File name: | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe |
Full analysis: | https://app.any.run/tasks/d3937433-1de5-433e-9e73-90bc78130378 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 22:16:33 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | 4291D1F08DD6113BF2AEEC009F6A6982 |
SHA1: | 7EE2EBFA312BC029C831F4F519611B17D4C2CD73 |
SHA256: | 917CE3341C85A86923DE21D414862C94550AFDAC9CB5B4766543FC1096E4A23C |
SSDEEP: | 1536:EhPpyASvVVVVVVVVWs5jfzQ/F3ZdUsj5qKEruDrDCKmrqTYQS8wgS5YxciXndnc9:cpDSvVVVVVVVVrfQF3Esj5qePCKy |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x2130 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
4428 | "C:\Users\admin\Desktop\917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe" | C:\Users\admin\Desktop\917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | — | ||
MD5:— | SHA256:— | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.tmp | executable | |
MD5:D2EDFB77D10970C4BD57F7281DEC473C | SHA256:CD2FDD096D1A5AAB181ECBA8A10294276EB8012F7FE3A7C669E6471E979E3A96 | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.tmp | executable | |
MD5:D4D45543E9F1F90CEDD3032D8C7489BF | SHA256:AD1A2D9E9A8145722F08397060249B8744184A3CF012D9D52F07938B1D9181E2 | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:231587E622F773B64431F4326109C870 | SHA256:B80F0B9F0DFEB17015DB253A357DA6DE747A1095D51EFB1C176C838A94AA746A | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:C0295F044C08B2C4529E139502B8D408 | SHA256:CD2BF044C04BE05E076A81E9E94852C5BF1B9B23A240719CD22D871E2AEDBDE1 | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.tmp | executable | |
MD5:D5FAAF95A89F3A26AD0C2D046D7B37D1 | SHA256:0262CB04D1A363B1B39799C8419359EE912A7C3FDF3B93CE875849C1987E680B | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:D21B1C442EE246A9C4326141A5BE26AB | SHA256:B40333DD9BD9552F9CD98861D1B213ACEEB90F0C1E6CD57E1EE755A7C712ABEF | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\bootmgr.tmp | executable | |
MD5:90C6F0A60AEC4BA819B5E1B2E6489573 | SHA256:193CDDD8E78ADFD6D5AB8CC52ABDA9CD5015593CA7539C677C20A5F88A577924 | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe.tmp | executable | |
MD5:A252487B8E9B32F68C80F44EF29B9D00 | SHA256:FD6CDE9C420592B6A0F25C8AD74FA045540231E7722E2B723CA44A6824C366D9 | |||
4428 | 917ce3341c85a86923de21d414862c94550afdac9cb5b4766543fc1096e4a23c.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:C0295F044C08B2C4529E139502B8D408 | SHA256:CD2BF044C04BE05E076A81E9E94852C5BF1B9B23A240719CD22D871E2AEDBDE1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2632 | svchost.exe | GET | 200 | 23.48.23.156:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2632 | svchost.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.156:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2632 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.156:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2632 | svchost.exe | 23.48.23.156:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.52.120.96:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2632 | svchost.exe | 23.52.120.96:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |