File name: | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber |
Full analysis: | https://app.any.run/tasks/b9fa2048-3d9e-4ab2-94c4-9227b4d750c9 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:11:56 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections |
MD5: | ECCD750B599A15690119FBD270198A90 |
SHA1: | E193703A3596CBC5F8FD9A2C634C4A2BFB98854B |
SHA256: | F638DC1B721004C8F1926C014A978856F80205D04EDB02392E99B52D204BA993 |
SSDEEP: | 98304:NKTzRqLJSACSn9GMPML8g3tdctxT9EjfFr4de6ExYqaNzyHesBQc04lDUAfJ0+vP:TGRGefB |
.exe | | | InstallShield setup (28) |
---|---|---|
.exe | | | Win32 EXE PECompact compressed (generic) (27.1) |
.exe | | | UPX compressed Win32 Executable (17.6) |
.exe | | | Win32 EXE Yoda's Crypter (17.3) |
.dll | | | Win32 Dynamic Link Library (generic) (4.2) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2007:08:19 08:31:03+00:00 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
PEType: | PE32 |
LinkerVersion: | 2.5 |
CodeSize: | 45056 |
InitializedDataSize: | 4096 |
UninitializedDataSize: | 94208 |
EntryPoint: | 0x22240 |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3696 | "C:\Users\admin\Desktop\2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe" | C:\Users\admin\Desktop\2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
2428 | "C:\Users\admin\Desktop\SubDirectory\Ditto.exe" | C:\Users\admin\Desktop\SubDirectory\Ditto.exe | — | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Ditto Version: 3.18.46.0 Modules
|
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
Operation: | write | Name: | CachePrefix |
Value: | |||
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
(PID) Process: | (3696) 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
Operation: | write | Name: | CachePrefix |
Value: Visited: |
PID | Process | Filename | Type | |
---|---|---|---|---|
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\AppData\Local\Temp\conres.dll | executable | |
MD5:7574CF2C64F35161AB1292E2F532AABF | SHA256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\AppData\Local\Temp\A1D26E2\7C67B0CE70.tmp | executable | |
MD5:57A7C62870D0C85FF2A120AB2C74EF98 | SHA256:7B00E1221E8067896639552771BCFC4C57F3371B4DBB4AAF14A962EBBB32391F | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\RegCustomKeys.jpg | image | |
MD5:6B62918055AB1D2DF75FEA5E3C342471 | SHA256:40070FEC66EF4A190E1FCE76310574ECD574350113922BC512745C16DCA71304 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\DittoGettingStarted.htm | html | |
MD5:F7D216A98789BB2BD9CE67590E6124C5 | SHA256:AF8AC5071CEB59A84252EA797711DD5BACFA0F3F2C22F2D9CD3B385628433805 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Ditto.db | sqlite | |
MD5:5EBBF9C13ABC941C48AF610B90B65DCC | SHA256:A251E99108884BD01D8B1A46EC6A7BC710EED91000652B13B9B7AC6F51F549D4 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\DittoConfig.htm | html | |
MD5:E1A7002947A93276D4740610B3ACCBC8 | SHA256:8C9BB86F19622E9258F1BC19B813118CDEEBC0F0E4DF01FCC7514F1C48A3F8F1 | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Ditto.Settings | ini | |
MD5:E0CBD68347493DF5D4F6F232D508F0A8 | SHA256:DFE375BA181ACC0A808C87D9B61E1FE16E259D074345FA0640713725AB9A780F | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Help\DittoFAQ.htm | html | |
MD5:CAC002AB8E9539B820ABBB1040C05628 | SHA256:57D60A25370CB62DC44BD04AABC3864BC6613FEF04D6BB14BAEA4E6D51B009FB | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\AppData\Local\Temp\FP7EB9.tmp | text | |
MD5:516B8867D053E6C1A890A6B173B1D1D8 | SHA256:43B015FA314DD8EC8A70FF8623CB54208B7E68C3898F165F169EF1A25F44DAAA | |||
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | C:\Users\admin\Desktop\SubDirectory\Changes.txt | text | |
MD5:71C14E67118CE3865DBDC8B6E6F7F108 | SHA256:814E65878F4A845864BA8C7DB16C4C3857F16A40B9BC231CC1C06EED6BDED186 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.37.237.227:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
— | — | GET | 200 | 23.48.23.141:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | GET | 403 | 72.14.185.43:80 | http://www.aieov.com/logo.gif | unknown | — | — | malicious |
— | — | POST | 204 | 2.16.204.146:443 | https://www.bing.com/threshold/xls.aspx | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 23.48.23.141:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
— | — | 23.37.237.227:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3696 | 2025-01-10_eccd750b599a15690119fbd270198a90_floxif_magniber.exe | 72.14.185.43:80 | www.aieov.com | Linode, LLC | US | malicious |
188 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5064 | SearchApp.exe | 2.16.204.152:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
5isohu.com |
| whitelisted |
www.aieov.com |
| malicious |
www.bing.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |