File name:

Uninstall iZotope Ozone 7 Advanced.exe

Full analysis: https://app.any.run/tasks/f09b4854-a0b9-405e-bd48-b3dcf08f9b54
Verdict: Malicious activity
Analysis date: March 24, 2024, 19:14:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5:

CCE294B123F434F8B3D0E89D34A60AC1

SHA1:

1C62ED1C04EE63DBB68A47F533C492A89649759F

SHA256:

25C45611E4E7EADBAFC5418A494017A4B3A70D68D82507C999C3B2298F52D51D

SSDEEP:

98304:hzujhg8U9O0UUIeVs6kPuQjuwrD9e4oes8SjMoQDhm/GxP8tjn7KSGemd0AY3/DS:hz7NoDF3VjK0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Starts itself from another location

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)

    • Starts application with an unusual extension

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)

  • INFO

    • Checks supported languages

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Reads the computer name

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Reads Environment values

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Process checks whether UAC notifications are on

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Reads CPU info

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Create files in a temporary directory

      • Uninstall iZotope Ozone 7 Advanced.exe (PID: 4004)
      • _uninstall4004 (PID: 4044)

    • Reads the time zone

      • _uninstall4004 (PID: 4044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (39.3)
.exe | Win32 EXE Yoda's Crypter (38.6)
.dll | Win32 Dynamic Link Library (generic) (9.5)
.exe | Win32 Executable (generic) (6.5)
.exe | Generic Win/DOS Executable (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2015:04:10 15:42:38+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Large address aware, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.22
CodeSize: 905216
InitializedDataSize: 77824
UninitializedDataSize: 1994752
EntryPoint: 0x2c4190
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 7.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
ProductName: iZotope Ozone 7
LegalTrademarks: -
FileDescription: -
InternalName: -
CompanyName: iZotope, Inc.
FileVersion: 1.0.0.0
LegalCopyright: Copyright iZotope, Inc.
OriginalFileName: setup.exe
Comments: -
ProductVersion: 7
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start uninstall izotope ozone 7 advanced.exe _uninstall4004 uninstall izotope ozone 7 advanced.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4004"C:\Users\admin\AppData\Local\Temp\Uninstall iZotope Ozone 7 Advanced.exe" C:\Users\admin\AppData\Local\Temp\Uninstall iZotope Ozone 7 Advanced.exe
explorer.exe
User:
admin
Company:
iZotope, Inc.
Integrity Level:
HIGH
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\uninstall izotope ozone 7 advanced.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
4044C:\Users\admin\AppData\Local\Temp\_uninstall\_uninstall4004C:\Users\admin\AppData\Local\Temp\_uninstall\_uninstall4004
Uninstall iZotope Ozone 7 Advanced.exe
User:
admin
Company:
iZotope, Inc.
Integrity Level:
HIGH
Exit code:
1
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_uninstall\_uninstall4004
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
4060"C:\Users\admin\AppData\Local\Temp\Uninstall iZotope Ozone 7 Advanced.exe" C:\Users\admin\AppData\Local\Temp\Uninstall iZotope Ozone 7 Advanced.exeexplorer.exe
User:
admin
Company:
iZotope, Inc.
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\uninstall izotope ozone 7 advanced.exe
c:\windows\system32\ntdll.dll
Total events
407
Read events
403
Write events
2
Delete events
2

Modification events

(PID) Process:(4004) Uninstall iZotope Ozone 7 Advanced.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:writeName:BitRock
Value:
1
(PID) Process:(4004) Uninstall iZotope Ozone 7 Advanced.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:delete valueName:BitRock
Value:
1
(PID) Process:(4044) _uninstall4004Key:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:writeName:BitRock
Value:
1
(PID) Process:(4044) _uninstall4004Key:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
Operation:delete valueName:BitRock
Value:
1
Executable files
18
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\BR2313.tmpexecutable
MD5:D31FA7D86A093997DA6252A984B7B6BD
SHA256:32D6CBFB9433BEDFA29CC46A0B7D2AB0FB6D084E8F2E9A8C55295065BBAD5128
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\BR24CD.tmpexecutable
MD5:C04970B55BCF614F24CA75B1DE641AE2
SHA256:5DDEE4AAB3CF33E505F52199D64809125B26DE04FB9970CA589CD8619C859D80
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dllexecutable
MD5:A210F1AC135E5331C314CE5F394FB5A5
SHA256:65B32EA2982078FB9A18E88FEEC238CB76ED2AE6C2BB4DDB0F6A9C4F57B1D62B
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\BR2420.tmpexecutable
MD5:027491B39A7B16B116E780F55ABC288E
SHA256:EEF69D005BF1C0B715C8D6205400D4755C261DD38DDFBBFE918E6EE91F21F1F0
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\BR23A1.tmpexecutable
MD5:08AD4CD2A940379F1DCDBDB9884A1375
SHA256:78827E2B1EF0AAD4F8B1B42D0964064819AA22BFCD537EBAACB30D817EDC06D8
4044_uninstall4004C:\Users\admin\AppData\Local\Temp\BR298C.tmpexecutable
MD5:D31FA7D86A093997DA6252A984B7B6BD
SHA256:32D6CBFB9433BEDFA29CC46A0B7D2AB0FB6D084E8F2E9A8C55295065BBAD5128
4004Uninstall iZotope Ozone 7 Advanced.exeC:\Users\admin\AppData\Local\Temp\BR240F.tmpexecutable
MD5:4FF365A985DB06A0D705D2149CAFBE69
SHA256:C26277333C29E32837338613BD1B42E722601471FD703DCD30160CF89DAC9DA3
4044_uninstall4004C:\Users\admin\AppData\Local\Temp\BR309A.tmpexecutable
MD5:145D5C49FE34A44662BEAFFE641D58C7
SHA256:59182F092B59A3005ADA6B2F2855C7E860E53E8ADF6E41CD8CD515578AE7815A
4044_uninstall4004C:\Users\admin\AppData\Local\Temp\BR2AB7.tmpexecutable
MD5:027491B39A7B16B116E780F55ABC288E
SHA256:EEF69D005BF1C0B715C8D6205400D4755C261DD38DDFBBFE918E6EE91F21F1F0
4044_uninstall4004C:\Users\admin\AppData\Local\Temp\BR3089.tmpexecutable
MD5:124E89D0FCC409EDE3595A253B788708
SHA256:27EA1B57A3024AEC4A03188E80FDB2AA301FA5179C19BE9C8B0DFC2AAC73A114
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Uninstall iZotope Ozone 7 Advanced.exe