File name: | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe |
Full analysis: | https://app.any.run/tasks/6b783e84-8a82-47c8-b43b-80ee26ca8e50 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:45:35 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections |
MD5: | 949FAB8A38F9163BE3019D326CD2AB3C |
SHA1: | BCC4C0E24496556C9EA72B904034FF7FAD21B40B |
SHA256: | BD3DA4BB59C183FDC093FC526CD75BB2A7969A757A7E698598943A0D79163CF7 |
SSDEEP: | 49152:DPNVkWShlX40vue4HyNt85q0lVlqQXO6ZCmSxbv0kFgQ0Qh1lhUq8s891D751h1O:DP/kWSA4D05zrlhO6smSlvMQ0QrTU15C |
.exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (14.2) |
.exe | | | Win32 Executable (generic) (9.7) |
.exe | | | Generic Win/DOS Executable (4.3) |
.exe | | | DOS Executable Generic (4.3) |
ProductVersion: | 1.17.2 |
---|---|
ProductName: | Ummy |
LegalCopyright: | Copyright © 2024 ITPRODUCTDEV LTD |
FileVersion: | 1.17.2 |
FileDescription: | Ummy Desktop |
CompanyName: | ITPRODUCTDEV LTD |
CharacterSet: | Windows, Latin1 |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 1.17.2.0 |
FileVersionNumber: | 1.17.2.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 6 |
OSVersion: | 4 |
EntryPoint: | 0x338f |
UninitializedDataSize: | 16384 |
InitializedDataSize: | 473088 |
CodeSize: | 26624 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
TimeStamp: | 2018:12:15 22:26:14+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3688 | "C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe" | C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | explorer.exe | ||||||||||||
User: admin Company: ITPRODUCTDEV LTD Integrity Level: MEDIUM Description: Ummy Desktop Exit code: 0 Version: 1.17.2 Modules
| |||||||||||||||
5432 | "C:\WINDOWS\system32\cmd.exe" /C more < "C:\Users\admin\AppData\Local\Temp\UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe:Zone.Identifier" | C:\Windows\SysWOW64\cmd.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
2072 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6892 | cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Ummy.exe" | %SYSTEMROOT%\System32\find.exe "Ummy.exe" | C:\Windows\SysWOW64\cmd.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
6900 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6948 | tasklist /FI "USERNAME eq admin" /FI "IMAGENAME eq Ummy.exe" | C:\Windows\SysWOW64\tasklist.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Lists the current running tasks Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
6956 | C:\WINDOWS\System32\find.exe "Ummy.exe" | C:\Windows\SysWOW64\find.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (grep) Utility Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
836 | "C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe" /install /quiet /norestart | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe | — | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Visual C++ 2010 x86 Redistributable Setup Exit code: 3221226540 Version: 10.0.40219.325 Modules
| |||||||||||||||
4540 | "C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe" /install /quiet /norestart | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\vcredist_x86.exe | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Visual C++ 2010 x86 Redistributable Setup Exit code: 0 Version: 10.0.40219.325 Modules
| |||||||||||||||
5496 | c:\959e381ca42ed7885589acedec0a\Setup.exe /install /quiet /norestart | C:\959e381ca42ed7885589acedec0a\Setup.exe | vcredist_x86.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Setup Installer Exit code: 0 Version: 10.0.40219.325 built by: SP1LDR Modules
|
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | InstallLocation |
Value: C:\Users\admin\AppData\Local\ummy | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Ummy |
Operation: | write | Name: | vid |
Value: 148 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | DisplayIcon |
Value: C:\Users\admin\AppData\Local\ummy\uninstallerIcon.ico | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | Publisher |
Value: ITPRODUCTDEV LTD | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | NoModify |
Value: 1 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | NoRepair |
Value: 1 | |||
(PID) Process: | (3688) UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | Key: | HKEY_CURRENT_USER\SOFTWARE\589bbc75-bab8-5041-bad3-2b463b503e06 |
Operation: | write | Name: | KeepShortcuts |
Value: true |
PID | Process | Filename | Type | |
---|---|---|---|---|
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\ummy-1.17.2-ia32.nsis[1].7z | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\package.7z | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\icudtl.dat | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\LICENSES.chromium.html | — | |
MD5:— | SHA256:— | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:623C118BE47301CE2F9ABDAAE8FA93F1 | SHA256:68CB973ABF44956D3D2C87D3BA5A9744DB920B0DBEAB20DA90858EC5A4522865 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | binary | |
MD5:6C267D0F5E9DB296FEBA42DA9E43DEDE | SHA256:5E06E6FF173B4937A584980B2ABA178984EA8FA30822F00E70E46DC712424627 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | binary | |
MD5:92B839135741069B05829B07B6F3F3FB | SHA256:4AE12FEDBB424DA1938E2BF5B343DC175D9CDAAFD4123715BE68DDA9BB2F18C5 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\nsExec.dll | executable | |
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2 | SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962 | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\System.dll | executable | |
MD5:0D7AD4F45DC6F5AA87F606D0331C6901 | SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA | |||
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | C:\Users\admin\AppData\Local\Temp\nse543F.tmp\7z-out\locales\bg.pak | binary | |
MD5:9C5A545DA2150EAE00A0240097FD423F | SHA256:A47C73AE35583C284941793A1ED8B80B3BC8A3E2AC1A049354A3B1C408232B00 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
5064 | SearchApp.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
5568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
1176 | svchost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 104.21.1.194:80 | http://cdn-televzr.com/ummy/ummy-1.17.2-ia32.nsis.7z | unknown | — | — | — |
6244 | backgroundTaskHost.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D | unknown | — | — | whitelisted |
6348 | msiexec.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/CSPCA.crl | unknown | — | — | whitelisted |
5568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.146:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
3688 | UmmyVD-[ed24b3e43be1a42842f448e769eb8152,148,,,].exe | GET | 200 | 172.217.16.131:80 | http://c.pki.goog/r/r1.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 23.48.23.146:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
2164 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5064 | SearchApp.exe | 104.126.37.128:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
5064 | SearchApp.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
1176 | svchost.exe | 20.190.160.22:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1176 | svchost.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
login.live.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
c.pki.goog |
| whitelisted |
Process | Message |
---|---|
Setup.exe | The operation completed successfully.
|