File name:

imyfone-d-back_setup.exe

Full analysis: https://app.any.run/tasks/0111f128-8cca-4ace-bcf3-bde76398d9c9
Verdict: Malicious activity
Analysis date: March 08, 2024, 04:16:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

6D05F75F74CF8583223B7D08188F6E35

SHA1:

FD66D29989BBEEC3910F37E03EBBB3DA2193A123

SHA256:

DA0B123AFF9602F66B5B7B4D702E94535F25080D607DF75C864E7EA9FD927B1A

SSDEEP:

98304:kLSrQ6LC/pdVFgvub/ybHz34qdPmd1a+IqNMHTh9spDje/ZoL/Lo9oSW/dR1jVTz:kz4G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops the executable file immediately after the start

      • imyfone-d-back_setup.exe (PID: 1776)
  • SUSPICIOUS

    • Reads the Internet Settings

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads settings of System Certificates

      • imyfone-d-back_setup.exe (PID: 1776)
  • INFO

    • Checks supported languages

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads the computer name

      • imyfone-d-back_setup.exe (PID: 1776)
    • Creates files in the program directory

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads Environment values

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads product name

      • imyfone-d-back_setup.exe (PID: 1776)
    • Checks proxy server information

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads the software policy settings

      • imyfone-d-back_setup.exe (PID: 1776)
    • Reads the machine GUID from the registry

      • imyfone-d-back_setup.exe (PID: 1776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (16.3)
.exe | Win64 Executable (generic) (14.5)
.dll | Win32 Dynamic Link Library (generic) (3.4)
.exe | Win32 Executable (generic) (2.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:01:31 09:34:28+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2121216
InitializedDataSize: 1192448
UninitializedDataSize: -
EntryPoint: 0x1bc344
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.3.0.11
ProductVersionNumber: 4.3.0.11
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: imyfone-d-back_setup.exe
FileVersion: 4.3.0.11
LegalCopyright: Copyright (C) 2024 iMyFone. All rights reserved.
ProductName: iMyFone D-Back
ProductVersion: 4.3.0.11
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start imyfone-d-back_setup.exe imyfone-d-back_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1776"C:\Users\admin\AppData\Local\Temp\imyfone-d-back_setup.exe" C:\Users\admin\AppData\Local\Temp\imyfone-d-back_setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
imyfone-d-back_setup.exe
Exit code:
0
Version:
4.3.0.11
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-d-back_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
4052"C:\Users\admin\AppData\Local\Temp\imyfone-d-back_setup.exe" C:\Users\admin\AppData\Local\Temp\imyfone-d-back_setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
imyfone-d-back_setup.exe
Exit code:
3221226540
Version:
4.3.0.11
Modules
Images
c:\users\admin\appdata\local\temp\imyfone-d-back_setup.exe
c:\windows\system32\ntdll.dll
Total events
3 412
Read events
3 385
Write events
20
Delete events
7

Modification events

(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\iMyfone\iMyfoneDown
Operation:writeName:GUID
Value:
499CF262-CFD8-44a0-AAB2-763E3DBC5CE1
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(1776) imyfone-d-back_setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
Executable files
0
Suspicious files
0
Text files
48
Unknown types
0

Dropped files

PID
Process
Filename
Type
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Arabic\UrlInfo.initext
MD5:6F0F1BB8E6F53A4F4AB4D4BB553D2470
SHA256:37EABA39575A367D43CDFF72CBA2EDDA21A0E859AAB2D34D38DD57802235EEB1
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Chinese\UrlInfo.initext
MD5:06E6A9BDD02C5F6162AB169E2E51D98A
SHA256:893C7ACBD4DC83A974336E2CAD0DE4AFF99B44331315C912587AA8B7FC75C0A3
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\ChineseTW\text.initext
MD5:FEF81AD4B993293CD11819C2A72FA921
SHA256:882507FE26592D7DF18533E1CBBAB54BD031EAFBF7210934FB065272F5950020
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\ChineseTW\install_tips.pngimage
MD5:266837DE64B15DD10AEF44B1A26D735F
SHA256:088496D9494AA287B33D55406E8E5D53ADB4BC01C7070B6C806A5377CBC64594
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Chinese\install_tips.pngimage
MD5:215264120753F589027C53D178776FD1
SHA256:D15FAA750A46EEB70BED42BB657BE51F2CC16048EDB4C7345E97E3C03D7F3F11
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\ChineseTW\UrlInfo.initext
MD5:24BE8D14A6661A638CB60C8765724012
SHA256:BEE82FA9FBBC1F7F192863E616C5D350E98E0D0C217A8D3B547D601CAEB5616D
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Chinese\text.initext
MD5:BAF30D868C681E2C0EA8746915C4B16B
SHA256:82DAE6180DE093994FB49EC072FADEE08A61D3E508A148B28F9349DAA14FCBA0
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Dutch\install_tips.pngimage
MD5:37FBD8854A81154BC3B683045C25C21C
SHA256:37FACD34615F552C41B7C2431CE84DBB9092380F92CB7DCC2800DF760EDE1630
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Dutch\UrlInfo.initext
MD5:6E8121B1270317D0105E67B0A3B73B8D
SHA256:22BE79017BCEE8D7CF989A748861963803EA9A5A50C68944F93DE549CDF3D8C3
1776imyfone-d-back_setup.exeC:\Program Files\imyfone_down\imyfone-d-back_setup\language\Dutch\text.initext
MD5:F400451FCA2341BD34B5BC3F2443B07F
SHA256:09F5FEBCCC83EE0559F0B911990C2567F3CF9627CF0EAFC04BE536B481DCEEFF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
36
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1776
imyfone-d-back_setup.exe
HEAD
200
13.32.27.108:80
http://download-new.imyfone.com/d-back/imyfone-d-back_setup.exe
unknown
unknown
1776
imyfone-d-back_setup.exe
GET
200
47.252.43.235:80
http://apipdm.imyfone.club/downloader/carousel?pid=11&lang=English
unknown
binary
584 b
unknown
1776
imyfone-d-back_setup.exe
GET
200
13.32.27.108:80
http://download-new.imyfone.com/downloaderCarousel/20240126/pd-65b34e2a71b00.png
unknown
image
298 Kb
unknown
1776
imyfone-d-back_setup.exe
GET
200
13.32.27.108:80
http://download-new.imyfone.com/downloaderCarousel/20240126/pd-65b34e38060b6.png
unknown
image
297 Kb
unknown
1776
imyfone-d-back_setup.exe
GET
200
13.32.27.108:80
http://download-new.imyfone.com/downloaderCarousel/20240126/pd-65b34e4338f3e.png
unknown
image
298 Kb
unknown
1776
imyfone-d-back_setup.exe
GET
200
13.32.27.108:80
http://download-new.imyfone.com/downloaderCarousel/20240126/pd-65b34e4c9eb93.png
unknown
image
294 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1776
imyfone-d-back_setup.exe
172.217.23.110:443
www.google-analytics.com
GOOGLE
US
whitelisted
1776
imyfone-d-back_setup.exe
47.252.43.235:443
apipdm.imyfone.club
Alibaba US Technology Co., Ltd.
US
unknown
1776
imyfone-d-back_setup.exe
13.32.27.108:443
download-new.imyfone.com
AMAZON-02
US
unknown
1776
imyfone-d-back_setup.exe
13.32.27.108:80
download-new.imyfone.com
AMAZON-02
US
unknown
1776
imyfone-d-back_setup.exe
47.252.43.235:80
apipdm.imyfone.club
Alibaba US Technology Co., Ltd.
US
unknown

DNS requests

Domain
IP
Reputation
www.google-analytics.com
  • 172.217.23.110
whitelisted
download-new.imyfone.com
  • 13.32.27.108
  • 13.32.27.7
  • 13.32.27.21
  • 13.32.27.30
unknown
apipdm.imyfone.club
  • 47.252.43.235
unknown

Threats

No threats detected
No debug info