File name:

magicmic_setup-com_filme.exe

Full analysis: https://app.any.run/tasks/f61955bd-9cb7-4523-96e5-11180d71e09b
Verdict: Malicious activity
Analysis date: November 30, 2023, 13:34:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

342F8DBE9C14AF2AFB8518E17557ABAC

SHA1:

B8354D4C59855A96F24E616CEAAF19D1CA391CA7

SHA256:

182BCF59D0318CCC49193E6108DF1536350273C179DC4E64E6E6F232917D1D87

SSDEEP:

98304:zqxBMPC1FBX0yRJUgpBi+1ukYP9c+1bsu3kdLeY03byAP5Yd1kWpaqcUw8aIM5vB:vG5b9CzoTPDLqX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Reads the Internet Settings

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Process requests binary or script from the Internet

      • magicmic_setup-com_filme.exe (PID: 1900)

  • INFO

    • Reads the computer name

      • magicmic_setup-com_filme.exe (PID: 1900)
      • wmpnscfg.exe (PID: 476)

    • Checks supported languages

      • magicmic_setup-com_filme.exe (PID: 1900)
      • wmpnscfg.exe (PID: 476)

    • Creates files in the program directory

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 476)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 476)
      • magicmic_setup-com_filme.exe (PID: 1900)

    • Reads product name

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Checks proxy server information

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Reads Environment values

      • magicmic_setup-com_filme.exe (PID: 1900)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:20 05:15:08+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 758272
InitializedDataSize: 5861376
UninitializedDataSize: -
EntryPoint: 0x800ef
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.1.0.3
ProductVersionNumber: 4.1.0.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: magicmic_setup-com_filme.exe
FileVersion: 4.1.0.3
LegalCopyright: Copyright © 2023 iMyFone. All rights reserved.
ProductName: iMyFone MagicMic
ProductVersion: 4.1.0.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start magicmic_setup-com_filme.exe wmpnscfg.exe no specs magicmic_setup-com_filme.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
476"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
1900"C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe" C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
magicmic_setup-com_filme.exe
Exit code:
0
Version:
4.1.0.3
Modules
Images
c:\users\admin\appdata\local\temp\magicmic_setup-com_filme.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3376"C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe" C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
magicmic_setup-com_filme.exe
Exit code:
3221226540
Version:
4.1.0.3
Modules
Images
c:\users\admin\appdata\local\temp\magicmic_setup-com_filme.exe
c:\windows\system32\ntdll.dll
Total events
2 999
Read events
2 982
Write events
14
Delete events
3

Modification events

(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(476) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BE65F60B-DD8C-43E3-AC82-CBD8C15D6A70}\{0A3B1C22-38C8-4C40-B706-3D2B9048DCFF}
Operation:delete keyName:(default)
Value:
(PID) Process:(476) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BE65F60B-DD8C-43E3-AC82-CBD8C15D6A70}
Operation:delete keyName:(default)
Value:
(PID) Process:(476) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{FBC75D9A-1E08-4859-BB31-5537A41A182F}
Operation:delete keyName:(default)
Value:
Executable files
0
Suspicious files
0
Text files
74
Unknown types
0

Dropped files

PID
Process
Filename
Type
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\pr_2.pngimage
MD5:CF6A855345D65B628E7C2BAE9A98E011
SHA256:968ACEF69619D2D1EA657881030A9565092302136D6DB4987BFBA96B8AD89986
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\pr_1.pngimage
MD5:03429CE2CBA331660C902DEFFF9B3B6F
SHA256:67EFEBAAC1ACC95AE229062AC9534E4046BF8D76272D09455C655C625FCD5188
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\UrlInfo.initext
MD5:BB79A6B66F5BE3816051148733585FF0
SHA256:0BD099A66A5966A3151CD093A4CEBDC91A2D5C56C845B92B3F7F1B3FB1AF923A
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\text.initext
MD5:F83CA6F59F21567C69D3094A8757C482
SHA256:5AE50E9C5CB50922A2BEA36E2D2A4EC0980556DD1B5115EFE8556F129B1AF247
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_1.pngimage
MD5:90FCC9FCC18A1A732EFC949A4C1CC3A2
SHA256:A4C2ADFA392B602773A010D3DB6697B69BA9F787AB034206DB32C76D1DE7D9B2
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\install_tips.pngimage
MD5:880FCF6C7BA73F02B287E5E76CFBDFC1
SHA256:504FA820E90B1A82F8E36F9735A82E08DE5E795FCB649831D29C9491E82CC1EA
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_2.pngimage
MD5:175557873DE4386DEB38356AACC26768
SHA256:E6BAA0E852E9A4DF81F76CB5ACC4C2300C9645E111FB840463F20DDA6A138831
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\install_tips.pngimage
MD5:28FBF016E49EED024EBC37A11E1F883A
SHA256:78AFDAF35FA6173B08621270842B5D8D899B966FFDFA986A9E98F372AFD4F419
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\ChineseTW\install_tips.pngimage
MD5:992528F19FEDA5FD91B78FBFB21349A0
SHA256:C5618D6781D1A5120ECE2DB6E29492B8393FE91CCE512CBCFA30DDC27C1C0790
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\ChineseTW\UrlInfo.initext
MD5:1A6C5CDC1095637B092E2B799508AF80
SHA256:3D85DFFAF2252D89D4B98BC702C3FADC789488478FC905FA2576172C0E207E88
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
24
DNS requests
2
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1900
magicmic_setup-com_filme.exe
HEAD
200
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
HEAD
200
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1900
magicmic_setup-com_filme.exe
172.217.16.206:443
www.google-analytics.com
GOOGLE
US
whitelisted
1900
magicmic_setup-com_filme.exe
65.9.66.61:443
download.imyfone.com
AMAZON-02
US
unknown
1900
magicmic_setup-com_filme.exe
65.9.66.61:80
download.imyfone.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
download.imyfone.com
  • 65.9.66.61
  • 65.9.66.119
  • 65.9.66.97
  • 65.9.66.89
whitelisted
www.google-analytics.com
  • 172.217.16.206
whitelisted

Threats

PID
Process
Class
Message
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
magicmic_setup-com_filme.exe
[2] 32864284 ~ 49296425,length = 16432142
magicmic_setup-com_filme.exe
[3] 49296426 ~ 65728567,length = 16432142
magicmic_setup-com_filme.exe
[0] 0 ~ 16432141,length = 16432142
magicmic_setup-com_filme.exe
[1] 16432142 ~ 32864283,length = 16432142
magicmic_setup-com_filme.exe
[4] 65728568 ~ 82160711,length = 16432144
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
magicmic_setup-com_filme.exe