File name:

imyfone-voxbox_setup-com_es.exe

Full analysis: https://app.any.run/tasks/3052a555-e2b5-4e57-a973-04bbb31cf07d
Verdict: Malicious activity
Analysis date: September 27, 2024, 16:02:16
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

922705A2DC4534AAE99B3F70A922C1A3

SHA1:

12B55F6BA101CA5BB9383C26AA4406C76696C663

SHA256:

A61B88BE28DB274EBA9874337FD80942CCD2D46B4E063D266C7718C0C30E615A

SSDEEP:

98304:Nih71YOu3DdQpPAlnDoImcCD/SSNX2riBhhQcKeFmCJ6ZyHlNt4kxeRel/Zamf63:S4FL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Process drops legitimate windows executable

      • imyfone-download.tmp (PID: 3828)

    • Executable content was dropped or overwritten

      • imyfone-download.exe (PID: 7080)
      • imyfone-download.tmp (PID: 3828)

    • Drops 7-zip archiver for unpacking

      • imyfone-download.tmp (PID: 3828)

    • The process drops C-runtime libraries

      • imyfone-download.tmp (PID: 3828)

  • INFO

    • Reads the computer name

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Checks supported languages

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Creates files in the program directory

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Checks proxy server information

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Reads product name

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Reads Environment values

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Reads the software policy settings

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)

    • Reads the machine GUID from the registry

      • imyfone-voxbox_setup-com_es.exe (PID: 1280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (16.3)
.exe | Win64 Executable (generic) (14.5)
.dll | Win32 Dynamic Link Library (generic) (3.4)
.exe | Win32 Executable (generic) (2.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:28 06:02:41+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2117632
InitializedDataSize: 1059840
UninitializedDataSize: -
EntryPoint: 0x1bb6a4
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.3.0.4
ProductVersionNumber: 4.3.0.4
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: imyfone-voxbox_setup-com_es.exe
FileVersion: 4.3.0.4
LegalCopyright: Copyright (C) 2024 iMyFone. All rights reserved.
ProductName: iMyFone VoxBox
ProductVersion: 4.3.0.4
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
9
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start imyfone-voxbox_setup-com_es.exe sppextcomobj.exe no specs slui.exe imyfone-download.exe imyfone-download.tmp _setup64.tmp no specs conhost.exe no specs slui.exe imyfone-voxbox_setup-com_es.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
652C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1280"C:\Users\admin\AppData\Local\Temp\imyfone-voxbox_setup-com_es.exe" C:\Users\admin\AppData\Local\Temp\imyfone-voxbox_setup-com_es.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
imyfone-voxbox_setup-com_es.exe
Version:
4.3.0.4
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-voxbox_setup-com_es.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2456"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3828"C:\Users\admin\AppData\Local\Temp\is-UL718.tmp\imyfone-download.tmp" /SL5="$1D0222,83566262,345600,C:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\imyfone-download.exe" /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\temp.progress"C:\Users\admin\AppData\Local\Temp\is-UL718.tmp\imyfone-download.tmp
imyfone-download.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ul718.tmp\imyfone-download.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5028"C:\Users\admin\AppData\Local\Temp\imyfone-voxbox_setup-com_es.exe" C:\Users\admin\AppData\Local\Temp\imyfone-voxbox_setup-com_es.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
imyfone-voxbox_setup-com_es.exe
Exit code:
3221226540
Version:
4.3.0.4
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-voxbox_setup-com_es.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5056C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5996\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe_setup64.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6044helper 105 0x4E8C:\Users\admin\AppData\Local\Temp\is-0UMF2.tmp\_isetup\_setup64.tmpimyfone-download.tmp
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\is-0umf2.tmp\_isetup\_setup64.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
7080 /verysilent /imyfone_down /wait_run /path="C:\Program Files (x86)\" /progress="C:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\temp.progress"C:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\imyfone-download.exe
imyfone-voxbox_setup-com_es.exe
User:
admin
Company:
Shenzhen iMyFone Technology Co., Ltd.
Integrity Level:
HIGH
Description:
iMyFone VoxBox
Version:
5.9.4.3
Modules
Images
c:\program files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\imyfone-download.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
1 659
Read events
1 658
Write events
1
Delete events
0

Modification events

(PID) Process:(1280) imyfone-voxbox_setup-com_es.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\iMyfone\iMyfoneDown
Operation:writeName:GUID
Value:
08A993D7-3DDF-4358-9312-C9DF529CF5EA
Executable files
317
Suspicious files
228
Text files
2 640
Unknown types
19

Dropped files

PID
Process
Filename
Type
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\ChineseTW\install_tips.pngimage
MD5:992528F19FEDA5FD91B78FBFB21349A0
SHA256:C5618D6781D1A5120ECE2DB6E29492B8393FE91CCE512CBCFA30DDC27C1C0790
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\Arabic\install_tips.pngimage
MD5:28FBF016E49EED024EBC37A11E1F883A
SHA256:78AFDAF35FA6173B08621270842B5D8D899B966FFDFA986A9E98F372AFD4F419
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\German\text.initext
MD5:3F25B80EE7321A74F6010264D4D94C35
SHA256:A267CEF7D5A84BD44E4FB328F6AFEFFF2ED8017D72564EADD4FADC646F36F71C
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\English\UrlInfo.initext
MD5:79D57F5B289BA1003A24DC2D3460D53C
SHA256:E4BBA88D4FFC7F57279AE780F2DBD4FF666A8573D69E9463A178A96008EDF913
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\Arabic\UrlInfo.initext
MD5:38600A634E1C8184CA05AAFC0B503A48
SHA256:7C525D5A2286CB33BDE92AF54F906281ED583D0EC5415CDA473F00C3BC710759
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\ChineseTW\text.initext
MD5:0D08745EC684E55397101BD9098F4371
SHA256:A982450C33C3CF10971D9226E6781E880625078CB888D94225B9B0B702942C32
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\ChineseTW\UrlInfo.initext
MD5:79668F834A24D918C83B25B121212243
SHA256:14FBD99A28C0B455303C7D8E68EA5E8DD7B7BB4B42DEDBFC7DC81E77284AF4D9
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\German\install_tips.pngimage
MD5:28FBF016E49EED024EBC37A11E1F883A
SHA256:78AFDAF35FA6173B08621270842B5D8D899B966FFDFA986A9E98F372AFD4F419
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\French\UrlInfo.initext
MD5:FA9DE37917B577BC4C692873531873F1
SHA256:13822DBD7A45690B63732723EFA9DF7EF4A1E0BD1293535A27D42A21A286F94E
1280imyfone-voxbox_setup-com_es.exeC:\Program Files (x86)\imyfone_down\imyfone-voxbox_setup-com_es\language\English\install_tips.pngimage
MD5:28FBF016E49EED024EBC37A11E1F883A
SHA256:78AFDAF35FA6173B08621270842B5D8D899B966FFDFA986A9E98F372AFD4F419
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
72
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5092
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5152
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5092
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2708
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6212
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5152
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
23.218.210.69:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2708
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2708
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.184.206
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.17
  • 40.126.32.134
  • 40.126.32.74
  • 20.190.160.22
  • 20.190.160.14
  • 40.126.32.136
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
apipdm.imyfone.club
  • 47.254.4.210
unknown
download-new.imyfone.com
  • 65.9.95.12
  • 65.9.95.84
  • 65.9.95.44
  • 65.9.95.104
whitelisted
www.google-analytics.com
  • 172.217.18.14
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
imyfone-voxbox_setup-com_es.exe