File name:

Cyberpunk 2077 update 2.10 - 2.11.exe

Full analysis: https://app.any.run/tasks/3a87b95a-fdaf-4663-a369-479c0862786c
Verdict: Malicious activity
Analysis date: February 12, 2024, 19:54:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

870C135921DA38D3153DB833E05CCF05

SHA1:

D0210572A48D0C765A4A802AFD0E94CB4CFF68CD

SHA256:

DDCE89E9C5638553A04455A63AFF71ACB17993FE077595F99527E20BF5A500FF

SSDEEP:

98304:+XiZWuhvME+4O503M5VmKvWxerG4E7wO2p5sbpHGpHqt5qzcHlq/N1+WqDtUPG50:vV+CH57bW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Process drops legitimate windows executable

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Reads the Windows owner or organization settings

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

  • INFO

    • Create files in a temporary directory

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)

    • Checks supported languages

      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 4052)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3652)
      • Cyberpunk 2077 update 2.10 - 2.11.exe (PID: 2752)

    • Reads the computer name

      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3652)
      • Cyberpunk 2077 update 2.10 - 2.11.tmp (PID: 3848)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2014:07:09 07:58:13+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 65024
InitializedDataSize: 629760
UninitializedDataSize: -
EntryPoint: 0x113bc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: CD PROJEKT RED
FileDescription: Cyberpunk 2077 update - ElAmigos Setup
FileVersion:
LegalCopyright:
ProductName: Cyberpunk 2077 update - ElAmigos
ProductVersion: 2.11
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start cyberpunk 2077 update 2.10 - 2.11.exe cyberpunk 2077 update 2.10 - 2.11.tmp no specs cyberpunk 2077 update 2.10 - 2.11.exe cyberpunk 2077 update 2.10 - 2.11.tmp

Process information

PID
CMD
Path
Indicators
Parent process
2752"C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe
Cyberpunk 2077 update 2.10 - 2.11.tmp
User:
admin
Company:
CD PROJEKT RED
Integrity Level:
HIGH
Description:
Cyberpunk 2077 update - ElAmigos Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\cyberpunk 2077 update 2.10 - 2.11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3652"C:\Users\admin\AppData\Local\Temp\is-K5LOL.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp" /SL5="$E0170,2609660,695808,C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" C:\Users\admin\AppData\Local\Temp\is-K5LOL.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmpCyberpunk 2077 update 2.10 - 2.11.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-k5lol.tmp\cyberpunk 2077 update 2.10 - 2.11.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3848"C:\Users\admin\AppData\Local\Temp\is-05US1.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp" /SL5="$100130,2609660,695808,C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-05US1.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmp
Cyberpunk 2077 update 2.10 - 2.11.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-05us1.tmp\cyberpunk 2077 update 2.10 - 2.11.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
4052"C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe" C:\Users\admin\AppData\Local\Temp\Cyberpunk 2077 update 2.10 - 2.11.exe
explorer.exe
User:
admin
Company:
CD PROJEKT RED
Integrity Level:
MEDIUM
Description:
Cyberpunk 2077 update - ElAmigos Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\cyberpunk 2077 update 2.10 - 2.11.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
2 795
Read events
2 784
Write events
5
Delete events
6

Modification events

(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
080F000060643A61ED5DDA01
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
1C699E5D751CD3A86A04F418B0767F38580B6478BC98ED826E3867AD2E9808C9
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Games\Cyberpunk 2077\bin\x64\steam_api64.dll
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
33CFB2DDD9174E26A038425A2B68C122C74A2FFC5BF057A694CAA4BADFE7DBA6
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFilesHash
Value:
켳�៙♎㢠婂栫⋁䫇ﰯꙗ쪔몤ꛛ
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:RegFiles0000
Value:
C:\Games\Cyberpunk 2077\bin\x64\steam_api64.dll
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Sequence
Value:

(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:SessionHash
Value:
検嶞ᱵ꣓Ѫᣴ皰㡿୘硤颼苭㡮굧頮줈
(PID) Process:(3848) Cyberpunk 2077 update 2.10 - 2.11.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:delete valueName:Owner
Value:
Executable files
17
Suspicious files
0
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
4052Cyberpunk 2077 update 2.10 - 2.11.exeC:\Users\admin\AppData\Local\Temp\is-K5LOL.tmp\Cyberpunk 2077 update 2.10 - 2.11.tmpexecutable
MD5:BD0874E32E7F07C36B207641620D5F75
SHA256:8437E2F928CDA84832F293697AB0909A95AD6A2716770381009BA2DC54158BD3
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\1.icoimage
MD5:BCFD9F1E134DAB07B3D555F4078F1063
SHA256:6FA58A4E79734E87057A92EFF2643BFAC9D4D92D7BC2ECB258BABE62239BA611
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\facompress_mt.dllexecutable
MD5:002508839634E56D43E4FD56E3DF2757
SHA256:7EEB2C50920E30544E2F180B0C39488501372A8F8BD8393BCB095353E9114CDE
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\unarc.dllexecutable
MD5:2CED17F02B24372C166FAAF7DA2DFFB3
SHA256:89952411324163A635942DB33DD0087508E20D112E1E75403DC1D5E852927DD7
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\facompress.dllexecutable
MD5:D43845F28651A42BA2105FCFCCA5253F
SHA256:17A9FFDF381F7A9F6CDFC85B157FC6CF80CD4B45ED8AD43EDAC73008923501A0
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\ISDone.dllexecutable
MD5:4FEAFA8B5E8CDB349125C8AF0AC43974
SHA256:BB8A0245DCC5C10A1C7181BAD509B65959855009A8105863EF14F2BB5B38AC71
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\arc.initext
MD5:A18DC3E6BAB43C4800625D46215A19D2
SHA256:0DCCDD229E7E9025C5175525A5DDD8C51942B95467F978866718A51B4427E31C
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\2.icoimage
MD5:0EE990AF02BC758FD194844FFC1B66B1
SHA256:34DD2954E50C46C600CC85C6AA6083813F995C6CAC0485498D3C172C13C51139
3848Cyberpunk 2077 update 2.10 - 2.11.tmpC:\Users\admin\AppData\Local\Temp\is-01T20.tmp\3.icoimage
MD5:03623E728A8FF98BA17812B8AD1B00AB
SHA256:14BAE90A5AD2F623BBC0FB26FA31108F5340A120FDCA23A1608EC91C7EC8435D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Cyberpunk 2077 update 2.10 - 2.11.exe