File name:

e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe

Full analysis: https://app.any.run/tasks/9df665fa-dffe-4aa4-80b0-88ffd3dcf247
Verdict: Malicious activity
Analysis date: January 14, 2024, 20:43:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0E8D0E8257788B719CEDEC780A9484C6

SHA1:

1E3EE6524D9FD308BA375FD7B4423CF02B9246F9

SHA256:

E83987758BADA5B901241EEA36B79C355D0D84CC0C43E0BBCE14F357885F02B0

SSDEEP:

1536:e3JQmZsN3f2tjeO9/1VDCPWUtfGtGorLMIeQRR5kDx:e3JQmON3yjeOZ1VDzIorLmQr2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes appearance of the Explorer extensions

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • Drops the executable file immediately after the start

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • UAC/LUA settings modification

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

  • INFO

    • Checks supported languages

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • Reads the computer name

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • Creates files or folders in the user directory

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • Reads the machine GUID from the registry

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)

    • Create files in a temporary directory

      • e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe (PID: 2948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:11:05 01:25:00+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 512
InitializedDataSize: -
UninitializedDataSize: -
EntryPoint: 0x1010
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
31
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe

Process information

PID
CMD
Path
Indicators
Parent process
2948"C:\Users\admin\AppData\Local\Temp\e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe" C:\Users\admin\AppData\Local\Temp\e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\system32\kernel32.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\syswow64\kernelbase.dll
Total events
228
Read events
222
Write events
6
Delete events
0

Modification events

(PID) Process:(2948) e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Operation:writeName:Hidden
Value:
1
(PID) Process:(2948) e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Policies\System
Operation:writeName:EnableLUA
Value:
1
(PID) Process:(2948) e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Operation:writeName:Hidden
Value:
2
Executable files
2
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2948e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeC:\Users\admin\AppData\Local\Temp\fifbf.exeexecutable
MD5:B360FA63134A63F9ACFE046D2DFE10D9
SHA256:03E0C6C4CA8A24F961477887763397045E67862E059F7494014AEFC21891D40E
2948e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeC:\Users\admin\AppData\Local\Temp\ehyjfd.exeexecutable
MD5:B360FA63134A63F9ACFE046D2DFE10D9
SHA256:03E0C6C4CA8A24F961477887763397045E67862E059F7494014AEFC21891D40E
2948e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exeC:\Windows\SYSTEM.INIbinary
MD5:442636835BB8CC9C35BE2C706260FC6A
SHA256:3E65471794DDAD6F4466F04E8D9A256FE41DDD1C7F70A747FDF2B62BF9154ED0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1220
svchost.exe
239.255.255.250:3702
whitelisted
352
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
e83987758bada5b901241eea36b79c355d0d84cc0c43e0bbce14f357885f02b0.exe