File name: | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe |
Full analysis: | https://app.any.run/tasks/4a1fd3d1-80ef-4b2a-bd34-bbf51c55063e |
Verdict: | Malicious activity |
Analysis date: | January 11, 2025, 01:12:25 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.microsoft.portable-executable |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 4 sections |
MD5: | E092626673A02BF159D25015CEEBD22D |
SHA1: | 1D27DA3B192E0E95033D9F1046A80CDDAADEFF8B |
SHA256: | F74890A14B0DC466298A5D1F03DEACC22296F0B14AD6E447CA8631A54449F01C |
SSDEEP: | 12288:XvVVVVVVVVIuFTDhSfWJUNo5kUe7UvVVVVVVVVguFTDhSfWJUNo5kUe7YWs:AuFRSfWJUq5kUehuFRSfWJUq5kUes1 |
.exe | | | Win32 Executable MS Visual C++ (generic) (30.9) |
---|---|---|
.exe | | | Win64 Executable (generic) (27.3) |
.exe | | | UPX compressed Win32 Executable (26.8) |
.dll | | | Win32 Dynamic Link Library (generic) (6.5) |
.exe | | | Win32 Executable (generic) (4.4) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x2130 |
UninitializedDataSize: | 24576 |
InitializedDataSize: | 4096 |
CodeSize: | 8192 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug |
TimeStamp: | 2011:03:15 04:06:07+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
644 | "C:\Users\admin\Desktop\f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe" | C:\Users\admin\Desktop\f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | — | ||
MD5:— | SHA256:— | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\bootmgr.tmp | executable | |
MD5:F0A1C8EE54A044DEE90FCC6CD3387ECF | SHA256:1E4309BE7EEFB9943A7F1DB810FA7B04451885492290274C0017048213F552BA | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\bootTel.dat.tmp | executable | |
MD5:C83481DD6996397265DAEC3243F8E1D0 | SHA256:387070A8C0B1EC530C0ACFE2183B89E86145B7DB36D95A4EB5C033E061E793DD | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.tmp | executable | |
MD5:B2A8746A07859157C9DE5874DD3FC7D5 | SHA256:AF65A14A0E0622D33C236FFBB51BF6AAB2683531050F560867F2D574054899E5 | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.tmp | executable | |
MD5:887A8533D1993B945AEA5F353655510D | SHA256:AA31242BFFFC2A26CA4EEF44A57B703443DE94DC80C4BCBABBD0116C444E0536 | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\BOOTNXT.tmp | executable | |
MD5:E50031DFCE1DBAC758EBB837AAC3F841 | SHA256:B0283B8A3F005ADDAF3B7A11214485ED67E3A12AFE0C4CDFEF076DB2CD19F24D | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\cef_200_percent.pak.tmp | executable | |
MD5:DFC0D0E3B02849A93BAE888E98FFC5C6 | SHA256:3DB00DC40E68115768A8CF8A45A1C71CB390DF85BECB2342CD4F5A0B9359AA49 | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\$Recycle.Bin\S-1-5-21-1693682860-607145093-2874071422-1001\desktop.ini.exe | executable | |
MD5:B2A8746A07859157C9DE5874DD3FC7D5 | SHA256:AF65A14A0E0622D33C236FFBB51BF6AAB2683531050F560867F2D574054899E5 | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.tmp | executable | |
MD5:12D9E19A4C1999301A254929D57923C8 | SHA256:985C95DEEDA7DF7ADE3A6BBD7D18F6EC764AA8BB557BE43C3402B9163EF240E5 | |||
644 | f74890a14b0dc466298a5d1f03deacc22296f0b14ad6e447ca8631a54449f01c.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.tmp | executable | |
MD5:CF26849868F11E65E342A8CC41BC6045 | SHA256:CCA274146661F57F8750945C6B97A5E2C2D732EDC01905A6C34D49B5BF810A03 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4712 | MoUsoCoreWorker.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
716 | svchost.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
716 | svchost.exe | GET | 200 | 2.16.241.19:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4712 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
716 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 2.23.227.208:443 | www.bing.com | Ooredoo Q.S.C. | QA | whitelisted |
716 | svchost.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4712 | MoUsoCoreWorker.exe | 2.16.241.19:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
716 | svchost.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
4712 | MoUsoCoreWorker.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |