeSize: 172032
InitializedDataSize: 94208
UninitializedDataSize: -
EntryPoint: 0xce20
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 10.0.22621.1
ProductVersionNumber: 10.0.22621.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft AuthHost
FileVersion: 10.0.22621.1 (WinBuild.160101.0800)
InternalName: AuthHost
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: AuthHost.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.22621.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
23
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
start #BLANKGRABBER ligma.exe ligma.exe no specs #BLANKGRABBER ligma.exe #GROWTOPIA ligma.exe cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs rundll32.exe no specs mpcmdrun.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs #LUMMA chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1816 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3564"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2336 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3640"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5212 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4024"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3700 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5000"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2172 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6232"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6296"C:\Users\admin\Downloads\ligma.exe" C:\Users\admin\Downloads\ligma.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft AuthHost
Exit code:
0
Version:
10.0.22621.1 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\downloads\ligma.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6316"C:\Users\admin\Downloads\ligma.exe" C:\Users\admin\Downloads\ligma.exeligma.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft AuthHost
Exit code:
0
Version:
10.0.22621.1 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\downloads\ligma.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
6320"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4660 --field-trial-handle=1992,i,4642751097410774871,2237252978400075094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
31 607
Read events
31 601
Write events
6
Delete events
0

Modification events

(PID) Process:(7132) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7132) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7132) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7132) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(7132) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7132) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C1F
Value:
1
Executable files
114
Suspicious files
19
Text files
24
Unknown types
0

Dropped files

PID
Process
Filename
Type
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_bz2.pydexecutable
MD5:FBA120A94A072459011133DA3A989DB2
SHA256:055A93C8B127DC840AC40CA70D4B0246AC88C9CDE1EF99267BBE904086E0B7D3
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_lzma.pydexecutable
MD5:864B22495372FA4D8B18E1C535962AE2
SHA256:FC57BD20B6B128AFA5FAAAC1FD0CE783031FAAF39F71B58C9CACF87A16F3325F
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_queue.pydexecutable
MD5:BEBC7743E8AF7A812908FCB4CDD39168
SHA256:CC275B2B053410C6391339149BAF5B58DF121A915D18B889F184BE02BEDAF9BC
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_decimal.pydexecutable
MD5:7CDC590AC9B4FFA52C8223823B648E5C
SHA256:F281BD8219B4B0655E9C3A5516FE0B36E44C28B0AC9170028DD052CA234C357C
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:33BBECE432F8DA57F17BF2E396EBAA58
SHA256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
SHA256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
SHA256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_sqlite3.pydexecutable
MD5:70A7050387359A0FAB75B042256B371F
SHA256:E168A1E229F57248253EAD19F60802B25DC0DBC717C9776E157B8878D2CA4F3D
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\_socket.pydexecutable
MD5:49F87AEC74FEA76792972022F6715C4D
SHA256:5D8C8186DF42633679D6236C1FEBF93DB26405C1706F9B5D767FEAB440EA38B0
6296ligma.exeC:\Users\admin\AppData\Local\Temp\_MEI62962\VCRUNTIME140.dllexecutable
MD5:F34EB034AA4A9735218686590CBA2E8B
SHA256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
44
DNS requests
13
Threats
2

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
ligma.exe
216.58.206.67:443
gstatic.com
GOOGLE
US
whitelisted
5064
SearchApp.exe
2.19.122.58:443
www.bing.com
Akamai International B.V.
DE
whitelisted
7132
chrome.exe
239.255.255.250:1900
whitelisted
5000
chrome.exe
142.250.186.131:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
5000
chrome.exe
173.194.69.84:443
accounts.google.com
GOOGLE
US
whitelisted
5000
chrome.exe
172.217.16.196:443
www.google.com
GOOGLE
US
whitelisted
7132
chrome.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.78
whitelisted
gstatic.com
  • 216.58.206.67
whitelisted
www.bing.com
  • 2.19.122.58
  • 2.19.122.32
  • 2.19.122.20
  • 2.19.122.30
  • 2.19.122.39
  • 2.19.122.55
  • 2.19.122.46
  • 2.19.122.47
  • 2.19.122.56
whitelisted
clientservices.googleapis.com
  • 142.250.186.131
whitelisted
accounts.google.com
  • 173.194.69.84
whitelisted
www.google.com
  • 172.217.16.196
whitelisted
update.googleapis.com
  • 172.217.16.195
whitelisted
uncoverit.org
  • 104.21.55.153
  • 172.67.149.47
unknown

Threats

PID
Process
Class
Message
5000
chrome.exe
Domain Observed Used for C2 Detected
STEALER [ANY.RUN] Suspected Lumma domain by CrossDomain (uncoverit .org)
5000
chrome.exe
Domain Observed Used for C2 Detected
STEALER [ANY.RUN] Suspected Lumma domain by CrossDomain (uncoverit .org)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ligma.exe