File name: | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe |
Full analysis: | https://app.any.run/tasks/13d1c542-8976-444c-b40d-fe9d09166e12 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 22:34:10 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | C23436A55768FDAADAE63A0C8A5340A0 |
SHA1: | 4A7BED3A42938356E86F1C8901F6EAB1E639DA74 |
SHA256: | E57BB38EAD28545CC162A12CB522C58A55518E454B365E7D7A90DC33E8060FA6 |
SSDEEP: | 12288:XvVVVVVVVVIuFTDhSfWJUNo5kUe7UvVVVVVVVVguFTDhSfWJUNo5kUe70Rqhjzum:AuFRSfWJUq5kUehuFRSfWJUq5kUeARqT |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2011:03:15 04:06:07+00:00 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
PEType: | PE32 |
LinkerVersion: | 6 |
CodeSize: | 8192 |
InitializedDataSize: | 4096 |
UninitializedDataSize: | 24576 |
EntryPoint: | 0x2130 |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
4500 | "C:\Users\admin\Desktop\e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe" | C:\Users\admin\Desktop\e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | — | ||
MD5:— | SHA256:— | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:027B418833150FF84DE66A5E622B0C6F | SHA256:24F3365B7F17C415FA8DDC9469E8C0FEA9B3612C38424045F6F9E8210FABA07C | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\bootmgr.tmp | executable | |
MD5:3499973D429BD5EC544FBC07B8EFF04E | SHA256:3F7502EDFA9B2B09EF83D6741244F945D13960EC14397ECE2799966F127B9A7F | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.tmp | executable | |
MD5:213E9D2C679E47EB432EB365508DA24E | SHA256:23C68A49902FA6CB8869EBA40D99FD51EEEB7EB236D13025669ACA0E3AF7AC33 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:4F178C7771F1BA2E752013E08108F5BB | SHA256:B77700FC792FC1E06DFD72927779A47C9541FDB554774A5B5D8204CE807E1077 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:E34FA16414ED26734359CE584C0E26BC | SHA256:F808C8E5F8C9817173F7273A6D34CC6BDE23567348F30D52E69C2FA789992E54 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:56CEC30C922B323476C2EE881503E88E | SHA256:BA965AD96B49D33E1352A751CB9B396F60E9B1D4D387291CBF9D34FD51EAE361 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.tmp | executable | |
MD5:53DBA566B2F2C108CA81D51FE7F21F8F | SHA256:4484D9BB6908ACE1610471D646D60B3D1CE13B8B74E87DF2CB687C2A4946E144 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.tmp | executable | |
MD5:5F056DBBE02D8276C06D02F0B1D551E4 | SHA256:D2EA847ACB12561C19CF3EA3C224D20A0C019D27045997CF6BFE1DAA87F27232 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.tmp | executable | |
MD5:8DD2802206515A3D4E459ABF8B2014D9 | SHA256:D2A0F090C0E2F68474095C4C8B12C13E0EFF6C639BC9F3F175E48AD5CD45265B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1016 | svchost.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
188 | RUXIMICS.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
188 | RUXIMICS.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1016 | svchost.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
188 | RUXIMICS.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1016 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1016 | svchost.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
188 | RUXIMICS.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
1016 | svchost.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
188 | RUXIMICS.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |