File name:

Cyberpunk 2077 update 2.10 - 2.11.exe

Full analysis: https://app.any.run/tasks/3a87b95a-fdaf-4663-a369-479c0862786c
Verdict: Malicious activity
Analysis date: February 12, 2024, 19:54:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

870C135921DA38D3153DB833E05CCF05

SHA1:

D0210572A48D0C765A4A802AFD0E94CB4CFF68CD

SHA256:

DDCE89E9C5638553A04455A63AFF71ACB17993FE077595F99527E20BF5A500FF

SSDEEP:

98304:+XiZWuhvME+4O503M5VmKvWxerG4E7wO2p5sbpHGpHqt5qzcHlq/N1+WqDtUPG50:vV+CH57bW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Reads the Windows owner or organization settings

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Process drops legitimate windows executable

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

  • INFO

    • Create files in a temporary directory

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Checks supported languages

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3652)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Reads the computer name

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3652)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:07:09 07:58:13+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 629760
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: CD PROJEKT RED
FileDescription: Cyberpunk 2077 update - ElAmigos Setup
FileVersion:
LegalCopyright:
ProductName: Cyberpunk 2077 update - ElAmigos
ProductVersion: 2.11
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cyberpunk 2077 update 2.10 - 2.11.exe cyberpunk 2077 update 2.10 - 2.11.tmp no specs cyberpunk 2077 update 2.10 - 2.11.exe cyberpunk 2077 update 2.10 - 2.11.tmp

Process information

PID
CMD
Path
Indicators
Parent process
2752"C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe
Cyberpunk 2077 update 2.10 - 2.11.tmp
User:
admin
Company:
CD PROJEKT RED
Integrity Level:
HIGH
Description:
Cyberpunk 2077 update - ElAmigos Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\cyberpunk 2077 update 2.10 - 2.11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3652"C:\Users\admin\AppData\Local\Temp\is-K5LOL.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp" /SL5="$E0170,2609660,695808,C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" C:\Users\admin\AppData\Local\Temp\is-K5LOL.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmpCyberpunk 2077 update 2.10 - 2.11.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-k5lol.tmp\cyberpunk 2077 update 2.10 - 2.11.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3848"C:\Users\admin\AppData\Local\Temp\is-05US1.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp" /SL5="$100130,2609660,695808,C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-05US1.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp
Cyberpunk 2077 update 2.10 - 2.11.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-05us1.tmp\cyberpunk 2077 update 2.10 - 2.11.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
4052"C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe
explorer.exe
User:
admin
Company:
CD PROJEKT RED
Integrity Level:
MEDIUM
Description:
Cyberpunk 2077 update - ElAmigos Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\cyberpunk 2077 update 2.10 - 2.11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
2 795
Read events
2 784
Write events
5
Delete events
6

Modification events

(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
080F000060643A61ED5DDA01
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
1C699E5D751CD3A86A04F418B0767F38580B6478BC98ED826E3867AD2E9808C9
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Games\Cyberpunk 2077\bin\x64\steam_api64.dll
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
33CFB2DDD9174E26A038425A2B68C122C74A2FFC5BF057A694CAA4BADFE7DBA6
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
켳�៙♎㢠婂栫⋁䫇ﰯꙗ쪔몤ꛛ
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Games\Cyberpunk 2077\bin\x64\steam_api64.dll
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:

(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
検嶞ᱵ꣓Ѫᣴ皰㡿୘硤颼苭㡮굧頮줈
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
Executable files
17
Suspicious files
0
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\2.icoimage
MD5:0EE990AF02BC758FD194844FFC1B66B1
SHA256:34DD2954E50C46C600CC85C6AA6083813F995C6CAC0485498D3C172C13C51139
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\CLS-MSC.dllexecutable
MD5:67A3A34ECAFC68AFDF05F71657EE0009
SHA256:6D3D6B0FF25FD2AC2C8D478B068AF55CB053D9B2C08C53964D6559C7C8B8047D
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\3.icoimage
MD5:03623E728A8FF98BA17812B8AD1B00AB
SHA256:14BAE90A5AD2F623BBC0FB26FA31108F5340A120FDCA23A1608EC91C7EC8435D
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\arc.initext
MD5:A18DC3E6BAB43C4800625D46215A19D2
SHA256:0DCCDD229E7E9025C5175525A5DDD8C51942B95467F978866718A51B4427E31C
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\unarc.dllexecutable
MD5:2CED17F02B24372C166FAAF7DA2DFFB3
SHA256:89952411324163A635942DB33DD0087508E20D112E1E75403DC1D5E852927DD7
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\cls-lolz.dllexecutable
MD5:9E1E200472D66356A4AE5D597B01DABC
SHA256:87DF573AC240E09EA4941E169FB2D15D5316A1B0E053446B8144E04B1154F061
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\4.icoimage
MD5:3EF67EA940147126D2D67B5945A2ED4F
SHA256:2258E06065913229BDE67E7E07161565AF54573BD6CF30FDA4EE91B4B80356D2
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\facompress_mt.dllexecutable
MD5:002508839634E56D43E4FD56E3DF2757
SHA256:7EEB2C50920E30544E2F180B0C39488501372A8F8BD8393BCB095353E9114CDE
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\cls-lolz_x64.exeexecutable
MD5:7234C4334A7523B1AC6F51C072497071
SHA256:D92F7C60256509F74E36D9B5AAB041FE44999B1A3910D70AA83C9D01F062EA29
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\cls-lolz_x86.exeexecutable
MD5:7CBE7DB7FC9258B6A43551140C343BB3
SHA256:6EA07AA4F5565AC289402ADE3B2E52BF8089AD6185E0ECF0E1F36CEA39C091A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Cyberpunk 2077 update 2.10 - 2.11.exe