File name:

vcredist_2015-2019_x64.exe

Full analysis: https://app.any.run/tasks/8b75e4a0-09e3-4c02-b86c-04d47ce01545
Verdict: Malicious activity
Analysis date: June 16, 2024, 13:59:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F0248D477E74687C5619AE16498B13D4

SHA1:

9ED4B091148C9B53F66B3F2C69BE7E60E74C486A

SHA256:

B6C82087A2C443DB859FDBEAAE7F46244D06C3F2A7F71C35E50358066253DE52

SSDEEP:

393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • vcredist_2015-2019_x64.exe (PID: 3996)
      • vcredist_2015-2019_x64.exe (PID: 3976)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • vcredist_2015-2019_x64.exe (PID: 3976)

    • Starts a Microsoft application from unusual location

      • vcredist_2015-2019_x64.exe (PID: 3996)
      • vcredist_2015-2019_x64.exe (PID: 3976)

    • Executable content was dropped or overwritten

      • vcredist_2015-2019_x64.exe (PID: 3976)
      • vcredist_2015-2019_x64.exe (PID: 3996)

    • Searches for installed software

      • vcredist_2015-2019_x64.exe (PID: 3996)

  • INFO

    • Checks supported languages

      • vcredist_2015-2019_x64.exe (PID: 3976)
      • vcredist_2015-2019_x64.exe (PID: 3996)

    • Create files in a temporary directory

      • vcredist_2015-2019_x64.exe (PID: 3976)
      • vcredist_2015-2019_x64.exe (PID: 3996)

    • Reads the computer name

      • vcredist_2015-2019_x64.exe (PID: 3996)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:11:18 21:37:28+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14
CodeSize: 301056
InitializedDataSize: 161280
UninitializedDataSize: -
EntryPoint: 0x2e06d
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 14.25.28508.3
ProductVersionNumber: 14.25.28508.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Microsoft Corporation
FileDescription: Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
FileVersion: 14.25.28508.3
InternalName: setup
LegalCopyright: Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFileName: VC_redist.x64.exe
ProductName: Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
ProductVersion: 14.25.28508.3
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start vcredist_2015-2019_x64.exe vcredist_2015-2019_x64.exe

Process information

PID
CMD
Path
Indicators
Parent process
3976"C:\Users\admin\AppData\Local\Temp\vcredist_2015-2019_x64.exe" C:\Users\admin\AppData\Local\Temp\vcredist_2015-2019_x64.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
Exit code:
1
Version:
14.25.28508.3
Modules
Images
c:\users\admin\appdata\local\temp\vcredist_2015-2019_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3996"C:\Users\admin\AppData\Local\Temp\{601F5EF8-6DFD-489F-8399-E95997C16654}\.cr\vcredist_2015-2019_x64.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\vcredist_2015-2019_x64.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 C:\Users\admin\AppData\Local\Temp\{601F5EF8-6DFD-489F-8399-E95997C16654}\.cr\vcredist_2015-2019_x64.exe
vcredist_2015-2019_x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
Exit code:
1
Version:
14.25.28508.3
Modules
Images
c:\users\admin\appdata\local\temp\{601f5ef8-6dfd-489f-8399-e95997c16654}\.cr\vcredist_2015-2019_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 205
Read events
1 205
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
32
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{601F5EF8-6DFD-489F-8399-E95997C16654}\.cr\vcredist_2015-2019_x64.exeexecutable
MD5:843288FD72A1152B50B4E4B7344BB592
SHA256:82C3E3423E48BAFCDD726624EB7FD3E00674E50E4B6ACDCAC408FE8FAE43B022
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\logo.pngimage
MD5:D6BD210F227442B3362493D046CEA233
SHA256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\thm.xmlxml
MD5:F62729C6D2540015E072514226C121C7
SHA256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\license.rtftext
MD5:2EABBB391ACB89942396DF5C1CA2BAD8
SHA256:E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\thm.wxlxml
MD5:FBFCBC4DACC566A3C426F43CE10907B6
SHA256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\1028\license.rtftext
MD5:B7F65A3A169484D21FA075CCA79083ED
SHA256:32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\1029\license.rtftext
MD5:B408556A89FCE3B47CD61302ECA64AC9
SHA256:21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\1028\thm.wxlxml
MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\1036\license.rtftext
MD5:F0FF747B85B1088A317399B0E11D2101
SHA256:4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
3996vcredist_2015-2019_x64.exeC:\Users\admin\AppData\Local\Temp\{89F3085B-7F10-4985-8133-A7C06A432730}\.ba\1036\thm.wxlxml
MD5:7B46AE8698459830A0F9116BC27DE7DF
SHA256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vcredist_2015-2019_x64.exe