| File name: | httrack-3.49.2.exe |
| Full analysis: | https://app.any.run/tasks/e3054f4b-863b-43e5-b1da-94b76c11f9bb |
| Verdict: | Malicious activity |
| Analysis date: | November 06, 2023, 13:44:56 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | E56F69E10A5F995F559557DA1C2DE7C3 |
| SHA1: | EAFD7FBE4B900BBE9A0F09E020A45EBDDB1B3159 |
| SHA256: | AF0F3101D0E7C8927A49E7C29BE2B3A92A9109B4481FE3E2A6BC5D813B470DC3 |
| SSDEEP: | 98304:ODnXE2ruClmjZacGIcCTpaQc3bffieWnGaZV2FLVpWTFyAD15cjcOCzniRIh5/Fa:zTOSdr0nau |
MALICIOUS
Drops the executable file immediately after the start
- httrack-3.49.2.exe (PID: 3572)
- httrack-3.49.2.exe (PID: 3128)
- httrack-3.49.2.tmp (PID: 3464)
SUSPICIOUS
Process drops legitimate windows executable
- httrack-3.49.2.tmp (PID: 3464)
Reads the Windows owner or organization settings
- httrack-3.49.2.tmp (PID: 3464)
The process drops C-runtime libraries
- httrack-3.49.2.tmp (PID: 3464)
INFO
Checks supported languages
- httrack-3.49.2.tmp (PID: 3432)
- httrack-3.49.2.tmp (PID: 3464)
- httrack-3.49.2.exe (PID: 3128)
- httrack-3.49.2.exe (PID: 3572)
- wmpnscfg.exe (PID: 3404)
- wmpnscfg.exe (PID: 3632)
- WinHTTrack.exe (PID: 3840)
Reads the computer name
- httrack-3.49.2.tmp (PID: 3432)
- httrack-3.49.2.tmp (PID: 3464)
- wmpnscfg.exe (PID: 3404)
- wmpnscfg.exe (PID: 3632)
- WinHTTrack.exe (PID: 3840)
Create files in a temporary directory
- httrack-3.49.2.tmp (PID: 3464)
- httrack-3.49.2.exe (PID: 3128)
- httrack-3.49.2.exe (PID: 3572)
Reads the machine GUID from the registry
- wmpnscfg.exe (PID: 3404)
- wmpnscfg.exe (PID: 3632)
- WinHTTrack.exe (PID: 3840)
Manual execution by a user
- wmpnscfg.exe (PID: 3404)
- wmpnscfg.exe (PID: 3632)
Creates files in the program directory
- httrack-3.49.2.tmp (PID: 3464)
Application launched itself
- msedge.exe (PID: 4032)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (71.1) |
|---|---|---|
| .exe | | | Win32 Executable Delphi generic (9.1) |
| .scr | | | Windows screen saver (8.4) |
| .dll | | | Win32 Dynamic Link Library (generic) (4.2) |
| .exe | | | Win32 Executable (generic) (2.9) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 1992:06:20 00:22:17+02:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 40448 |
| InitializedDataSize: | 18944 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xa5f8 |
| OSVersion: | 1 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 0.0.0.0 |
| ProductVersionNumber: | 0.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| Comments: | This installation was built with Inno Setup. |
| CompanyName: | HTTrack |
| FileDescription: | WinHTTrack Website Copier Setup |
| FileVersion: | |
| LegalCopyright: | |
| ProductName: | WinHTTrack Website Copier |
| ProductVersion: | 3.49.2 |
Total processes
59
Monitored processes
21
Malicious processes
4
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 280 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 448 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1540 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 604 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 732 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3800 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 788 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:3 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1508 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1612 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1880 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1892 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2080 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1308,i,17979710520598235520,8433749245859115325,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
3 909
Read events
3 873
Write events
20
Delete events
16
Modification events
| (PID) Process: | (3404) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{A8EC6296-6901-4282-B4F7-86E5A6C83760}\{FFE9D7E0-E223-4A1B-80C0-B500DF3E92F2} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3404) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{A8EC6296-6901-4282-B4F7-86E5A6C83760} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3404) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{E68F2BBE-56B3-4B08-A90B-E09F12873CA2}\{FFE9D7E0-E223-4A1B-80C0-B500DF3E92F2} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3404) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{E68F2BBE-56B3-4B08-A90B-E09F12873CA2} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3404) wmpnscfg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{15A88E33-FC49-4644-B04F-6BBD26F4079F} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3632) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{DAE9BD3E-B266-4F65-955D-1881D875A644}\{2E4D6889-3126-467B-A773-AB9B4BFF8A60} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3632) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{DAE9BD3E-B266-4F65-955D-1881D875A644} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3632) wmpnscfg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{836DB1DB-B061-4472-99E7-B949E18F9153} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (3464) httrack-3.49.2.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | delete value | Name: | RegFilesHash |
Value: B319C16FC72AB545BDEFCF6A20B23CACA458764D3FE249EBBB77CD716A784A56 | |||
| (PID) Process: | (3464) httrack-3.49.2.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | delete value | Name: | RegFiles0000 |
Value: C:\Program Files\WinHTTrack\htsjava.dll | |||
Executable files
31
Suspicious files
145
Text files
1 093
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3572 | httrack-3.49.2.exe | C:\Users\admin\AppData\Local\Temp\is-PRL8Q.tmp\httrack-3.49.2.tmp | executable | |
MD5:BC3AE216EE497C33A727652E67305CD6 | SHA256:111AE632794A8D94B3C112ACC28DC22EBD303ADB867A9A31812B1B65AD0BE649 | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\is-QO4PN.tmp | html | |
MD5:1D89A9A7547179DAAE778DCC0EF908B5 | SHA256:282770D2A8BD03CA4083F7453001A9E827958408019C6CBFD940AC65D213B149 | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\fcguide.html | html | |
MD5:24A8361EB3C63D5478671BE9D4D908AD | SHA256:EACC80E42F205270587FA18A4C912C7FEAA18B460634961D01EB6C253258A345 | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\is-N7P7U.tmp | html | |
MD5:B5E54867B9FFF5C98C6BBCDE4D0EB4C7 | SHA256:367A51005B6D0FAAE37EB34022F7B46DF4FDA08FABA82937C28E8D9645270C8C | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\filters.html | html | |
MD5:B5E54867B9FFF5C98C6BBCDE4D0EB4C7 | SHA256:367A51005B6D0FAAE37EB34022F7B46DF4FDA08FABA82937C28E8D9645270C8C | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\is-S5DPK.tmp | text | |
MD5:2E4FD7238B05CE0F73F8D70D10A66D84 | SHA256:9A1BBE9E472DFFE9888230C0FF017E21295334B17273D30DDCF1381E4358C6EB | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\is-IVV3D.tmp | executable | |
MD5:BC3AE216EE497C33A727652E67305CD6 | SHA256:111AE632794A8D94B3C112ACC28DC22EBD303ADB867A9A31812B1B65AD0BE649 | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\contact.html | html | |
MD5:D37B41E109339F58F83B2757DF7E4E1B | SHA256:FA67041648CADF9B7D099F35A8E34A09925B80F5F192F9ABDEC2ED25C0259D22 | |||
| 3464 | httrack-3.49.2.tmp | C:\Users\admin\AppData\Local\Temp\is-7A5C6.tmp\_isetup\_shfoldr.dll | executable | |
MD5:92DC6EF532FBB4A5C3201469A5B5EB63 | SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 | |||
| 3464 | httrack-3.49.2.tmp | C:\Program Files\WinHTTrack\html\is-UN6IU.tmp | html | |
MD5:1EBA20582A075D281CD488A5ED143E30 | SHA256:A25B9AC3791C5CAC30EDAD325296B3C83D1B6731E9CE48A606DC2592EE33BE0B | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
73
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3840 | WinHTTrack.exe | GET | 200 | 142.250.186.100:80 | http://www.google.com/intl/de/policies/terms/ | unknown | html | 679 b | unknown |
3840 | WinHTTrack.exe | GET | 301 | 142.250.186.100:80 | http://www.google.com/advanced_search?hl=de&authuser=0 | unknown | html | 256 b | unknown |
3840 | WinHTTrack.exe | GET | 200 | 142.250.186.100:80 | http://www.google.com/ | unknown | html | 11.8 Kb | unknown |
3840 | WinHTTrack.exe | GET | 200 | 142.250.184.227:80 | http://ssl.gstatic.com/ui/v1/zippy/arrow_down.png | unknown | image | 94 b | unknown |
3840 | WinHTTrack.exe | GET | 301 | 142.250.186.100:80 | http://www.google.com/intl/de/about.html | unknown | html | 233 b | unknown |
3840 | WinHTTrack.exe | GET | 200 | 142.250.186.100:80 | http://www.google.com/images/branding/googlelogo/1x/googlelogo_white_background_color_272x92dp.png | unknown | image | 5.35 Kb | unknown |
3840 | WinHTTrack.exe | GET | 301 | 142.250.186.100:80 | http://www.google.com/preferences?hl=de | unknown | html | 237 b | unknown |
3840 | WinHTTrack.exe | GET | 404 | 142.250.186.100:80 | http://www.google.com/intl/de/policies/terms/curl | unknown | html | 1.55 Kb | unknown |
3840 | WinHTTrack.exe | GET | 301 | 142.250.186.100:80 | http://www.google.com/services/ | unknown | html | 229 b | unknown |
3840 | WinHTTrack.exe | GET | 301 | 142.250.186.100:80 | http://www.google.com/intl/de/ads/ | unknown | html | 233 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
868 | svchost.exe | 95.101.148.135:80 | armmf.adobe.com | Akamai International B.V. | NL | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3840 | WinHTTrack.exe | 142.250.186.100:80 | www.google.com | GOOGLE | US | whitelisted |
3840 | WinHTTrack.exe | 142.250.184.227:443 | ssl.gstatic.com | GOOGLE | US | whitelisted |
3840 | WinHTTrack.exe | 142.250.186.100:443 | www.google.com | GOOGLE | US | whitelisted |
3840 | WinHTTrack.exe | 142.250.186.163:443 | www.gstatic.com | GOOGLE | US | whitelisted |
3840 | WinHTTrack.exe | 142.250.184.227:80 | ssl.gstatic.com | GOOGLE | US | whitelisted |
4032 | msedge.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
788 | msedge.exe | 52.123.243.86:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | DE | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
armmf.adobe.com |
| whitelisted |
www.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |