File name: | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe |
Full analysis: | https://app.any.run/tasks/cd7a21e6-7804-4170-9660-7f1652e0a2d7 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 23:21:06 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | B43F55AFA37E589FE710A24524955720 |
SHA1: | F8824B19E97222E2E117C418EC18BC2E8C37A193 |
SHA256: | A5B4B1248F8F9ABFBEFD58BE80700B940DDCE2D79C8FC3E2538387C308F4A7FC |
SSDEEP: | 6144:cdSvVVVVVVVVrfuj5q4uFTDhfqfWJUNo5kUe7xo6og:XvVVVVVVVVrfuj5q4uFTDhSfWJUNo5kB |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x2130 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2136 | "C:\Users\admin\Desktop\a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe" | C:\Users\admin\Desktop\a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | — | ||
MD5:— | SHA256:— | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_reader_appicon_16.png.tmp | executable | |
MD5:E9DC75E8B9954F97AC496E4D6134E6D5 | SHA256:68C0CD6E0DB0B9397B1F1C0FBD6178D592E6096EA3388D3FCAE3C22250675CE2 | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:30569A73475B2E6274CD0EEA7D42824F | SHA256:4D4BABB8DB183DE393577D5D81D5B30BC79E0BD7BF41E60232439558DC4D8A22 | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:28FDC8736B665D612E46A20A35A20E42 | SHA256:FCE90404AF668ACD1186F284EF0AC72DC6B2330E19A66F3C15BEBE3284310C0C | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.tmp | executable | |
MD5:E050BB5D69D86EAB4C9A85303CB628B8 | SHA256:A7EF06595003020DB37470E453BD5C75FC288CC7E4D187B5788E8C1767F1F269 | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\bootmgr.tmp | executable | |
MD5:AC1E4881462F0C86C71FBB50FB94E666 | SHA256:29019DC0594B5917D8BFC3D56CE960CEB1D2B6FB8A23322235F36AC8E16AF578 | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.tmp | executable | |
MD5:EBFEFF31312DDFD9FB2E0B544916F248 | SHA256:76C3CAE707748F34E46FB7F662F3264F03660C7CFF80F5F383F904AB3BE6A155 | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatRes.dll.tmp | executable | |
MD5:30F72FA9FF8E2BBD2BEF2810B49CCFDD | SHA256:FB98DC7EEA8CD4FEB4360EF6160F5F6166B5294ABA8A0EBD7E369073B8C5BECD | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef.pak.tmp | executable | |
MD5:FB6270D01546D9307932CE5ADE4452F7 | SHA256:FCBCC9284458C312FE811D4DD40AF10FD2A8C088234375773F74B6374EFA48EF | |||
2136 | a5b4b1248f8f9abfbefd58be80700b940ddce2d79c8fc3e2538387c308f4a7fc.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.tmp | executable | |
MD5:7727FC31B0209A839F33CB4895397B2C | SHA256:B0BFD54B0BF8E34F1913AA99454B3BB93FB47278477A93957987AB44E853C2B6 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.156:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 104.126.37.128:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3884 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.156:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
3976 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |