File name:

magicmic_setup-com_filme.exe

Full analysis: https://app.any.run/tasks/f61955bd-9cb7-4523-96e5-11180d71e09b
Verdict: Malicious activity
Analysis date: November 30, 2023, 13:34:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

342F8DBE9C14AF2AFB8518E17557ABAC

SHA1:

B8354D4C59855A96F24E616CEAAF19D1CA391CA7

SHA256:

182BCF59D0318CCC49193E6108DF1536350273C179DC4E64E6E6F232917D1D87

SSDEEP:

98304:zqxBMPC1FBX0yRJUgpBi+1ukYP9c+1bsu3kdLeY03byAP5Yd1kWpaqcUw8aIM5vB:vG5b9CzoTPDLqX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Reads the Internet Settings

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Process requests binary or script from the Internet

      • magicmic_setup-com_filme.exe (PID: 1900)

  • INFO

    • Reads the computer name

      • magicmic_setup-com_filme.exe (PID: 1900)
      • wmpnscfg.exe (PID: 476)

    • Reads product name

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Checks supported languages

      • magicmic_setup-com_filme.exe (PID: 1900)
      • wmpnscfg.exe (PID: 476)

    • Creates files in the program directory

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Reads Environment values

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Checks proxy server information

      • magicmic_setup-com_filme.exe (PID: 1900)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 476)

    • Reads the machine GUID from the registry

      • magicmic_setup-com_filme.exe (PID: 1900)
      • wmpnscfg.exe (PID: 476)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:20 05:15:08+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 758272
InitializedDataSize: 5861376
UninitializedDataSize: -
EntryPoint: 0x800ef
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 4.1.0.3
ProductVersionNumber: 4.1.0.3
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: magicmic_setup-com_filme.exe
FileVersion: 4.1.0.3
LegalCopyright: Copyright © 2023 iMyFone. All rights reserved.
ProductName: iMyFone MagicMic
ProductVersion: 4.1.0.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start magicmic_setup-com_filme.exe wmpnscfg.exe no specs magicmic_setup-com_filme.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
476"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
1900"C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe" C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
magicmic_setup-com_filme.exe
Exit code:
0
Version:
4.1.0.3
Modules
Images
c:\users\admin\appdata\local\temp\magicmic_setup-com_filme.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3376"C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exe" C:\Users\admin\AppData\Local\Temp\magicmic_setup-com_filme.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
magicmic_setup-com_filme.exe
Exit code:
3221226540
Version:
4.1.0.3
Modules
Images
c:\users\admin\appdata\local\temp\magicmic_setup-com_filme.exe
c:\windows\system32\ntdll.dll
Total events
2 999
Read events
2 982
Write events
14
Delete events
3

Modification events

(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1900) magicmic_setup-com_filme.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(476) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BE65F60B-DD8C-43E3-AC82-CBD8C15D6A70}\{0A3B1C22-38C8-4C40-B706-3D2B9048DCFF}
Operation:delete keyName:(default)
Value:
(PID) Process:(476) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BE65F60B-DD8C-43E3-AC82-CBD8C15D6A70}
Operation:delete keyName:(default)
Value:
(PID) Process:(476) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{FBC75D9A-1E08-4859-BB31-5537A41A182F}
Operation:delete keyName:(default)
Value:
Executable files
0
Suspicious files
0
Text files
74
Unknown types
0

Dropped files

PID
Process
Filename
Type
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\pr_1.pngimage
MD5:03429CE2CBA331660C902DEFFF9B3B6F
SHA256:67EFEBAAC1ACC95AE229062AC9534E4046BF8D76272D09455C655C625FCD5188
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\pr_2.pngimage
MD5:CF6A855345D65B628E7C2BAE9A98E011
SHA256:968ACEF69619D2D1EA657881030A9565092302136D6DB4987BFBA96B8AD89986
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_2.pngimage
MD5:175557873DE4386DEB38356AACC26768
SHA256:E6BAA0E852E9A4DF81F76CB5ACC4C2300C9645E111FB840463F20DDA6A138831
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_1.pngimage
MD5:90FCC9FCC18A1A732EFC949A4C1CC3A2
SHA256:A4C2ADFA392B602773A010D3DB6697B69BA9F787AB034206DB32C76D1DE7D9B2
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\text.initext
MD5:F83CA6F59F21567C69D3094A8757C482
SHA256:5AE50E9C5CB50922A2BEA36E2D2A4EC0980556DD1B5115EFE8556F129B1AF247
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\UrlInfo.initext
MD5:C0FB37E1068167F8EC2A500BDB4501E0
SHA256:8FDF8D75A918ACC7513E340ACBBEF8A52C4615CB4BBD22F54944563096FE7996
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\install_tips.pngimage
MD5:880FCF6C7BA73F02B287E5E76CFBDFC1
SHA256:504FA820E90B1A82F8E36F9735A82E08DE5E795FCB649831D29C9491E82CC1EA
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Arabic\UrlInfo.initext
MD5:BB79A6B66F5BE3816051148733585FF0
SHA256:0BD099A66A5966A3151CD093A4CEBDC91A2D5C56C845B92B3F7F1B3FB1AF923A
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\Chinese\pr_3.pngimage
MD5:2DD1803268941954A1CD576C873CEBB0
SHA256:16F68F2B575DD70D67CCD5D59F601794597267F249398DEDC4F80AB188AE749D
1900magicmic_setup-com_filme.exeC:\Program Files\imyfone_down\magicmic_setup-com_filme\language\ChineseTW\pr_3.pngimage
MD5:8671500CE00E5B963D5A27B3E9C8E0A2
SHA256:580EE60F5D75C94AF0791B7B018FB61E753CF0254F21C6F05E0478E7D15A8A88
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
24
DNS requests
2
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1900
magicmic_setup-com_filme.exe
HEAD
200
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
HEAD
200
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
1900
magicmic_setup-com_filme.exe
GET
65.9.66.61:80
http://download.imyfone.com/imyfone/magicmic_setup_x64.exe
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1900
magicmic_setup-com_filme.exe
172.217.16.206:443
www.google-analytics.com
GOOGLE
US
whitelisted
1900
magicmic_setup-com_filme.exe
65.9.66.61:443
download.imyfone.com
AMAZON-02
US
unknown
1900
magicmic_setup-com_filme.exe
65.9.66.61:80
download.imyfone.com
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
download.imyfone.com
  • 65.9.66.61
  • 65.9.66.119
  • 65.9.66.97
  • 65.9.66.89
whitelisted
www.google-analytics.com
  • 172.217.16.206
whitelisted

Threats

PID
Process
Class
Message
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potentially Bad Traffic
ET POLICY Executable served from Amazon S3
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
AV POLICY HTTP request for .exe file with no User-Agent
1900
magicmic_setup-com_filme.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
magicmic_setup-com_filme.exe
[2] 32864284 ~ 49296425,length = 16432142
magicmic_setup-com_filme.exe
[3] 49296426 ~ 65728567,length = 16432142
magicmic_setup-com_filme.exe
[0] 0 ~ 16432141,length = 16432142
magicmic_setup-com_filme.exe
[1] 16432142 ~ 32864283,length = 16432142
magicmic_setup-com_filme.exe
[4] 65728568 ~ 82160711,length = 16432144
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
magicmic_setup-com_filme.exe