File name: | downloadEdge.aspx |
Full analysis: | https://app.any.run/tasks/0bac8edf-4651-4ef7-8b57-d2352a70d078 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 16:16:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | FF80633D135CA8DC4F8A97B6CD917052 |
SHA1: | 74DEE58BFFCC94877D6A015C4860B060A6054BFB |
SHA256: | EA0132B4209557765323F51A85E41C0DF71B1A266420B097AA935788C6A918AE |
SSDEEP: | 24576:mCK9BX64KJ4LovcZe8GE0kxbILxMDRpvh30jZK1WiaX7bflmPKW5buez6pFT:RK9A4LovV0910jZK1Wi27b9mhpuxnT |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
LanguageId: | en |
---|---|
UpstreamVersion: | 1.3.99.0 |
ProductVersion: | 1.3.111.43 |
ProductName: | Microsoft Edge Update |
OriginalFileName: | MicrosoftEdgeUpdateSetup.exe |
LegalCopyright: | Copyright Microsoft Corporation |
InternalName: | Microsoft Edge Update Setup |
FileVersion: | 1.3.111.43 |
FileDescription: | Microsoft Edge Update Setup |
CompanyName: | Microsoft Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.3.111.43 |
FileVersionNumber: | 1.3.111.43 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5075 |
UninitializedDataSize: | - |
InitializedDataSize: | 1589248 |
CodeSize: | 93696 |
LinkerVersion: | 14.16 |
PEType: | PE32 |
TimeStamp: | 2019:09:14 12:44:36+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 14-Sep-2019 10:44:36 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Microsoft Corporation |
FileDescription: | Microsoft Edge Update Setup |
FileVersion: | 1.3.111.43 |
InternalName: | Microsoft Edge Update Setup |
LegalCopyright: | Copyright Microsoft Corporation |
OriginalFilename: | MicrosoftEdgeUpdateSetup.exe |
ProductName: | Microsoft Edge Update |
ProductVersion: | 1.3.111.43 |
UpstreamVersion: | 1.3.99.0 |
LanguageId: | en |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000110 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 14-Sep-2019 10:44:36 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00016CE1 | 0x00016E00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.65805 |
.rdata | 0x00018000 | 0x000071B0 | 0x00007200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.25678 |
.data | 0x00020000 | 0x00001400 | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.24546 |
.rsrc | 0x00022000 | 0x0017B1B4 | 0x0017B200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.9835 |
.reloc | 0x0019E000 | 0x000011F8 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.56296 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.20417 | 1166 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 4.13669 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 3.91985 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.83772 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 3.68656 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 4.50268 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86669 | 90 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
102 | 7.99987 | 1505121 | Latin 1 / Western European | UNKNOWN | B |
1223 | 3.73035 | 380 | Latin 1 / Western European | UNKNOWN | RT_STRING |
KERNEL32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3016 | "C:\Users\admin\Desktop\downloadEdge.aspx.exe" | C:\Users\admin\Desktop\downloadEdge.aspx.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Version: 1.3.111.43 | ||||
2200 | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&iid={5e35f7f0-ddab-52f7-8ba8-bf6bb494122b}&lang=en" | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\MicrosoftEdgeUpdate.exe | downloadEdge.aspx.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.111.43 | ||||
3100 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.111.43 | ||||
2732 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMTEuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTEuNDMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NjhEMzc4NDgtMEY1Ny00RDQ2LUIyQjEtRUYyRTU4ODU2QkFGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JDRkY3QUEyLUJFMDItNEU1RS1CMTQyLThBNTdGRjVFOUU4MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExMS40MyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9Ins1RTM1RjdGMC1EREFCLTUyRjctOEJBOC1CRjZCQjQ5NDEyMkJ9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjExMTAiLz48L2FwcD48L3JlcXVlc3Q- | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.111.43 | ||||
2944 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&iid={5e35f7f0-ddab-52f7-8ba8-bf6bb494122b}&lang=en" /installsource taggedmi /sessionid "{68D37848-0F57-4D46-B2B1-EF2E58856BAF}" | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.111.43 | ||||
2328 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Version: 1.3.111.43 |
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{65C35B14-6C1D-4122-AC46-7148CC9D6497} |
Operation: | write | Name: | usagestats |
Value: 0 | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{65C35B14-6C1D-4122-AC46-7148CC9D6497} |
Operation: | write | Name: | urlstats |
Value: 0 | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate |
Operation: | write | Name: | path |
Value: C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate |
Operation: | write | Name: | UninstallCmdLine |
Value: "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A} |
Operation: | write | Name: | pv |
Value: 1.3.111.43 | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A} |
Operation: | write | Name: | name |
Value: Microsoft Edge Update | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A} |
Operation: | write | Name: | pv |
Value: 1.3.111.43 | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Microsoft Edge Update |
Value: C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.111.43\MicrosoftEdgeUpdateCore.exe | |||
(PID) Process: | (2200) MicrosoftEdgeUpdate.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate |
Operation: | write | Name: | IsMSIHelperRegistered |
Value: 0 | |||
(PID) Process: | (3100) MicrosoftEdgeUpdate.exe | Key: | HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 |
Operation: | write | Name: | |
Value: C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.111.43\psuser.dll |
PID | Process | Filename | Type | |
---|---|---|---|---|
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\psmachine_64.dll | executable | |
MD5:3A8B9BD17CE1ACDD8B2CFE4F1117F28A | SHA256:A20989EA0EF2551B8E931A4F8750933D3BE4ED056A0843444F55E33A19C3D107 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\MicrosoftEdgeUpdate.exe | — | |
MD5:CD7A1DDC2D7B680B9ABD4BE92F3861CF | SHA256:532F04AA29A47E883B1AAD4E7D8682BAA0E4889C633DEDBC5E6BFF7649015609 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\psuser.dll | executable | |
MD5:C69D864A22BAF20A2FE161394CC6F9B6 | SHA256:3ADAD9255958D0FD2DB94A74F0FDABB31CEF458820BE8F3352AF86518BEB8559 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\psmachine.dll | executable | |
MD5:094F4915721233B5AAACDD07ADDE2F9A | SHA256:490627BFF5F067D9F11D42DAA9F247AA291EF5C10DF61ECE1F70977FAC41CC13 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\msedgeupdate.dll | executable | |
MD5:F6D09F553762E21187C96A51AD41C1F5 | SHA256:B23A0F7286223EE6A4C5F678F73577BC0ED43672F7FFEE03C6006DE62DBD3383 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\msedgeupdateres_bg.dll | executable | |
MD5:4983228DE787971EC8C5185157C6F97E | SHA256:3A4F75D64BE2D9598C09B28901E43673D448C78CC639321EF90D98417832E13C | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\msedgeupdateres_ca.dll | executable | |
MD5:BCE2A5A4E9473DA69610614E0788B791 | SHA256:1DB89C51E3F7D238F6D80BDB6362B96433BC401E0E2839B30243475BC0100B4F | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | executable | |
MD5:D5482858304AA2A5B995BEA5A6F639C8 | SHA256:F8499D5D79C501C08213962FA74F00A5AB52F64EB4B7E01FA1FC231D7F3BC715 | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\MicrosoftEdgeUpdateOnDemand.exe | executable | |
MD5:48E15F9216741997BA04862F43B8308E | SHA256:A1ABE7FC74DDE210CC8A82F9549B4E93D8909E2AF4CCC8C7074B732988C0586D | |||
3016 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EU4F07.tmp\msedgeupdateres_el.dll | executable | |
MD5:654B39E70D386DD50061AD9F5B8AB09C | SHA256:65CFA8FFF7C081C9F3B7C1D8306BEC61B1907E8812BE52705F7ED55969E749C2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 200 | 2.16.186.75:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/88733d58-46ad-442c-97e7-255bd53e0330?P1=1570724221&P2=402&P3=2&P4=aeMnVFAHIucGTtvWvvwVU9ZPEOuHrtAVk9%2b14lQOY6ecCRYFNC3a9GX%2ffckX42BZw7%2beyz%2b9keo4UMga754ocg%3d%3d | unknown | — | — | whitelisted |
— | — | GET | — | 2.16.186.75:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/88733d58-46ad-442c-97e7-255bd53e0330?P1=1570724221&P2=402&P3=2&P4=aeMnVFAHIucGTtvWvvwVU9ZPEOuHrtAVk9%2b14lQOY6ecCRYFNC3a9GX%2ffckX42BZw7%2beyz%2b9keo4UMga754ocg%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2328 | MicrosoftEdgeUpdate.exe | 40.67.252.175:443 | msedge.api.cdp.microsoft.com | Microsoft Corporation | IE | unknown |
2732 | MicrosoftEdgeUpdate.exe | 52.114.158.91:443 | self.events.data.microsoft.com | Microsoft Corporation | US | unknown |
— | — | 2.16.186.74:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | Akamai International B.V. | — | whitelisted |
— | — | 2.16.186.75:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
self.events.data.microsoft.com |
| whitelisted |
msedge.api.cdp.microsoft.com |
| whitelisted |
msedge.f.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |