File name: | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe |
Full analysis: | https://app.any.run/tasks/13d1c542-8976-444c-b40d-fe9d09166e12 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 22:34:10 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | C23436A55768FDAADAE63A0C8A5340A0 |
SHA1: | 4A7BED3A42938356E86F1C8901F6EAB1E639DA74 |
SHA256: | E57BB38EAD28545CC162A12CB522C58A55518E454B365E7D7A90DC33E8060FA6 |
SSDEEP: | 12288:XvVVVVVVVVIuFTDhSfWJUNo5kUe7UvVVVVVVVVguFTDhSfWJUNo5kUe70Rqhjzum:AuFRSfWJUq5kUehuFRSfWJUq5kUeARqT |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x2130 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
4500 | "C:\Users\admin\Desktop\e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe" | C:\Users\admin\Desktop\e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | — | ||
MD5:— | SHA256:— | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.tmp | executable | |
MD5:5F056DBBE02D8276C06D02F0B1D551E4 | SHA256:D2EA847ACB12561C19CF3EA3C224D20A0C019D27045997CF6BFE1DAA87F27232 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.tmp | executable | |
MD5:45BEDA62C42B292775C3F52CF5AA6C22 | SHA256:485E31F4835126295E5F9AD9A3E95F110DC20A97CCB8EFB04AC7D0E9B504F164 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:027B418833150FF84DE66A5E622B0C6F | SHA256:24F3365B7F17C415FA8DDC9469E8C0FEA9B3612C38424045F6F9E8210FABA07C | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\bootmgr.tmp | executable | |
MD5:3499973D429BD5EC544FBC07B8EFF04E | SHA256:3F7502EDFA9B2B09EF83D6741244F945D13960EC14397ECE2799966F127B9A7F | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatRes.dll.tmp | executable | |
MD5:F8C831BB7C36F034F054001C8FFEA463 | SHA256:7DA12B3A053180C203765778A467D8FAA0081D9F02560E44A601DACB19328867 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:E34FA16414ED26734359CE584C0E26BC | SHA256:F808C8E5F8C9817173F7273A6D34CC6BDE23567348F30D52E69C2FA789992E54 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:4F178C7771F1BA2E752013E08108F5BB | SHA256:B77700FC792FC1E06DFD72927779A47C9541FDB554774A5B5D8204CE807E1077 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.tmp | executable | |
MD5:53DBA566B2F2C108CA81D51FE7F21F8F | SHA256:4484D9BB6908ACE1610471D646D60B3D1CE13B8B74E87DF2CB687C2A4946E144 | |||
4500 | e57bb38ead28545cc162a12cb522c58a55518e454b365e7d7a90dc33e8060fa6.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef_100_percent.pak.tmp | executable | |
MD5:08E909505EB41D5C7C51763ADE4BA4BA | SHA256:B06892B78C3FE572BA8C2A5B9BA9CB29EC1FEC0ACDAF2EB207870CB6036EFBBF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
188 | RUXIMICS.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1016 | svchost.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1016 | svchost.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
188 | RUXIMICS.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
188 | RUXIMICS.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1016 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1016 | svchost.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
188 | RUXIMICS.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
1016 | svchost.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
188 | RUXIMICS.exe | 2.23.246.101:80 | www.microsoft.com | Ooredoo Q.S.C. | QA | whitelisted |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |