analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://agsupdate.adobe.com/win32/AGC_5_0_0_950_win32_cef.zip

Full analysis: https://app.any.run/tasks/aa2ac2cd-4369-4346-997d-8b59711a0ae1
Verdict: Malicious activity
Analysis date: April 25, 2019, 14:15:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

AA59B529E9086685AEF4E752324940C2

SHA1:

30C33AEF47CEE3452D7BF15A2F6A4CBCAE8D05F3

SHA256:

AA3DB39941CA533165F957DEAA8AF286BC1DD27C2B1A5E2AE49367C851507D8A

SSDEEP:

3:N1Kf7egtSMiNv6c6MLQAUn:CzeggN1XLQ7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 2044)
      • AdobeGCClient.exe (PID: 3700)

    • Application was dropped or rewritten from another process

      • AdobeGCClient.exe (PID: 3700)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3652)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 3652)

    • Creates files in the user directory

      • iexplore.exe (PID: 128)

    • Changes internet zones settings

      • iexplore.exe (PID: 2304)

    • Application launched itself

      • iexplore.exe (PID: 2304)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2304)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2304)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2304)
      • iexplore.exe (PID: 128)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe winrar.exe searchprotocolhost.exe no specs adobegcclient.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2304"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
128"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2304 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3652"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\AGC_5_0_0_950_win32_cef.zip"C:\Program Files\WinRAR\WinRAR.exe
iexplore.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2044"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
3700"C:\Users\admin\Desktop\AGC_5_0_0_950_win32_cef\AdobeGCClient.exe" C:\Users\admin\Desktop\AGC_5_0_0_950_win32_cef\AdobeGCClient.exeexplorer.exe
User:
admin
Company:
Adobe Systems, Incorporated
Integrity Level:
MEDIUM
Description:
Adobe GC Client Application
Exit code:
0
Version:
3.5.0.439
Total events
1 565
Read events
1 422
Write events
0
Delete events
0

Modification events

No data
Executable files
18
Suspicious files
57
Text files
13
Unknown types
4

Dropped files

PID
Process
Filename
Type
2304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2304iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2304iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFDE09B1073B606965.TMP
MD5:
SHA256:
128iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8T6WZ38\AGC_5_0_0_950_win32_cef[1].zip
MD5:
SHA256:
2304iexplore.exeC:\Users\admin\Desktop\AGC_5_0_0_950_win32_cef.zip
MD5:
SHA256:
2304iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF02BCC5F9AB7471F8.TMP
MD5:
SHA256:
2304iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A28A5FA1-6764-11E9-A09E-5254004A04AF}.dat
MD5:
SHA256:
128iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019042520190426\index.datdat
MD5:0BD7FC1A21A110482E25663111E9A40D
SHA256:EA0F592F5C384C48B0E4BD981104728F499A8A20335647FA4A3B6B5BBBD5E0E2
128iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.logtext
MD5:63841E622D7C74601DE624D6BA97D8F3
SHA256:4C99128BDEF28548E7B0210820B65F774D9C7E228FBE261E3060387C5DCFE1BA
128iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:F4741D2AAB8BA253EA30D5D9F3705C8E
SHA256:A6F367F8A31981525D5A9928384F2C06BDCD2F97435C263CA1B54965A01A5A6F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
128
iexplore.exe
GET
200
104.111.214.232:80
http://agsupdate.adobe.com/win32/AGC_5_0_0_950_win32_cef.zip
NL
compressed
37.9 Mb
whitelisted
2304
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2304
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
128
iexplore.exe
104.111.214.232:80
agsupdate.adobe.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
agsupdate.adobe.com
  • 104.111.214.232
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://agsupdate.adobe.com/win32/AGC_5_0_0_950_win32_cef.zip