File name:

lalsetup250.exe

Full analysis: https://app.any.run/tasks/4c845351-10a2-4033-b972-530efb1b6035
Verdict: Malicious activity
Analysis date: April 21, 2024, 17:49:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BC7D4F478444350FB63B914723462FC7

SHA1:

6FBEF1D5DFB0DBB54CA0543BF8EFB3531FEBD844

SHA256:

8FE76D3D0DD4AACAFD50D114FDC3774AC0925B86BF1CC315922DF6EF67F790C1

SSDEEP:

98304:7lxOVr7Qw9gHBekxbD9qfnqllu32Yl3vjP+bdxo2K347vxRA4f0KwEwuCM/pvCih:1zxZEKGo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • lalsetup250.exe (PID: 3108)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • lalsetup250.exe (PID: 3108)

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 1424)

  • INFO

    • Create files in a temporary directory

      • lalsetup250.exe (PID: 3108)

    • Checks supported languages

      • lalsetup250.exe (PID: 3108)
      • irsetup.exe (PID: 1424)

    • Reads the computer name

      • irsetup.exe (PID: 1424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (22.1)
.exe | Win64 Executable (generic) (19.6)
.exe | UPX compressed Win32 Executable (19.2)
.exe | Win32 EXE Yoda's Crypter (18.8)
.scr | Windows screen saver (9.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2002:02:06 20:53:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 20480
InitializedDataSize: 53248
UninitializedDataSize: -
EntryPoint: 0x27e1
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.0.0.3
ProductVersionNumber: 6.0.0.3
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This setup code is the property of Indigo Rose Corporation
CompanyName: Indigo Rose Corporation http://www.indigorose.com
FileDescription: Setup Factory 6.0 Setup Launcher
FileVersion: 6.0.0.3
InternalName: setup
LegalCopyright: Copyright © 2001 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFileName: setup.exe
PrivateBuild: -
ProductName: setup
ProductVersion: 6.0.0.3
SpecialBuild: -
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start lalsetup250.exe irsetup.exe no specs lalsetup250.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1072"C:\Users\admin\AppData\Local\Temp\lalsetup250.exe" C:\Users\admin\AppData\Local\Temp\lalsetup250.exeexplorer.exe
User:
admin
Company:
Indigo Rose Corporation http://www.indigorose.com
Integrity Level:
MEDIUM
Description:
Setup Factory 6.0 Setup Launcher
Exit code:
3221226540
Version:
6.0.0.3
Modules
Images
c:\users\admin\appdata\local\temp\lalsetup250.exe
c:\windows\system32\ntdll.dll
1424"C:\Users\admin\AppData\Local\Temp\irsetup.exe"C:\Users\admin\AppData\Local\Temp\irsetup.exelalsetup250.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
SUF60Runtime
Version:
6.0.0.3
Modules
Images
c:\users\admin\appdata\local\temp\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3108"C:\Users\admin\AppData\Local\Temp\lalsetup250.exe" C:\Users\admin\AppData\Local\Temp\lalsetup250.exe
explorer.exe
User:
admin
Company:
Indigo Rose Corporation http://www.indigorose.com
Integrity Level:
HIGH
Description:
Setup Factory 6.0 Setup Launcher
Exit code:
0
Version:
6.0.0.3
Modules
Images
c:\users\admin\appdata\local\temp\lalsetup250.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
Total events
809
Read events
809
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
6
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\irsetup.datbinary
MD5:C54769A4DDD9A446011064A2B1103E5D
SHA256:BB4506F43F70CD5AF1921DC183BAAF4BFF0570F6CE4A340397FFDBDE5A833DA5
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\IRIMG3.BMPbinary
MD5:95145F4CEAD2C4BD2EC219BC87D83F1D
SHA256:0542CB1D3E6B50F78DC63EA1ABEC6C518CFD4EA203649DF3EF3834309EA66CAD
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\irsetup.exeexecutable
MD5:65577EF62A45AA9A29639BEC2649FB72
SHA256:FF0B872A6B7DCDAB47E13B3DC6CAD51934D1923F0E70A84E595FB7DCF300DC7A
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\IRIMG4.BMPbinary
MD5:EF0F83B8F590EEF4CDA9809B9D5873F6
SHA256:3CEF434F2584FD81120E4C48B2442C0E649F340C29E42D4C8C68569091576036
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\irsetup.initext
MD5:58C4235C8E0A7A0AA2C8559A0331997F
SHA256:07E6DEB4BFAE7E6D092059C1FB332003D45C89BCC23BCFE960FC0FE1D6D170B1
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\suf6lng.16ini
MD5:0A7E05BC7E538015D7B55399E8AFF230
SHA256:4FAA52BA8416881E266994495BD728F5FC740F32CA3C31EDB3E5670AAB9B28E5
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\IRIMG5.BMPbinary
MD5:E29A24E189E95681BB41F73C16747FD8
SHA256:3973D354045BE781EABF9114772FE2E5E96D1E557793DE10C914D901B16E8C09
1424irsetup.exeC:\Windows\Look@LAN Setup Log.txttext
MD5:8E34D8F19910C6C7C1193DD88492F208
SHA256:A7EB5D166302A9B107985D97427041746CB1414BE8FFA8AE182FB8FF21E5D325
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\IRIMG1.BMPbinary
MD5:FF439D8A48231281A5B95D703C168FE7
SHA256:403B2C886BF9895534A5EBE14894D64F80EC1F10D01C04480BA68A4B10870067
3108lalsetup250.exeC:\Users\admin\AppData\Local\Temp\IRIMG2.BMPbinary
MD5:A7A2B905FAA4521074BD20091A921301
SHA256:9F825018B7D97A7A31457F7F063C682DBC887696D34CD71D9F6F9A1A80F9265F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
lalsetup250.exe