File name:

IE7-WindowsXP-x86-enu.exe

Full analysis: https://app.any.run/tasks/88eceeac-605a-4ee0-b665-19a1f5ecb61e
Verdict: Malicious activity
Analysis date: March 12, 2024, 10:30:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3E8AC39C185A6171C13170CDE39B07E5

SHA1:

9396DF4CC15E501C8229F806DB6EA082FE0C192A

SHA256:

FAD3F562049C481B3F163FA066070F09D4FD69DE41A87012CF4243DCB4606C9A

SSDEEP:

98304:FPI5Rv6PZ7m+9BDIOAC6MJGhCRZ140oz139WPqPPMesYf7Z8ZYPYj4gmqheAr8+8:VvAFGr2+oCeTP0yNr8S1KVAFsjzFSZB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

    • Starts a Microsoft application from unusual location

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

    • Executable content was dropped or overwritten

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

    • The process creates files with name similar to system file names

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

    • Checks Windows Trust Settings

      • iesetup.exe (PID: 3464)

    • Reads security settings of Internet Explorer

      • iesetup.exe (PID: 3464)

    • Reads settings of System Certificates

      • iesetup.exe (PID: 3464)

  • INFO

    • Checks supported languages

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)
      • iesetup.exe (PID: 3464)

    • Reads the computer name

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)
      • iesetup.exe (PID: 3464)

    • Reads Environment values

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)

    • Reads the machine GUID from the registry

      • IE7-WindowsXP-x86-enu.exe (PID: 4052)
      • iesetup.exe (PID: 3464)

    • Reads the software policy settings

      • iesetup.exe (PID: 3464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (82.5)
.exe | Win32 Executable MS Visual C++ (generic) (7.3)
.exe | Win64 Executable (generic) (6.5)
.dll | Win32 Dynamic Link Library (generic) (1.5)
.exe | Win32 Executable (generic) (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2005:06:28 16:55:01+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 7.1
CodeSize: 31232
InitializedDataSize: 72704
UninitializedDataSize: -
EntryPoint: 0x5a45
OSVersion: 5.2
ImageVersion: 5.2
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.2.29.0
ProductVersionNumber: 6.2.29.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Self-Extracting Cabinet
FileVersion: 6.2.0029.0 (SRV03_QFE.031113-0918)
InternalName: SFXCAB.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: SFXCAB.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.2.0029.0
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ie7-windowsxp-x86-enu.exe iesetup.exe no specs iesetup.exe

Process information

PID
CMD
Path
Indicators
Parent process
1432c:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exeIE7-WindowsXP-x86-enu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Internet Explorer 7 Setup Utility
Exit code:
3221226540
Version:
7.00.5730.13 (longhorn(wmbla).070711-1130)
Modules
Images
c:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exe
c:\windows\system32\ntdll.dll
3464c:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exe
IE7-WindowsXP-x86-enu.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Internet Explorer 7 Setup Utility
Exit code:
7
Version:
7.00.5730.13 (longhorn(wmbla).070711-1130)
Modules
Images
c:\6f71bd36e6f271075eaed43e8f66a7e6\update\iesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4052"C:\Users\admin\AppData\Local\Temp\IE7-WindowsXP-x86-enu.exe" C:\Users\admin\AppData\Local\Temp\IE7-WindowsXP-x86-enu.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Self-Extracting Cabinet
Exit code:
7
Version:
6.2.0029.0 (SRV03_QFE.031113-0918)
Modules
Images
c:\users\admin\appdata\local\temp\ie7-windowsxp-x86-enu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
3 297
Read events
3 277
Write events
17
Delete events
3

Modification events

(PID) Process:(3464) iesetup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3464) iesetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(3464) iesetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3464) iesetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(3464) iesetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
Executable files
105
Suspicious files
8
Text files
13
Unknown types
3

Dropped files

PID
Process
Filename
Type
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\inetres.admtext
MD5:0C308738379FFA5C150ADB8BE2ED088D
SHA256:2306B6284797139AEE71D4BEA7B95D6912B5693AF87763D368067EFE16A28A51
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\iexplore.chmbinary
MD5:652E46500C149D1DC948BF9CEA8C4933
SHA256:F1A19551FAF789CCB0A87ED4B408258FAD566D66E15AA52EB913A6282308FA1D
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\inetcpl.cplexecutable
MD5:8DF54F96C75FC47C796388E456EBF729
SHA256:0B6C4F6021B17F9CEF33BC0816218890216AFCF07FDC6294A7F26F8E52EB61A5
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\ieakmmc.chmchm
MD5:875A6099E32E9C725616378F88052099
SHA256:8FC59DFFE4DBCEBCA4A6A3762C234BF3A80133DC30514383BEBB78C32D83F9A0
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\dxtrans.dllexecutable
MD5:EB9AE6FD83FF2510344B33900604A14C
SHA256:A3514E77D3AABC764F4E4E27DB307188B71E4BA27DD66EFFBF60BB802CB3C41B
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\corpol.dllexecutable
MD5:9B741F096FA9A49651080498920604FD
SHA256:7EC1B93BC29923082E9F351EF26F85E7365DC3FE76384921488765F6210EDE15
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\admparse.dllexecutable
MD5:63EBA242A5E4DCEEC88CB727A117B7AD
SHA256:652CCCD11608E08BBBECCF1500E9E5061C94D67A90298620BF792D7F8A1B0F5E
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\iesupp.chmbinary
MD5:D8B7DFD9766DD86DB642655B96CADF05
SHA256:3DD037288BE1A466A66C9EF465ECD7D111A3691A812F45685C021234E7061774
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\advpack.dllexecutable
MD5:F9D975BD4E56B05795A56ABB7829D3A3
SHA256:F7BF3B7B77BA27A8D61A2F4C837DC7225AE5165F963C8DDF1FE462D12A0201E8
4052IE7-WindowsXP-x86-enu.exeC:\6f71bd36e6f271075eaed43e8f66a7e6\ieaksie.dllexecutable
MD5:10D7F6DC4A61F47CA5FF56CAE4A97DA4
SHA256:D0E60574A7DA1FFF50D652F89A827CE3681DD71E6B73939034EFAE69D52B0141
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IE7-WindowsXP-x86-enu.exe