File name:

image003.wmz

Full analysis: https://app.any.run/tasks/7f0049e2-f8a8-4150-9c03-e6bfa3a93bfb
Verdict: No threats detected
Analysis date: November 12, 2020, 10:02:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/gzip
File info: gzip compressed data, max speed, from NTFS filesystem (NT)
MD5:

9B906557B0E0DFAC7BF7F150B67FB440

SHA1:

2F74951601E1341CDE5D24FE6C2F95874EBDD909

SHA256:

96287C52D656140498476CA5178192E5D0E8E1853907EA3A1F120922A5BF0C9A

SSDEEP:

96:YHdtQIGu99IkCqpLaGF5N/0W727ZCyxp28Q2aZdX8tUnUTXAg6c5r4vLF:YHbGu99IkjaGR/0Np2v/ZKtnAcF4x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads internet explorer settings

      • wmplayer.exe (PID: 3700)

    • Reads Internet Cache Settings

      • wmplayer.exe (PID: 3700)

    • Creates files in the user directory

      • wmplayer.exe (PID: 3700)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.z/gz/gzip | GZipped data (100)

EXIF

ZIP

Compression: Deflated
Flags: (none)
ModifyDate: 0000:00:00 00:00:00
ExtraFlags: Fastest Algorithm
OperatingSystem: NTFS filesystem (NT)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wmplayer.exe no specs setup_wm.exe no specs unregmp2.exe no specs wmplayer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
604"C:\Program Files\Windows Media Player\wmplayer.exe" /layout:"C:\Users\admin\AppData\Local\Temp\image003.wmz"C:\Program Files\Windows Media Player\wmplayer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3044C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibraryC:\Windows\system32\unregmp2.exesetup_wm.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Player Setup Utility
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\unregmp2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3660"C:\Program Files\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /layout:"C:\Users\admin\AppData\Local\Temp\image003.wmz"C:\Program Files\Windows Media Player\setup_wm.exewmplayer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Media Configuration Utility
Exit code:
1
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\setup_wm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3700"C:\Program Files\Windows Media Player\wmplayer.exe" /Relaunch /layout:"C:\Users\admin\AppData\Local\Temp\image003.wmz"C:\Program Files\Windows Media Player\wmplayer.exesetup_wm.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 034
Read events
742
Write events
290
Delete events
2

Modification events

(PID) Process:(604) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(604) wmplayer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3660) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\UserOptions
Operation:writeName:DesktopShortcut
Value:
no
(PID) Process:(3660) setup_wm.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:AcceptedPrivacyStatement
Value:
1
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:MigratedXML
Value:
1
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:Migrating
Value:
1
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:AutoMetadataCurrentDownloadCount
Value:
0
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:AutoMetadataCurrent500ServerErrorCount
Value:
0
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:AutoMetadataCurrent503ServerErrorCount
Value:
0
(PID) Process:(3044) unregmp2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences
Operation:writeName:AutoMetadataCurrentOtherServerErrorCount
Value:
0
Executable files
0
Suspicious files
9
Text files
25
Unknown types
0

Dropped files

PID
Process
Filename
Type
3700wmplayer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SRNCXLKT6U2UUKN9U9K1.temp
MD5:
SHA256:
3660setup_wm.exeC:\Users\admin\AppData\Local\Temp\wmsetup.logtext
MD5:
SHA256:
3700wmplayer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-msbinary
MD5:
SHA256:
3044unregmp2.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdbbinary
MD5:
SHA256:
3700wmplayer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W7RI3CLDVDPMM1ANGUT5.temp
MD5:
SHA256:
3700wmplayer.exeC:\Users\Public\Music\Sample Music\Folder.jpgimage
MD5:84BBA83CFBC0233517407678BB842686
SHA256:6ECF98ADB3CD0931EC803F3A56A9563C7D60BB86EC1886B21E3D0F7EB25198D9
3700wmplayer.exeC:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpgimage
MD5:E29D6B28A6F50FFE9D93635457874773
SHA256:2A9D62271A367C7E0FF582CF131007AC5B9F773077A53D48B4D782F6B23A9A4E
3700wmplayer.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002DBFE\04_Music_played_in_the_last_month.wplhtml
MD5:F8D3A4CACF055F5EC5C62218EA50D290
SHA256:201F2170812CF8041964C4D3C5EF539D96ADEBA6A68B69ECAED0AFFE3AE8E25F
3700wmplayer.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{DD90A31C-9359-4119-88AC-C3F1372E72F5}.jpgimage
MD5:35E787587CD3FA8ED360036C9FCA3DF2
SHA256:98C49A68EE578E10947209EBC17C0AD188ED39C7D0C91A2B505F317259C0C9B2
3700wmplayer.exeC:\Users\admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0002DBFE\03_Music_rated_at_4_or_5_stars.wplhtml
MD5:6D791B697AF46D6777182AF7F18C2955
SHA256:4825EB90140F6B2F4F7ED0DF66B24E10FF5D0DA70AF53EA495FD30B3AA791870
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
image003.wmz