File name:

Creative_Cloud_Set-Up.exe

Full analysis: https://app.any.run/tasks/597061ec-2a1b-4aaa-94ac-6f6fb3a2d97a
Verdict: Malicious activity
Analysis date: January 11, 2024, 19:30:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

E713CE23B7FB86D9FD0021FE1F313108

SHA1:

675963511318D0767B1E9FB590AF9671E931CE21

SHA256:

DFAAE0455375AAABA4BA9C6368FF200782A4EF766A0835EB6889E6436928727F

SSDEEP:

98304:meAynNf+mgjnZHldqdDeqbX6ojfCAICSmEYK5mIqaFiGZehZ2Hyt71wadjwTbKcw:mJxV7ZW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Reads Microsoft Outlook installation path

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Reads Internet Explorer settings

      • Creative_Cloud_Set-Up.exe (PID: 124)

  • INFO

    • Drops the executable file immediately after the start

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Create files in a temporary directory

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Checks supported languages

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Reads the computer name

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Creates files or folders in the user directory

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Reads CPU info

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Reads the machine GUID from the registry

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Checks proxy server information

      • Creative_Cloud_Set-Up.exe (PID: 124)

    • Process checks whether UAC notifications are on

      • Creative_Cloud_Set-Up.exe (PID: 124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:09:14 10:25:13+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 2981888
InitializedDataSize: 45056
UninitializedDataSize: 6918144
EntryPoint: 0x9718c0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.12.0.20
ProductVersionNumber: 2.12.0.20
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.12.0.20
InternalName: Adobe Installer
LegalCopyright: © 2015-2023 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.12.0.20
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start creative_cloud_set-up.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Creative_Cloud_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Exit code:
0
Version:
2.12.0.20
Modules
Images
c:\users\admin\appdata\local\temp\creative_cloud_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
687
Read events
677
Write events
10
Delete events
0

Modification events

(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) Creative_Cloud_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
0
Suspicious files
10
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\9726085c-f600-46f7-819e-70d6c7e9f6b4
MD5:
SHA256:
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\f1f4217a-5326-48b0-b5a6-2ecb30b5ef93
MD5:
SHA256:
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2024-01-11_19-31-00.logtext
MD5:E76CAD4A01E8AABE9CF82178873E8B47
SHA256:2EFEB1612B29C35D49F87C04E3B0F9121869CC5E52EDCB1DD03227CB6AED3756
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\auth_invalid_events\manifestbinary
MD5:335ECF8B087703C67A4831976CDD382C
SHA256:A0C08679CC6D6592ABCE004BB4CEC199AECDE68678E9B9A634C01DA37D58A7DD
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat1740.tmpbinary
MD5:DFCE51814CF6D2F42375F948602CD99D
SHA256:7A8A945586A1D21D2922CB4AED9E28D872129F6C396AC69F47EF3E32EA972BA0
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat16FF.tmpbinary
MD5:D070306A9062178AFDFA98FCC06D2525
SHA256:8F5CCDFD3DA9185D4AD262EC386EBB64B3EB6C0521EC5BD1662CEC04E1E0F895
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Temp\dat16DF.tmpbinary
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:B32A926B2C48CEFE7C70B9153E507D88
SHA256:A58D16C4D5956D913B169B534854DFA51FA150FABEE47D0E83636F10C604CB1F
124Creative_Cloud_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_invalid_events\manifestbinary
MD5:335ECF8B087703C67A4831976CDD382C
SHA256:A0C08679CC6D6592ABCE004BB4CEC199AECDE68678E9B9A634C01DA37D58A7DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
124
Creative_Cloud_Set-Up.exe
54.195.71.107:443
cc-api-data.adobe.io
AMAZON-02
IE
unknown

DNS requests

Domain
IP
Reputation
cc-api-data.adobe.io
  • 54.195.71.107
  • 34.250.67.152
  • 54.194.243.238
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Creative_Cloud_Set-Up.exe