File name:

eddy.exe

Full analysis: https://app.any.run/tasks/c9e35b25-d86f-4e1a-ad38-1bcde9ae0ef8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 27, 2024, 06:13:57
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

0E17B7744FCF9EE8F655D6EB7AB9CD7F

SHA1:

50F5FEA1777B890836FEB3E6EE7A1C0672F5CFDA

SHA256:

B045DEBF515646C3B81632CEDE54A0A3730E01C5EACAD4C5CAF9F6C062458F77

SSDEEP:

96:5TN17BrWRi3UAPFZXxZ7Ma44m6cG+dvae/6Vyj/yz0V9fLZz/fzNt:7r+wxPFZX7Ma/+dvlCVyjHV7l

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes application which crashes

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Potential Corporate Privacy Violation

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Process drops legitimate windows executable

      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 5400)

    • Process requests binary or script from the Internet

      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)

  • INFO

    • Checks proxy server information

      • eddy.exe (PID: 612)
      • WerFault.exe (PID: 1112)
      • eddy.exe (PID: 3580)
      • WerFault.exe (PID: 3004)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • WerFault.exe (PID: 6496)
      • WerFault.exe (PID: 7084)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • WerFault.exe (PID: 6416)
      • eddy.exe (PID: 1172)
      • WerFault.exe (PID: 6476)
      • WerFault.exe (PID: 7152)

    • Checks supported languages

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Reads Environment values

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Reads the computer name

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Reads the machine GUID from the registry

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Manual execution by a user

      • Taskmgr.exe (PID: 2652)
      • eddy.exe (PID: 3580)
      • Taskmgr.exe (PID: 1332)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Disables trace logs

      • eddy.exe (PID: 612)
      • eddy.exe (PID: 3580)
      • eddy.exe (PID: 6304)
      • eddy.exe (PID: 3696)
      • eddy.exe (PID: 5400)
      • eddy.exe (PID: 6200)
      • eddy.exe (PID: 1172)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 1112)
      • WerFault.exe (PID: 3004)
      • WerFault.exe (PID: 7084)
      • WerFault.exe (PID: 6496)
      • WerFault.exe (PID: 6476)
      • WerFault.exe (PID: 7152)
      • WerFault.exe (PID: 6416)

    • Reads the software policy settings

      • WerFault.exe (PID: 1112)
      • WerFault.exe (PID: 3004)
      • WerFault.exe (PID: 7084)
      • WerFault.exe (PID: 6496)
      • WerFault.exe (PID: 6476)
      • WerFault.exe (PID: 6416)
      • WerFault.exe (PID: 7152)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 2652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (82.9)
.dll | Win32 Dynamic Link Library (generic) (7.4)
.exe | Win32 Executable (generic) (5.1)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2068:08:31 01:50:40+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 5120
InitializedDataSize: 2048
UninitializedDataSize: -
EntryPoint: 0x329e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: eddy
FileVersion: 1.0.0.0
InternalName: eddy.exe
LegalCopyright: Copyright © 2024
LegalTrademarks: -
OriginalFileName: eddy.exe
ProductName: eddy
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
16
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start eddy.exe werfault.exe taskmgr.exe no specs taskmgr.exe eddy.exe werfault.exe eddy.exe werfault.exe eddy.exe werfault.exe eddy.exe eddy.exe werfault.exe eddy.exe werfault.exe werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
612"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1112C:\WINDOWS\system32\WerFault.exe -u -p 612 -s 1688C:\Windows\System32\WerFault.exe
eddy.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\oleaut32.dll
1172"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1332"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
2652"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
3004C:\WINDOWS\system32\WerFault.exe -u -p 3580 -s 1768C:\Windows\System32\WerFault.exe
eddy.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
3580"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3696"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5400"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6200"C:\Users\admin\Desktop\eddy.exe" C:\Users\admin\Desktop\eddy.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
eddy
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\eddy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
30 198
Read events
30 182
Write events
15
Delete events
1

Modification events

(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(612) eddy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\eddy_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
11
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
1112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_eddy.exe_5912917574315695c7e1abd363c17ceb6e58ab44_b5082d22_66ee297e-4e1e-47b6-8ab4-c3b0144f838d\Report.wer
MD5:
SHA256:
1112WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\eddy.exe.612.dmp
MD5:
SHA256:
3004WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_eddy.exe_5912917574315695c7e1abd363c17ceb6e58ab44_b5082d22_57a51294-c33e-476a-81d4-8bf5ef71bab5\Report.wer
MD5:
SHA256:
3004WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\eddy.exe.3580.dmp
MD5:
SHA256:
7084WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_eddy.exe_5912917574315695c7e1abd363c17ceb6e58ab44_b5082d22_435e270e-5c6a-406b-8a83-f4ac2a8dda81\Report.wer
MD5:
SHA256:
7084WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\eddy.exe.6304.dmp
MD5:
SHA256:
6496WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_eddy.exe_5912917574315695c7e1abd363c17ceb6e58ab44_b5082d22_d8735643-6694-4bf4-877f-572111031593\Report.wer
MD5:
SHA256:
6496WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\eddy.exe.3696.dmp
MD5:
SHA256:
1112WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERBABD.tmp.dmpbinary
MD5:A37F70F68F9F0A2EBD1A6790A1FD53A4
SHA256:0CC63B54FA73E035279F94330E4DC81AEF87A17D4E6B3C81B778A00EEA7576C8
2652Taskmgr.exeC:\Users\admin\AppData\Local\D3DSCache\3534848bb9f4cb71\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.locktext
MD5:F49655F856ACB8884CC0ACE29216F511
SHA256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
58
DNS requests
29
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3696
eddy.exe
GET
200
141.8.194.149:80
http://a1045941.xsph.ru/1.exe
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
612
eddy.exe
GET
200
141.8.194.149:80
http://a1045941.xsph.ru/1.exe
unknown
whitelisted
1112
WerFault.exe
GET
200
23.216.77.22:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1112
WerFault.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4004
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5400
eddy.exe
GET
200
141.8.194.149:80
http://a1045941.xsph.ru/1.exe
unknown
whitelisted
1172
eddy.exe
GET
200
141.8.194.149:80
http://a1045941.xsph.ru/1.exe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5488
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.216.77.22:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4360
SearchApp.exe
104.126.37.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
612
eddy.exe
141.8.194.149:80
a1045941.xsph.ru
Sprinthost.ru LLC
RU
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.22
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.155
  • 104.126.37.171
  • 104.126.37.161
  • 104.126.37.138
  • 104.126.37.139
  • 104.126.37.128
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.169
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.184.238
whitelisted
a1045941.xsph.ru
  • 141.8.194.149
whitelisted
watson.events.data.microsoft.com
  • 20.42.65.92
  • 20.42.73.29
  • 104.208.16.94
  • 52.182.143.212
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.14
  • 20.190.160.20
  • 40.126.32.133
  • 20.190.160.17
  • 40.126.32.134
  • 40.126.32.74
  • 40.126.32.138
whitelisted
th.bing.com
  • 104.126.37.171
  • 104.126.37.139
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.138
  • 104.126.37.155
  • 104.126.37.169
  • 104.126.37.128
  • 104.126.37.160
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Misc activity
ET INFO Observed DNS Query to xsph .ru Domain
612
eddy.exe
A Network Trojan was detected
ET MALWARE Single char EXE direct download likely trojan (multiple families)
612
eddy.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
612
eddy.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3580
eddy.exe
A Network Trojan was detected
ET MALWARE Single char EXE direct download likely trojan (multiple families)
3580
eddy.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3580
eddy.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
6304
eddy.exe
A Network Trojan was detected
ET MALWARE Single char EXE direct download likely trojan (multiple families)
6304
eddy.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
6304
eddy.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
eddy.exe