File name:

s3browser-11-5-7.exe

Full analysis: https://app.any.run/tasks/5cb76730-fb54-439b-99a7-2cbd2ce75b4e
Verdict: Malicious activity
Analysis date: February 14, 2024, 12:59:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

8FA72046C580279257B607BB2826804E

SHA1:

5DC9437DF1661055518F8FA1BC952FAD7083C844

SHA256:

F81C51F37F3F0F7B8AA904A8F94A555E65B77DF921DFBFEC8DA43B462F88F4E6

SSDEEP:

98304:1+QqZ8f1TAhUYrXVGeHkm3bv54GepGhiFGZ3sOvWERyvzGB8VyKigqcI+lVjgQ7e:FhpXvEP9Cz4hMs1+6l7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • s3browser-11-5-7.exe (PID: 3848)
      • s3browser-11-5-7.tmp (PID: 3948)
      • s3browser-11-5-7.exe (PID: 2472)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • s3browser-11-5-7.tmp (PID: 3948)

    • Executable content was dropped or overwritten

      • s3browser-11-5-7.exe (PID: 3848)
      • s3browser-11-5-7.tmp (PID: 3948)
      • s3browser-11-5-7.exe (PID: 2472)

  • INFO

    • Checks supported languages

      • s3browser-11-5-7.exe (PID: 2472)
      • s3browser-11-5-7.exe (PID: 3848)
      • s3browser-11-5-7.tmp (PID: 3948)
      • s3browser-cli.exe (PID: 2332)
      • s3browser-11-5-7.tmp (PID: 3700)
      • s3browser-win32.exe (PID: 3392)
      • s3browser-win32.exe (PID: 2896)

    • Reads the computer name

      • s3browser-11-5-7.tmp (PID: 3948)
      • s3browser-cli.exe (PID: 2332)
      • s3browser-11-5-7.tmp (PID: 3700)
      • s3browser-win32.exe (PID: 2896)
      • s3browser-win32.exe (PID: 3392)

    • Create files in a temporary directory

      • s3browser-11-5-7.tmp (PID: 3948)
      • s3browser-11-5-7.exe (PID: 2472)
      • s3browser-11-5-7.exe (PID: 3848)

    • Creates files in the program directory

      • s3browser-cli.exe (PID: 2332)
      • s3browser-11-5-7.tmp (PID: 3948)

    • Reads the machine GUID from the registry

      • s3browser-cli.exe (PID: 2332)
      • s3browser-win32.exe (PID: 2896)
      • s3browser-win32.exe (PID: 3392)

    • Creates files or folders in the user directory

      • s3browser-win32.exe (PID: 3392)

    • Manual execution by a user

      • explorer.exe (PID: 4008)
      • s3browser-win32.exe (PID: 2896)

    • Creates a software uninstall entry

      • s3browser-11-5-7.tmp (PID: 3948)

    • Reads Environment values

      • s3browser-win32.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:06:03 08:09:11+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 89088
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 11.5.7.0
ProductVersionNumber: 11.5.7.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Netsdk Software FZE
FileDescription: S3 Browser version 11.5.7
FileVersion: 11.5.7
LegalCopyright: Copyright © 2008-2024 Netsdk Software FZE
OriginalFileName:
ProductName: S3 Browser
ProductVersion: 11.5.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start s3browser-11-5-7.exe s3browser-11-5-7.tmp no specs s3browser-11-5-7.exe s3browser-11-5-7.tmp s3browser-cli.exe no specs explorer.exe no specs s3browser-win32.exe no specs s3browser-win32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2332"C:\Users\admin\AppData\Local\Temp\is-6I6JF.tmp\s3browser-cli.exe" /license o C:\Users\admin\AppData\Local\Temp\is-6I6JF.tmp\Xf7eae1c5435f4405a0cea8cf7f79d058C:\Users\admin\AppData\Local\Temp\is-6I6JF.tmp\s3browser-cli.exes3browser-11-5-7.tmp
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
HIGH
Description:
S3 Browser Command Line Interface
Exit code:
0
Version:
11.5.7
Modules
Images
c:\users\admin\appdata\local\temp\is-6i6jf.tmp\s3browser-cli.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2472"C:\Users\admin\Downloads\s3browser-11-5-7.exe" C:\Users\admin\Downloads\s3browser-11-5-7.exe
explorer.exe
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
MEDIUM
Description:
S3 Browser version 11.5.7
Exit code:
0
Version:
11.5.7
Modules
Images
c:\users\admin\downloads\s3browser-11-5-7.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2896"C:\Program Files\S3 Browser\s3browser-win32.exe" C:\Program Files\S3 Browser\s3browser-win32.exeexplorer.exe
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
MEDIUM
Description:
S3 Browser - User Interface for Amazon S3 Service
Exit code:
0
Version:
11.5.7
Modules
Images
c:\program files\s3 browser\s3browser-win32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3392"C:\Program Files\S3 Browser\s3browser-win32.exe"C:\Program Files\S3 Browser\s3browser-win32.exes3browser-11-5-7.tmp
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
MEDIUM
Description:
S3 Browser - User Interface for Amazon S3 Service
Exit code:
0
Version:
11.5.7
Modules
Images
c:\program files\s3 browser\s3browser-win32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3700"C:\Users\admin\AppData\Local\Temp\is-LPHHV.tmp\s3browser-11-5-7.tmp" /SL5="$E0170,9165163,831488,C:\Users\admin\Downloads\s3browser-11-5-7.exe" C:\Users\admin\AppData\Local\Temp\is-LPHHV.tmp\s3browser-11-5-7.tmps3browser-11-5-7.exe
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-lphhv.tmp\s3browser-11-5-7.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3848"C:\Users\admin\Downloads\s3browser-11-5-7.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\Downloads\s3browser-11-5-7.exe
s3browser-11-5-7.tmp
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
HIGH
Description:
S3 Browser version 11.5.7
Exit code:
0
Version:
11.5.7
Modules
Images
c:\users\admin\downloads\s3browser-11-5-7.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3948"C:\Users\admin\AppData\Local\Temp\is-28J4F.tmp\s3browser-11-5-7.tmp" /SL5="$100130,9165163,831488,C:\Users\admin\Downloads\s3browser-11-5-7.exe" /SPAWNWND=$17013E /NOTIFYWND=$E0170 C:\Users\admin\AppData\Local\Temp\is-28J4F.tmp\s3browser-11-5-7.tmp
s3browser-11-5-7.exe
User:
admin
Company:
Netsdk Software FZE
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-28j4f.tmp\s3browser-11-5-7.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4008"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
5 235
Read events
5 201
Write events
28
Delete events
6

Modification events

(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
6C0F00005E9009B4455FDA01
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
A9BDE9E938B566223EB3130CF10D118CF7787F552E71EF567700888A35FB3C4D
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\S3 Browser\s3browser-win32.exe
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
7ED80E5DCFA0E01D420D543B2A36D88453536DCC7E7E9B9091769E35801B482B
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S3 Browser_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.0
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S3 Browser_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\S3 Browser
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S3 Browser_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\S3 Browser\
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S3 Browser_is1
Operation:writeName:Inno Setup: Icon Group
Value:
S3 Browser
(PID) Process:(3948) s3browser-11-5-7.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S3 Browser_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
21
Suspicious files
5
Text files
21
Unknown types
0

Dropped files

PID
Process
Filename
Type
2472s3browser-11-5-7.exeC:\Users\admin\AppData\Local\Temp\is-LPHHV.tmp\s3browser-11-5-7.tmpexecutable
MD5:C9D54D4DED3D395F6F5530EA567A9F77
SHA256:40E79285F90AE7A8DEF88FBA6D8DAC114A3779312F8FEC9982DB12A243405EAB
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\is-2UNDF.tmpexecutable
MD5:8DB0DEEFB5F229D2CAE3D3F50DAE3A09
SHA256:B244DD73285D7FCB80AF772C8EF3BDC1EE96833A751EAEF43FFB775757DF73C3
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\unins000.exeexecutable
MD5:8DB0DEEFB5F229D2CAE3D3F50DAE3A09
SHA256:B244DD73285D7FCB80AF772C8EF3BDC1EE96833A751EAEF43FFB775757DF73C3
3948s3browser-11-5-7.tmpC:\Users\admin\AppData\Local\Temp\is-6I6JF.tmp\BouncyCastle.Crypto.dllexecutable
MD5:B25DAA8EFC39E339925ECB3219DE6922
SHA256:994D789C57B167249C131890355A951A9706D9283E149C66149B562548074B1C
3948s3browser-11-5-7.tmpC:\Users\admin\AppData\Local\Temp\is-6I6JF.tmp\s3browser-cli.exeexecutable
MD5:B712D1BAF2D1C6837C0203FF03A70322
SHA256:E2E53825F531A35305B1B3B6A8717523DD0D49BB0A10BB12BACD3291CA821623
3848s3browser-11-5-7.exeC:\Users\admin\AppData\Local\Temp\is-28J4F.tmp\s3browser-11-5-7.tmpexecutable
MD5:C9D54D4DED3D395F6F5530EA567A9F77
SHA256:40E79285F90AE7A8DEF88FBA6D8DAC114A3779312F8FEC9982DB12A243405EAB
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\is-QQNFN.tmpexecutable
MD5:B712D1BAF2D1C6837C0203FF03A70322
SHA256:E2E53825F531A35305B1B3B6A8717523DD0D49BB0A10BB12BACD3291CA821623
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\is-10H8Q.tmpexecutable
MD5:590E5AFE220A0C3026F74D3755FA02D0
SHA256:AF5B1FB39057401C23777A5A93EB262DD3202322A4B33C39AAEBBBCBA4E19258
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\s3browser-win32.exeexecutable
MD5:590E5AFE220A0C3026F74D3755FA02D0
SHA256:AF5B1FB39057401C23777A5A93EB262DD3202322A4B33C39AAEBBBCBA4E19258
3948s3browser-11-5-7.tmpC:\Program Files\S3 Browser\s3browser-cli.exeexecutable
MD5:B712D1BAF2D1C6837C0203FF03A70322
SHA256:E2E53825F531A35305B1B3B6A8717523DD0D49BB0A10BB12BACD3291CA821623
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
s3browser-11-5-7.exe