File name:

Setup Project64 3.0.1-5664-2df3434.exe

Full analysis: https://app.any.run/tasks/6787e811-f31a-4e78-a106-481199d862f0
Verdict: Malicious activity
Analysis date: June 17, 2024, 04:34:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

ED8B0658E1F895404B15C7270071A029

SHA1:

617914D7812B869125FD83BF6E4D0A52CD9B9D24

SHA256:

30BA4527A14415F78CF986181F0F2A61535A635561C850FF63F2AC5C3682CDE3

SSDEEP:

98304:ne71NhMU8p5HKMliAJJUQnHbHQz8KYRtNH/VE61dyACT1Njd5QyLkIG0y2KFQvyL:1SoD/6J4Vbn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 1120)
      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 3988)
      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 3988)
      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 1120)
      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

    • Process drops legitimate windows executable

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

    • Reads the Windows owner or organization settings

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

  • INFO

    • Checks supported languages

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 4004)
      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 3988)
      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 1120)
      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)
      • Project64.exe (PID: 1056)

    • Reads the computer name

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 4004)
      • Project64.exe (PID: 1056)
      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

    • Create files in a temporary directory

      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 3988)
      • Setup Project64 3.0.1-5664-2df3434.exe (PID: 1120)
      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

    • Creates files in the program directory

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)
      • Project64.exe (PID: 1056)

    • Creates a software uninstall entry

      • Setup Project64 3.0.1-5664-2df3434.tmp (PID: 820)

    • Reads the machine GUID from the registry

      • Project64.exe (PID: 1056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:12:20 14:16:50+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 140800
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.0.1.5664
ProductVersionNumber: 3.0.1.5664
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Installation Setup of Project64 3.0
FileVersion: 3.0.1.5664
LegalCopyright:
ProductName: Project64
ProductVersion: 3.0.1.5664
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup project64 3.0.1-5664-2df3434.exe setup project64 3.0.1-5664-2df3434.tmp no specs setup project64 3.0.1-5664-2df3434.exe setup project64 3.0.1-5664-2df3434.tmp project64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
820"C:\Users\admin\AppData\Local\Temp\is-0LJH3.tmp\Setup Project64 3.0.1-5664-2df3434.tmp" /SL5="$3013A,3838391,227840,C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-0LJH3.tmp\Setup Project64 3.0.1-5664-2df3434.tmp
Setup Project64 3.0.1-5664-2df3434.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-0ljh3.tmp\setup project64 3.0.1-5664-2df3434.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1056"C:\Program Files\Project64 3.0\Project64.exe"C:\Program Files\Project64 3.0\Project64.exeSetup Project64 3.0.1-5664-2df3434.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
Project64
Exit code:
1
Version:
.0.1.5664-2df3434
Modules
Images
c:\program files\project64 3.0\project64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1120"C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe
Setup Project64 3.0.1-5664-2df3434.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Installation Setup of Project64 3.0
Exit code:
0
Version:
3.0.1.5664
Modules
Images
c:\users\admin\appdata\local\temp\setup project64 3.0.1-5664-2df3434.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3988"C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe" C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Installation Setup of Project64 3.0
Exit code:
0
Version:
3.0.1.5664
Modules
Images
c:\users\admin\appdata\local\temp\setup project64 3.0.1-5664-2df3434.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
4004"C:\Users\admin\AppData\Local\Temp\is-D9BMF.tmp\Setup Project64 3.0.1-5664-2df3434.tmp" /SL5="$20138,3838391,227840,C:\Users\admin\AppData\Local\Temp\Setup Project64 3.0.1-5664-2df3434.exe" C:\Users\admin\AppData\Local\Temp\is-D9BMF.tmp\Setup Project64 3.0.1-5664-2df3434.tmpSetup Project64 3.0.1-5664-2df3434.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-d9bmf.tmp\setup project64 3.0.1-5664-2df3434.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
4 361
Read events
4 340
Write events
21
Delete events
0

Modification events

(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.4.3 (u)
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Project64 3.0
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Project64 3.0\
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
portablemode
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:DisplayName
Value:
Project64 version 3.0.1.5664
(PID) Process:(820) Setup Project64 3.0.1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Project64 3.0\unins000.exe
Executable files
60
Suspicious files
7
Text files
1 609
Unknown types
0

Dropped files

PID
Process
Filename
Type
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\unins000.exeexecutable
MD5:642ED22EFEFE32872CCC496E445C56B3
SHA256:3C2751060DD103A71CD77715894BB7666BD63BAAFA99CF4D3BBDF6D607171872
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Project64.exeexecutable
MD5:E62BFE5889FB6DF39155256461F9E759
SHA256:C257C662D4E0B2CE1732B7F4A7D5DD4682F604CB082BBDBFCE5181470D6DBFB8
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\is-NR21B.tmptext
MD5:1F960B4C8496629941C6483EB9D514B1
SHA256:66B88E63215E3BBE303E40A0934A0D57839DDB81DCF163931C924C8D7E6EF453
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\007 - The World Is Not Enough (E) (M3).chttext
MD5:B77CF602F050AD1847B364F28689D668
SHA256:DE9CD297E9909E5FDA0947A3E9889ADDA02E5C225DAACA4D9FEC1B08A3EA40C7
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\is-8CHII.tmptext
MD5:FB25707659F594C5B6404C1333ACD202
SHA256:760305239CF32B586D72ACD10CCC8572D3309FBDA9A0E3D13EC6757154AE4B23
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\is-LRU85.tmptext
MD5:D88851D12847B1F0194AA056363485E9
SHA256:A704762F8513F74884D4886369C1044D146C4ADBCB4A5C098891A059316FD435
1120Setup Project64 3.0.1-5664-2df3434.exeC:\Users\admin\AppData\Local\Temp\is-0LJH3.tmp\Setup Project64 3.0.1-5664-2df3434.tmpexecutable
MD5:1260D8315AA453164CD5325D9D83ACC1
SHA256:65F9BF91580AE4327B0101DEE18E5FBB86B1C6BB0C76010BC9FF858774D32551
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\is-FP2L1.tmpexecutable
MD5:E62BFE5889FB6DF39155256461F9E759
SHA256:C257C662D4E0B2CE1732B7F4A7D5DD4682F604CB082BBDBFCE5181470D6DBFB8
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Audio.rdbtext
MD5:D88851D12847B1F0194AA056363485E9
SHA256:A704762F8513F74884D4886369C1044D146C4ADBCB4A5C098891A059316FD435
820Setup Project64 3.0.1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\1080 Snowboarding (E) (M4).chttext
MD5:FB25707659F594C5B6404C1333ACD202
SHA256:760305239CF32B586D72ACD10CCC8572D3309FBDA9A0E3D13EC6757154AE4B23
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup Project64 3.0.1-5664-2df3434.exe