File name: | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber |
Full analysis: | https://app.any.run/tasks/b9fa2048-3d9e-4ab2-94c4-9227b4d750c9 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:11:56 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections |
MD5: | ECCD750B599A15690119FBD270198A90 |
SHA1: | E193703A3596CBC5F8FD9A2C634C4A2BFB98854B |
SHA256: | F638DC1B721004C8F1926C014A978856F80205D04EDB02392E99B52D204BA993 |
SSDEEP: | 98304:NKTzRqLJSACSn9GMPML8g3tdctxT9EjfFr4de6ExYqaNzyHesBQc04lDUAfJ0+vP:TGRGefB |
.exe | | | InstallShield setup (28) |
---|---|---|
.exe | | | Win32 EXE PECompact compressed (generic) (27.1) |
.exe | | | UPX compressed Win32 Executable (17.6) |
.exe | | | Win32 EXE Yoda's Crypter (17.3) |
.dll | | | Win32 Dynamic Link Library (generic) (4.2) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x22240 |
UninitializedDataSize: | 94208 |
InitializedDataSize: | 4096 |
CodeSize: | 45056 |
LinkerVersion: | 2.5 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
TimeStamp: | 2007:08:19 08:31:03+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3696 | "C:\Users\admin\Desktop\2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe" | C:\Users\admin\Desktop\2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
2428 | "C:\Users\admin\Desktop\SubDirectory\Ditto.exe" | C:\Users\admin\Desktop\SubDirectory\Ditto.exe | — | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Ditto Version: 3.18.46.0 Modules
|
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: |
PID | Process | Filename | Type | |
---|---|---|---|---|
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\DittoFAQ.htm | html | |
MD5:CAC002AB8E9539B820ABBB1040C05628 | SHA256:57D60A25370CB62DC44BD04AABC3864BC6613FEF04D6BB14BAEA4E6D51B009FB | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\AppData\Local\Temp\FP7EB9.tmp | text | |
MD5:516B8867D053E6C1A890A6B173B1D1D8 | SHA256:43B015FA314DD8EC8A70FF8623CB54208B7E68C3898F165F169EF1A25F44DAAA | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\DittoConfig.htm | html | |
MD5:E1A7002947A93276D4740610B3ACCBC8 | SHA256:8C9BB86F19622E9258F1BC19B813118CDEEBC0F0E4DF01FCC7514F1C48A3F8F1 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\Dutch_DittoGettingStarted.htm | html | |
MD5:872F1743D9196F08C1F7C6C3079722B1 | SHA256:888323D5345BA148075918DC79F6ED631462C48BA4EFE5D9E04DDF8C61351BF9 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Ditto.exe | executable | |
MD5:A7569CDF60DB586EC255EF9FFE311498 | SHA256:8A3C268F908EE5994BF9BB43BBF04A31D82506D15A11E69C9D98501C8F11C91A | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Changes.txt | text | |
MD5:71C14E67118CE3865DBDC8B6E6F7F108 | SHA256:814E65878F4A845864BA8C7DB16C4C3857F16A40B9BC231CC1C06EED6BDED186 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\U3_Install.htm | html | |
MD5:19E070C7AA48CC298DA8A771F9680D81 | SHA256:15AA2608493C3638FC031E18C384B1983C2B88610C32964349ED8C6E20398BA6 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Ditto.Settings | ini | |
MD5:E0CBD68347493DF5D4F6F232D508F0A8 | SHA256:DFE375BA181ACC0A808C87D9B61E1FE16E259D074345FA0640713725AB9A780F | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\AppData\Local\Temp\conres.dll | executable | |
MD5:7574CF2C64F35161AB1292E2F532AABF | SHA256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\Dutch_DittoConfig.htm | html | |
MD5:4104560D07D254553F1A7F9697E4E663 | SHA256:03A4B19ED7E1A6EA37E2FFB679DD91BF00488BB8098DB31A048E06E3C923D1A2 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
— | — | GET | 200 | 23.48.23.141:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
— | — | GET | 200 | 23.37.237.227:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
— | — | POST | 204 | 2.16.204.146:443 | https://www.bing.com/threshold/xls.aspx | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 23.48.23.141:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
— | — | 23.37.237.227:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | 72.14.185.43:80 | www.aieov.com | Linode, LLC | US | malicious |
188 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5064 | SearchApp.exe | 2.16.204.152:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
5isohu.com |
| whitelisted |
www.aieov.com |
| malicious |
www.bing.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |