File name:

Yandex.exe

Full analysis: https://app.any.run/tasks/33c85e99-2632-4ca2-abe8-558297553e2d
Verdict: Malicious activity
Analysis date: March 29, 2024, 09:48:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

E7408893A6DBBA8D146BC4769A11743D

SHA1:

E1F2C6D700295F70CB7DC78C7A2ABA234788D4F4

SHA256:

ABA4881F73D76F9EA4CAE485DC375016E4ADFE209E2CCB3D2F7C99BDF773682D

SSDEEP:

98304:zKWjQJBgjdWBOp9ZpONSaJe2Bho8sgGe9sLBXvWjKOBEO7X+i51yJbVMBywhP791:dQbutyRxj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Yandex.exe (PID: 3992)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Yandex.exe (PID: 3992)

    • Reads security settings of Internet Explorer

      • Yandex.exe (PID: 3992)

    • Reads settings of System Certificates

      • Yandex.exe (PID: 3992)

    • Application launched itself

      • Yandex.exe (PID: 3992)

    • Checks Windows Trust Settings

      • Yandex.exe (PID: 3992)

  • INFO

    • Reads the computer name

      • Yandex.exe (PID: 3992)

    • Checks supported languages

      • Yandex.exe (PID: 3992)
      • Yandex.exe (PID: 3516)

    • Create files in a temporary directory

      • Yandex.exe (PID: 3992)

    • Creates files or folders in the user directory

      • Yandex.exe (PID: 3992)

    • Checks proxy server information

      • Yandex.exe (PID: 3992)

    • Reads the machine GUID from the registry

      • Yandex.exe (PID: 3992)

    • Reads the software policy settings

      • Yandex.exe (PID: 3992)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:13 18:19:51+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 1074176
InitializedDataSize: 5800960
UninitializedDataSize: -
EntryPoint: 0x49640
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 24.1.4.826
ProductVersionNumber: 24.1.4.826
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: YANDEX LLC
FileDescription: Yandex
FileVersion: 24.1.4.826
InternalName: lite_installer
LegalCopyright: Copyright (c) 2012-2024 YANDEX LLC. All Rights Reserved.
ProductName: Yandex
ProductVersion: 24.1.4.826
ProductChromiumVersion: 120.0.6099.291
ProductYandexVersion: 24.1.4.826
CompanyShortName: YANDEX LLC
ProductShortName: Yandex Installer
LastChange: bbf55b5b2cd6e30b98b4f53e8c0bd2025efd9ae6
OfficialBuild: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start yandex.exe yandex.exe

Process information

PID
CMD
Path
Indicators
Parent process
3516"C:\Users\admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=3992 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\admin\AppData\Local\Temp\6fa8017c-c743-4b46-bd22-60d37b85a971.tmp\" --brand-name=yandex --browser-present=none --installer-brand-id=yandex --installer-partner-id=pseudoportal-ru --make-browser-default-after-import --ok-button-pressed-time=1586099609 --progress-window=852500 --send-statistics --variations-update-path=\"C:\Users\admin\AppData\Local\Temp\1c03885d-7eba-4737-a32b-6eecd8e9402e.tmp\" --verbose-logging"C:\Users\admin\AppData\Local\Temp\Yandex.exe
Yandex.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
HIGH
Description:
Yandex
Version:
24.1.4.826
Modules
Images
c:\users\admin\appdata\local\temp\yandex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3992"C:\Users\admin\AppData\Local\Temp\Yandex.exe" C:\Users\admin\AppData\Local\Temp\Yandex.exe
explorer.exe
User:
admin
Company:
YANDEX LLC
Integrity Level:
MEDIUM
Description:
Yandex
Version:
24.1.4.826
Modules
Images
c:\users\admin\appdata\local\temp\yandex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
8 798
Read events
8 746
Write events
43
Delete events
9

Modification events

(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\AppDataLow\Yandex
Operation:writeName:UICreated_admin
Value:
1
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:delete valueName:brand
Value:
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:delete valueName:BrandFile
Value:
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:delete valueName:PartnerFile
Value:
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:lang
Value:
ru
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:InstallerData
Value:
C:\Users\admin\AppData\Local\Temp\master_preferences
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:ClidsFile
Value:
C:\Users\admin\AppData\Local\Temp\clids.xml
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:YandexWebsiteIconFile
Value:
C:\Users\admin\AppData\Local\Temp\website.ico
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:AbtConfigResourceFile
Value:
C:\Users\admin\AppData\Local\Temp\abt_config_resource
(PID) Process:(3992) Yandex.exeKey:HKEY_CURRENT_USER\Software\Yandex\YandexBrowser
Operation:writeName:brand
Value:
yandex
Executable files
0
Suspicious files
9
Text files
14
Unknown types
10

Dropped files

PID
Process
Filename
Type
3992Yandex.exeC:\Users\admin\AppData\Roaming\Yandex\uitext
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\lite_installer.logtext
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\PartnerFilecompressed
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\BrandFilecompressed
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\master_preferencesbinary
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\clids.xmlxml
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\website.ico
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\Local\Temp\abt_config_resourcetext
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:
SHA256:
3992Yandex.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81Bbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
24
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3992
Yandex.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8ce7b6eb33a7060f
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDQHuXxad%2F5c1K2Rl1mo%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp2.globalsign.com/rootr5/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQiD0S5cIHyfrLTJ1fvAkJWflH%2B2QQUPeYpSJvqB8ohREom3m7e0oPQn1kCDQHuXyKVQkkF%2BQGRqNw%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDGAyJdwPYvx99%2Bbh1Q%3D%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsrsaovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRrcGT%2BanRD3C1tW3nsrKeuXC7DPwQU%2BO9%2F8s14Z6jeb48kjYjxhwMCs%2BsCDA5BtkVrz4nNHGlMLA%3D%3D
unknown
unknown
3992
Yandex.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gseccovsslca2018/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSTMjK03nNiYoQYvu4Izyfn9OJNdAQUWHuOdSr%2BYYCqkEABrtboB0ZuP0gCDAHPqkXgCPxEWpoaFA%3D%3D
unknown
unknown
1080
svchost.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?624d1ab720bef5f8
unknown
unknown
1080
svchost.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?e2ddf83a2417bb20
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
3992
Yandex.exe
213.180.193.234:443
api.browser.yandex.net
YANDEX LLC
RU
whitelisted
3992
Yandex.exe
5.45.205.241:443
download.cdn.yandex.net
YANDEX LLC
RU
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3992
Yandex.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3992
Yandex.exe
104.18.21.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
3992
Yandex.exe
185.70.202.13:443
ext-cachev2-itt01.cdn.yandex.net
TELECOM ITALIA SPARKLE S.p.A.
IT
unknown
3992
Yandex.exe
185.70.202.15:443
ext-cachev2-itt03.cdn.yandex.net
TELECOM ITALIA SPARKLE S.p.A.
IT
unknown

DNS requests

Domain
IP
Reputation
api.browser.yandex.net
  • 213.180.193.234
whitelisted
download.cdn.yandex.net
  • 5.45.205.241
  • 5.45.205.245
  • 5.45.205.243
  • 5.45.205.242
  • 5.45.205.244
whitelisted
api.browser.yandex.ru
  • 213.180.193.234
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ocsp2.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
ext-cachev2-itt01.cdn.yandex.net
  • 185.70.202.13
whitelisted
ext-cachev2-itt03.cdn.yandex.net
  • 185.70.202.15
whitelisted
ext-cachev2-itt02.cdn.yandex.net
  • 185.70.202.14
whitelisted
ext-cachev2-cogent03.cdn.yandex.net
  • 149.5.241.43
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Yandex.exe