File name:

Spectrasonics_2048_KeyGen.exe

Full analysis: https://app.any.run/tasks/d39d794d-b53e-4c2b-8e58-81a4e71a19e4
Verdict: Malicious activity
Analysis date: April 18, 2024, 14:22:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

58EEA1E1181960442A0D9CE89FEA5029

SHA1:

9EAD9D5A8468F3FF6F0A743D988C38E72D91D9D3

SHA256:

0827ECA9BE62E90069619A2468AB028BECA780BDBC5686A12201CE5503B5C086

SSDEEP:

49152:S3sUkC86enASwmmgX98pNa2ILFuiEFnd7EHzta8+oxw3y1LEZH1yJNk4KsAXz6sg:S8Uf86NS0gG9ILgiwdQHztT+D3lZHs0o

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Spectrasonics_2048_KeyGen.exe (PID: 3108)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Spectrasonics_2048_KeyGen.exe (PID: 3108)

  • INFO

    • Checks supported languages

      • Spectrasonics_2048_KeyGen.exe (PID: 3108)
      • keygen.exe (PID: 2548)

    • Reads the computer name

      • Spectrasonics_2048_KeyGen.exe (PID: 3108)
      • keygen.exe (PID: 2548)

    • Create files in a temporary directory

      • Spectrasonics_2048_KeyGen.exe (PID: 3108)
      • keygen.exe (PID: 2548)

    • Reads the machine GUID from the registry

      • keygen.exe (PID: 2548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:02 03:20:09+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 120320
UninitializedDataSize: 1024
EntryPoint: 0x326c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start spectrasonics_2048_keygen.exe keygen.exe no specs spectrasonics_2048_keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1288"C:\Users\admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exe" C:\Users\admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\spectrasonics_2048_keygen.exe
c:\windows\system32\ntdll.dll
2548C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeSpectrasonics_2048_KeyGen.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3108"C:\Users\admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exe" C:\Users\admin\AppData\Local\Temp\Spectrasonics_2048_KeyGen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\spectrasonics_2048_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 531
Read events
2 531
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
1
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3108Spectrasonics_2048_KeyGen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
3108Spectrasonics_2048_KeyGen.exeC:\Users\admin\AppData\Local\Temp\bgm.itit
MD5:31F24C0967530394A64CB82AC06A1E2F
SHA256:E66ACF2363DAB9A21265651887799B00DC1413B2F70155B9B94A4BB9CFF045BB
3108Spectrasonics_2048_KeyGen.exeC:\Users\admin\AppData\Local\Temp\R2RSS2048.dllexecutable
MD5:5251061E35D93C31CBE099A44471D7E1
SHA256:7599B34CF950F73A13CD78C560D6BC80ED69A956E2128E2FEF3ABB43E5DB0DA4
3108Spectrasonics_2048_KeyGen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeexecutable
MD5:4715CFFA565E67A3CF9F79BB1D148F54
SHA256:A8D8EC3F3082CA04F5A7A551090001E8827E186779001338E32F2D7C8BB93388
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Spectrasonics_2048_KeyGen.exe