File name:

c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c

Full analysis: https://app.any.run/tasks/3b474f08-b0d5-4251-ba26-576fd34274e3
Verdict: Malicious activity
Analysis date: December 05, 2022, 20:39:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4C7F40CA0B11F11FEB0DF97081BCF0D5

SHA1:

0B2541E4F6AFF057ED2904DD48DEE1734A4D87A3

SHA256:

C36CA3DD5BF2D289C35D8ABA7763B25AE579186A030D4DCE09B99ECA7744956C

SSDEEP:

768:+PGzQPi/qtWFvJXjhPzYjfxPkpw2dI8Cs:+ekPi/qtYjhP8jmwAr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Creates a writable file the system directory

      • c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe (PID: 1968)
    • Changes the autorun value in the registry

      • c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe (PID: 1968)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Checks supported languages

      • c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe (PID: 1968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (61.6)
.dll | Win32 Dynamic Link Library (generic) (14.6)
.exe | Win32 Executable (generic) (10)
.exe | Win16/32 Executable Delphi generic (4.6)
.exe | Generic Win/DOS Executable (4.4)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2002-Aug-30 14:18:48

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: 0
e_cparhdr: 4
e_minalloc: 0
e_maxalloc: 65535
e_ss: 0
e_sp: 184
e_csum: 0
e_ip: 0
e_cs: 0
e_ovno: 0
e_oemid: 0
e_oeminfo: 0
e_lfanew: 128

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 4
TimeDateStamp: 2002-Aug-30 14:18:48
PointerToSymbolTable: 0
NumberOfSymbols: 0
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
4096
13032
13032
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.07242
.bss
20480
3380
0
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data
24576
7072
7072
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.96987
.idata
32768
4012
4012
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.47423

Imports

ADVAPI32.DLL
CRTDLL.DLL
KERNEL32.DLL
USER32.DLL
wsock32.dll
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe

Process information

PID
CMD
Path
Indicators
Parent process
1968"C:\Users\admin\AppData\Local\Temp\c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe" C:\Users\admin\AppData\Local\Temp\c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
Total events
63
Read events
8
Write events
55
Delete events
0

Modification events

(PID) Process:(1968) c36ca3dd5bf2d289c35d8aba7763b25ae579186a030d4dce09b99eca7744956c.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:I-Worm.GiGu
Value:
uGiG.eXe
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info