File name:

setup-project64-3-0-1-5664-2df3434

Full analysis: https://app.any.run/tasks/9cbab082-8db3-4734-8429-88b61f8e60f6
Verdict: Malicious activity
Analysis date: April 27, 2024, 22:54:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

ED8B0658E1F895404B15C7270071A029

SHA1:

617914D7812B869125FD83BF6E4D0A52CD9B9D24

SHA256:

30BA4527A14415F78CF986181F0F2A61535A635561C850FF63F2AC5C3682CDE3

SSDEEP:

98304:ne71NhMU8p5HKMliAJJUQnHbHQz8KYRtNH/VE61dyACT1Njd5QyLkIG0y2KFQvyL:1SoD/6J4Vbn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • setup-project64-3-0-1-5664-2df3434.exe (PID: 3976)
      • setup-project64-3-0-1-5664-2df3434.exe (PID: 928)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup-project64-3-0-1-5664-2df3434.exe (PID: 3976)
      • setup-project64-3-0-1-5664-2df3434.exe (PID: 928)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

    • Process drops legitimate windows executable

      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

    • Reads the Windows owner or organization settings

      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

  • INFO

    • Checks supported languages

      • setup-project64-3-0-1-5664-2df3434.exe (PID: 3976)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 3992)
      • setup-project64-3-0-1-5664-2df3434.exe (PID: 928)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)
      • Project64.exe (PID: 1652)

    • Reads the computer name

      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 3992)
      • Project64.exe (PID: 1652)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

    • Create files in a temporary directory

      • setup-project64-3-0-1-5664-2df3434.exe (PID: 928)
      • setup-project64-3-0-1-5664-2df3434.exe (PID: 3976)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

    • Reads the machine GUID from the registry

      • Project64.exe (PID: 1652)

    • Creates files in the program directory

      • Project64.exe (PID: 1652)
      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)

    • Creates a software uninstall entry

      • setup-project64-3-0-1-5664-2df3434.tmp (PID: 1120)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (81.5)
.exe | Win32 Executable Delphi generic (10.5)
.exe | Win32 Executable (generic) (3.3)
.exe | Win16/32 Executable Delphi generic (1.5)
.exe | Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:12:20 14:16:50+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 86016
InitializedDataSize: 140800
UninitializedDataSize: -
EntryPoint: 0x16478
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.0.1.5664
ProductVersionNumber: 3.0.1.5664
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: Installation Setup of Project64 3.0
FileVersion: 3.0.1.5664
LegalCopyright:
ProductName: Project64
ProductVersion: 3.0.1.5664
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start setup-project64-3-0-1-5664-2df3434.exe setup-project64-3-0-1-5664-2df3434.tmp no specs setup-project64-3-0-1-5664-2df3434.exe setup-project64-3-0-1-5664-2df3434.tmp project64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
928"C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe
setup-project64-3-0-1-5664-2df3434.tmp
User:
admin
Company:
Integrity Level:
HIGH
Description:
Installation Setup of Project64 3.0
Exit code:
0
Version:
3.0.1.5664
Modules
Images
c:\users\admin\appdata\local\temp\setup-project64-3-0-1-5664-2df3434.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1120"C:\Users\admin\AppData\Local\Temp\is-49811.tmp\setup-project64-3-0-1-5664-2df3434.tmp" /SL5="$2013E,3838391,227840,C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-49811.tmp\setup-project64-3-0-1-5664-2df3434.tmp
setup-project64-3-0-1-5664-2df3434.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-49811.tmp\setup-project64-3-0-1-5664-2df3434.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1652"C:\Program Files\Project64 3.0\Project64.exe"C:\Program Files\Project64 3.0\Project64.exesetup-project64-3-0-1-5664-2df3434.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
Project64
Version:
.0.1.5664-2df3434
Modules
Images
c:\program files\project64 3.0\project64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3976"C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe" C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe
explorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Installation Setup of Project64 3.0
Exit code:
0
Version:
3.0.1.5664
Modules
Images
c:\users\admin\appdata\local\temp\setup-project64-3-0-1-5664-2df3434.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3992"C:\Users\admin\AppData\Local\Temp\is-8A97D.tmp\setup-project64-3-0-1-5664-2df3434.tmp" /SL5="$20138,3838391,227840,C:\Users\admin\AppData\Local\Temp\setup-project64-3-0-1-5664-2df3434.exe" C:\Users\admin\AppData\Local\Temp\is-8A97D.tmp\setup-project64-3-0-1-5664-2df3434.tmpsetup-project64-3-0-1-5664-2df3434.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-8a97d.tmp\setup-project64-3-0-1-5664-2df3434.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
4 356
Read events
4 335
Write events
21
Delete events
0

Modification events

(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.4.3 (u)
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Project64 3.0
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\Project64 3.0\
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
portablemode
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:DisplayName
Value:
Project64 version 3.0.1.5664
(PID) Process:(1120) setup-project64-3-0-1-5664-2df3434.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Project64 3.0\unins000.exe
Executable files
52
Suspicious files
4
Text files
1 616
Unknown types
3

Dropped files

PID
Process
Filename
Type
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Users\admin\AppData\Local\Temp\is-4F28M.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Video.rdbtext
MD5:1F960B4C8496629941C6483EB9D514B1
SHA256:66B88E63215E3BBE303E40A0934A0D57839DDB81DCF163931C924C8D7E6EF453
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\unins000.exeexecutable
MD5:642ED22EFEFE32872CCC496E445C56B3
SHA256:3C2751060DD103A71CD77715894BB7666BD63BAAFA99CF4D3BBDF6D607171872
928setup-project64-3-0-1-5664-2df3434.exeC:\Users\admin\AppData\Local\Temp\is-49811.tmp\setup-project64-3-0-1-5664-2df3434.tmpexecutable
MD5:1260D8315AA453164CD5325D9D83ACC1
SHA256:65F9BF91580AE4327B0101DEE18E5FBB86B1C6BB0C76010BC9FF858774D32551
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\007 - The World Is Not Enough (E) (M3).chttext
MD5:B77CF602F050AD1847B364F28689D668
SHA256:DE9CD297E9909E5FDA0947A3E9889ADDA02E5C225DAACA4D9FEC1B08A3EA40C7
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\is-5SV5B.tmptext
MD5:A3F4E79E2DB2420A19A86188CEAEF6FE
SHA256:AFFE9D2DA8BEF506B1A2657FAC938A40E47D0702DBFB73DF4DDFEB612761B5AD
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\is-7J4U4.tmptext
MD5:5C82522BC53A87D0C4732D6287D8DA9E
SHA256:CE809CA27931E7827C96E26C017BB111BF26087943DA9D096D43BE74F166CDFE
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\is-ERBOJ.tmpexecutable
MD5:E62BFE5889FB6DF39155256461F9E759
SHA256:C257C662D4E0B2CE1732B7F4A7D5DD4682F604CB082BBDBFCE5181470D6DBFB8
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\Cheats\is-C08GB.tmptext
MD5:B77CF602F050AD1847B364F28689D668
SHA256:DE9CD297E9909E5FDA0947A3E9889ADDA02E5C225DAACA4D9FEC1B08A3EA40C7
1120setup-project64-3-0-1-5664-2df3434.tmpC:\Program Files\Project64 3.0\Config\is-F0Q8U.tmptext
MD5:D88851D12847B1F0194AA056363485E9
SHA256:A704762F8513F74884D4886369C1044D146C4ADBCB4A5C098891A059316FD435
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
setup-project64-3-0-1-5664-2df3434