File name: | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe |
Full analysis: | https://app.any.run/tasks/6b783e84-8a82-47c8-b43b-80ee26ca8e50 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:45:35 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections |
MD5: | 949FAB8A38F9163BE3019D326CD2AB3C |
SHA1: | BCC4C0E24496556C9EA72B904034FF7FAD21B40B |
SHA256: | BD3DA4BB59C183FDC093FC526CD75BB2A7969A757A7E698598943A0D79163CF7 |
SSDEEP: | 49152:DPNVkWShlX40vue4HyNt85q0lVlqQXO6ZCmSxbv0kFgQ0Qh1lhUq8s891D751h1O:DP/kWSA4D05zrlhO6smSlvMQ0QrTU15C |
.exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (14.2) |
.exe | | | Win32 Executable (generic) (9.7) |
.exe | | | Generic Win/DOS Executable (4.3) |
.exe | | | DOS Executable Generic (4.3) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2018:12:15 22:26:14+00:00 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
PEType: | PE32 |
LinkerVersion: | 6 |
CodeSize: | 26624 |
InitializedDataSize: | 473088 |
UninitializedDataSize: | 16384 |
EntryPoint: | 0x338f |
OSVersion: | 4 |
ImageVersion: | 6 |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 1.17.2.0 |
ProductVersionNumber: | 1.17.2.0 |
FileFlagsMask: | 0x0000 |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | Windows, Latin1 |
CompanyName: | ITPRODUCTDEV LTD |
FileDescription: | Ummy Desktop |
FileVersion: | 1.17.2 |
LegalCopyright: | Copyright © 2024 ITPRODUCTDEV LTD |
ProductName: | Ummy |
ProductVersion: | 1.17.2 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3688 | "C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe" | C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | explorer.exe | ||||||||||||
User: admin Company: ITPRODUCTDEV LTD Integrity Level: MEDIUM Description: Ummy Desktop Exit code: 0 Version: 1.17.2 Modules
| |||||||||||||||
5432 | "C:\WINDOWS\system32\cmd.exe" /C more < "C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe:Zone.Identifier" | C:\Windows\SysWOW64\cmd.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
2072 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6892 | cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Ummy.exe" | %SYSTEMROOT%\System32\find.exe "Ummy.exe" | C:\Windows\SysWOW64\cmd.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
6900 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6948 | tasklist /FI "USERNAME eq admin" /FI "IMAGENAME eq Ummy.exe" | C:\Windows\SysWOW64\tasklist.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Lists the current running tasks Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6956 | C:\WINDOWS\System32\find.exe "Ummy.exe" | C:\Windows\SysWOW64\find.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
836 | "C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe" /install /quiet /norestart | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Visual C++ 2010 x86 Redistributable Setup Exit code: 3221226540 Version: 10.0.40219.325 Modules
| |||||||||||||||
4540 | "C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe" /install /quiet /norestart | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Visual C++ 2010 x86 Redistributable Setup Exit code: 0 Version: 10.0.40219.325 Modules
| |||||||||||||||
5496 | c:\959e381ca42ed7885589acedec0a\Setup.exe /install /quiet /norestart | C:\959e381ca42ed7885589acedec0a\Setup.exe | vcredist_x86.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Setup Installer Exit code: 0 Version: 10.0.40219.325 built by: SP1LDR Modules
|
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | InstallLocation |
Value: C:\Users\admin\AppData\Local\ummy | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Ummy |
Operation: | write | Name: | vid |
Value: 148 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | DisplayIcon |
Value: C:\Users\admin\AppData\Local\ummy\uninstallerIcon.ico | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | Publisher |
Value: ITPRODUCTDEV LTD | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | NoModify |
Value: 1 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | NoRepair |
Value: 1 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | KeepShortcuts |
Value: true |
PID | Process | Filename | Type | |
---|---|---|---|---|
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\ummy-1.17.2-ia32.nsis[1].7z | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\package.7z | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\icudtl.dat | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\LICENSES.chromium.html | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\System.dll | executable | |
MD5:0D7AD4F45DC6F5AA87F606D0331C6901 | SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\LICENSE.electron.txt | text | |
MD5:4D42118D35941E0F664DDDBD83F633C5 | SHA256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | binary | |
MD5:6C267D0F5E9DB296FEBA42DA9E43DEDE | SHA256:5E06E6FF173B4937A584980B2ABA178984EA8FA30822F00E70E46DC712424627 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\chrome_100_percent.pak | binary | |
MD5:109EE8FFD715C63E3E2248C2AD5CA559 | SHA256:B581F176C6BDBF8A152947FB37AF9C0E6D7651616408CB7312B336C37A704580 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\locales\am.pak | binary | |
MD5:D3C12CBCFD29ADB63F8314FE0FD3F8EC | SHA256:D61B254715FD71356B55A700B4B818C050507DED9F7474225E6E1AA1825616B5 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\StdUtils.dll | executable | |
MD5:C6A6E03F77C313B267498515488C5740 | SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1176 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 172.217.16.131:80 | http://c.pki.goog/r/r1.crl | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 104.21.1.194:80 | http://cdn-televzr.com/ummy/ummy-1.17.2-ia32.nsis.7z | unknown | — | — | — |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 142.250.184.227:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | unknown | — | — | whitelisted |
5064 | SearchApp.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 302 | 172.67.150.95:80 | http://desktop.televzr.com/download/updater/latest/ummy.nsis.7z/ummy-1.17.2-ia32.nsis.7z | unknown | — | — | whitelisted |
5568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
6244 | backgroundTaskHost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
5568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.146:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2164 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5064 | SearchApp.exe | 104.126.37.128:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
5064 | SearchApp.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
1176 | svchost.exe | 20.190.160.22:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1176 | svchost.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
login.live.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
c.pki.goog |
| whitelisted |
Process | Message |
---|---|
Setup.exe | The operation completed successfully.
|