File name:

ACE_Studio_Installer_1.0.0_71_x64.exe

Full analysis: https://app.any.run/tasks/e6aa7fd8-7a85-4368-a483-359f8a3568b7
Verdict: Malicious activity
Analysis date: December 03, 2024, 08:12:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

5C8ACC13AC216952410860FFEC2386BA

SHA1:

16102D3C9477A72667BDF8BE0BBC84DCC54D8F1E

SHA256:

166817501BAFCF03B9BBEEB88C7863B605674D53BCF3C463C952A298D40575D4

SSDEEP:

98304:cXlDafyZo3Ef0fyXrVYsWr1UdO7rUIx3hCFMzIG9fD2s1yyVOCdgR8lk/EaepLn0:5P2EMa8JIZ2XIOpt/4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ACE_Studio_Installer_1.0.0_71_x64.exe (PID: 512)

    • Process drops legitimate windows executable

      • ACE_Studio_Installer_1.0.0_71_x64.exe (PID: 512)

    • The process drops C-runtime libraries

      • ACE_Studio_Installer_1.0.0_71_x64.exe (PID: 512)

  • INFO

    • Checks supported languages

      • ACE Studio Installer.exe (PID: 3736)
      • ACE_Studio_Installer_1.0.0_71_x64.exe (PID: 512)

    • Create files in a temporary directory

      • ACE_Studio_Installer_1.0.0_71_x64.exe (PID: 512)

    • Sends debugging messages

      • ACE Studio Installer.exe (PID: 3736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:08:11 13:00:00+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 28672
InitializedDataSize: 119296
UninitializedDataSize: -
EntryPoint: 0x7bd4
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: ACCIDENTAL AI PTE. LTD.
FileDescription: ACE Studio Online Installer Package
FileVersion: 1.0.0.0
InternalName: ACEStudioOnlineInstallerPackage.exe
LegalCopyright: Copyright 2024 ACCIDENTAL AI PTE. LTD. All Rights Reserved.
OriginalFileName: ACEStudioOnlineInstallerPackage.exe
ProductName: ACE Studio Online Installer
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
124
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start ace_studio_installer_1.0.0_71_x64.exe ace studio installer.exe ace_studio_installer_1.0.0_71_x64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Users\admin\Desktop\ACE_Studio_Installer_1.0.0_71_x64.exe" C:\Users\admin\Desktop\ACE_Studio_Installer_1.0.0_71_x64.exe
explorer.exe
User:
admin
Company:
ACCIDENTAL AI PTE. LTD.
Integrity Level:
HIGH
Description:
ACE Studio Online Installer Package
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\ace_studio_installer_1.0.0_71_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3736"C:\Users\admin\AppData\Local\Temp\7z3484B200\bin\ACE Studio Installer.exe" C:\Users\admin\AppData\Local\Temp\7z3484B200\bin\ACE Studio Installer.exe
ACE_Studio_Installer_1.0.0_71_x64.exe
User:
admin
Integrity Level:
HIGH
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\7z3484b200\bin\ace studio installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
3876"C:\Users\admin\Desktop\ACE_Studio_Installer_1.0.0_71_x64.exe" C:\Users\admin\Desktop\ACE_Studio_Installer_1.0.0_71_x64.exeexplorer.exe
User:
admin
Company:
ACCIDENTAL AI PTE. LTD.
Integrity Level:
MEDIUM
Description:
ACE Studio Online Installer Package
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\ace_studio_installer_1.0.0_71_x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
7 691
Read events
7 691
Write events
0
Delete events
0

Modification events

No data
Executable files
27
Suspicious files
3
Text files
1
Unknown types
5

Dropped files

PID
Process
Filename
Type
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\LICENSE.txttext
MD5:0897B7630E8A9C6B40DE644FF074B3B7
SHA256:4EFCAABA627A1DCFF59B8A26F21F7FD1AF60CFD89B7B4677F19044EE106D8308
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\qtbase_ja.qmqm
MD5:11D3D147BED6C705801C82C69948F304
SHA256:2B9581C69B975F59BE505B127CD3C19D403EF3D12E0E8386FB97238223E9C1DF
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\ace_installer_zh.qmqm
MD5:9004EA6574224C48774044D94E397869
SHA256:9AFE3CFA9E74AF1A1C93BF3444D174EA4EC1B12AA48EFDC71C462140775F6F44
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\ACE Studio Installer.exeexecutable
MD5:D3BF0F402ECC5C25C89EA9F505D57178
SHA256:41A13C7B40355660982EFB3768371BBCF2D5D786D7CC7132E24E754C5B846D11
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\qtbase_zh_CN.qmqm
MD5:79A95BFE85429465AEAC4EC86EBE1352
SHA256:89A77D00384F85D6B15FB1CC8168829D8D9499E107D9D4055019FA6C7E3C0400
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\qtbase_zh_TW.qmqm
MD5:CA0A16EB14D6C36A0EA90A4D4CA3832E
SHA256:21012B2B427F8D09D31CE9CAE582CA27955B478CA3DC2EC18A3068D808638C6A
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\generic\qtuiotouchplugin.dllexecutable
MD5:A34DC43E1981E2354FDF7B2802FA58A6
SHA256:0EEEED6CB879F64880C804080F5BF72AB9021015B5861591820F7B115388AC66
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\ace_installer_jp.qmqm
MD5:C41619DDD4FB9B3913BECC73C4CAD6CA
SHA256:5CFF3AF8E019DE59F877FC0EEF830DA3DA99AAED1F248385E48B8B4B380676DE
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\ace_installer_es.qmqm
MD5:45ECE4890744812137B5DC55D53E073D
SHA256:B65C2E4B06763B5A9CFACB000A31D44AB8C7F8FB6E712638E43E8A9A75CD8114
512ACE_Studio_Installer_1.0.0_71_x64.exeC:\Users\admin\AppData\Local\Temp\7z3484B200\bin\translations\ace_installer_zht.qmqm
MD5:CF03004FA4E4C6FE867690E6387CA80E
SHA256:BF12A5E6767C45EF282E989F6547AD233E1D096054CE6FF5B686ADCD42DE756B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
19
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4328
RUXIMICS.exe
GET
200
23.216.77.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2632
svchost.exe
GET
200
23.216.77.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2632
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.216.77.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4328
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
163.171.132.230:443
https://as-api.tdacestudio.com/api/as/conf/dl
unknown
binary
446 b
GET
200
163.171.132.230:443
https://as-api-ws-cdn-1.tdacestudio.com/app/conf/version/ACE_Studio_1.9.4_688_x64_general.exe
unknown
executable
188 Mb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4328
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2632
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2632
svchost.exe
23.216.77.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4328
RUXIMICS.exe
23.216.77.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.216.77.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2632
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4328
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 23.216.77.8
  • 23.216.77.35
  • 23.216.77.25
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
as-api.tdacestudio.com
  • 163.171.132.230
unknown
as-api-ws-cdn-1.tdacestudio.com
  • 163.171.132.230
unknown
self.events.data.microsoft.com
  • 104.208.16.92
whitelisted

Threats

No threats detected
Process
Message
ACE Studio Installer.exe
qt.core.qobject.connect: QObject::connect(QObject, Unknown): invalid nullptr parameter
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ACE_Studio_Installer_1.0.0_71_x64.exe