File name:

cbsidlm-tr1_5-ImgBurn-10847481.exe

Full analysis: https://app.any.run/tasks/d2cfce4d-41f3-4190-9478-2dde2b45b089
Verdict: Malicious activity
Analysis date: February 03, 2024, 00:30:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

795CE399B0FF5850EC39B6ED73B68282

SHA1:

76A33F18410CD93DC994975222AA0AC5606AF1DC

SHA256:

A8E30CEAEB1AE11C989C952E9DABDF19F4EA384FB7F7F1D9FD36D2A6312AE76F

SSDEEP:

24576:/cn6f0IBaGp7Zo7EBV8/eCwnonoriwn5ufRlFn5e10sDvkn4n:/q6f0IBaGp7Zo7EBK2Cwn4oriwn5ufRY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

    • Executable content was dropped or overwritten

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

    • The process creates files with name similar to system file names

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

  • INFO

    • Reads the computer name

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

    • Checks supported languages

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

    • Process checks whether UAC notifications are on

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)

    • Create files in a temporary directory

      • cbsidlm-tr1_5-ImgBurn-10847481.exe (PID: 2088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:06:22 20:07:51+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 23552
InitializedDataSize: 123392
UninitializedDataSize: 1024
EntryPoint: 0x333b
OSVersion: 5.1
ImageVersion: 6
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.8.0.1
ProductVersionNumber: 2.8.0.1
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Combuilddate: 8/3/2012
Combuilddir: C:\BM\2.5\WebTemplates
Combuildid: ffe9d8b1fe820ebe1ba85c8f3d7d08aa0316e94e refs/heads/master
Combuildmachine: FRANCO-PC
Combuildtime: 12:23:04 PM
Combuilduser: $%USER%
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cbsidlm-tr1_5-imgburn-10847481.exe cbsidlm-tr1_5-imgburn-10847481.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Users\admin\AppData\Local\Temp\cbsidlm-tr1_5-ImgBurn-10847481.exe" C:\Users\admin\AppData\Local\Temp\cbsidlm-tr1_5-ImgBurn-10847481.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\cbsidlm-tr1_5-imgburn-10847481.exe
c:\windows\system32\ntdll.dll
2088"C:\Users\admin\AppData\Local\Temp\cbsidlm-tr1_5-ImgBurn-10847481.exe" C:\Users\admin\AppData\Local\Temp\cbsidlm-tr1_5-ImgBurn-10847481.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2
Modules
Images
c:\users\admin\appdata\local\temp\cbsidlm-tr1_5-imgburn-10847481.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
874
Read events
862
Write events
12
Delete events
0

Modification events

(PID) Process:(2088) cbsidlm-tr1_5-ImgBurn-10847481.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Users\admin\AppData\Local\Temp\nsk380E.tmp\download.com\
Executable files
10
Suspicious files
5
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\utils.luatext
MD5:1A08E6701868D895A482039DE5F19872
SHA256:5EE55478E71A8D5E4697EC52495FB9E1BEA104E30D783475B876A04E10781657
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaBridge.dllexecutable
MD5:9D05719B084770DC9DB32664D7C721DF
SHA256:F80704C617AA9B65F390B93A52EB309E0F13A3B34B855617AAD4F3126E6FE7A9
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\System.dllexecutable
MD5:7E3C808299AA2C405DFFA864471DDB7F
SHA256:91C47A9A54A3A8C359E89A8B4E133E6B7296586748ED3E8F4FE566ABD6C81DDD
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\socket\tp.luatext
MD5:2CAD406E591CADE482C7F16F39C21481
SHA256:343AFA62F69C7C140FBBF02B4BA2F7B2F711B6201BB6671C67A3744394084269
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\mime.luatext
MD5:4BFDAAAB9014FE129BC6388FD5687C8F
SHA256:E9167E0DA842A0B856CBE6A2CF576F2D11BCEDB5985E8E4C8C71A73486F6FA5A
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\socket\smtp.luatext
MD5:29A883B6FB47F87609D0A5B1973AA45B
SHA256:04A2BCC6EB8BE03803F7EA4C9AA32E6F70F97FDB6B3BC5ECC5E990CC9932AC90
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\socket\http.luatext
MD5:61A2A779DA46E835338F1AD1EFAD1717
SHA256:68FD4BC835DA98DD1D5509333F8CC8861133C9439D3DE879BF29A96DE462940A
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\lua51.dllexecutable
MD5:13C3A33C1F6E43F38DE533FD0B766C98
SHA256:4158063B0A868431F6430F54C1192BF20E58A43A6D3D03B740E090951E2F4427
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\socket.luatext
MD5:74DBE1060E91112E1C21EF9870B4A587
SHA256:15FD138A169CAE80FECF4C797B33A257D587ED446F02ECF3EF913E307A22F96D
2088cbsidlm-tr1_5-ImgBurn-10847481.exeC:\Users\admin\AppData\Local\Temp\nsk380E.tmp\LuaSocket\lua\ltn12.luatext
MD5:E440044AFE6C761507A996B5B45AB0F9
SHA256:B1864AED85C114354B04FBE9B3F41C5EBC4DF6D129E08EF65A0C413D0DAABD29
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
1
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2088
cbsidlm-tr1_5-ImgBurn-10847481.exe
GET
404
23.23.235.104:80
http://23.23.235.104:80/install?filename=cbsidlm%2dtr1_5%2dImgBurn%2d10847481%2eexe
unknown
html
976 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2088
cbsidlm-tr1_5-ImgBurn-10847481.exe
23.23.235.104:80
download.webinstall.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
download.webinstall.com
  • 23.23.235.104
  • 18.233.221.25
malicious

Threats

PID
Process
Class
Message
2088
cbsidlm-tr1_5-ImgBurn-10847481.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cbsidlm-tr1_5-ImgBurn-10847481.exe