| File name: | freemp3cutterjoiner.exe |
| Full analysis: | https://app.any.run/tasks/edd2c8c5-d000-4279-a5b3-b469cf69f486 |
| Verdict: | Malicious activity |
| Analysis date: | June 05, 2024, 13:00:22 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 2493C61D83133FC7E610AFDB8582FFE1 |
| SHA1: | 61B4E440481E7F16E68C95C204A8AE085371A1D2 |
| SHA256: | 406FE211DD9A94CC2F48623B69DCE2D4ABABA64420E135015A1EAB9899D1C698 |
| SSDEEP: | 98304:yBSVIGNLyENf7xbuxh9Lew2wsQIdtxcfbkgHSLHnat/tMSSZcAfhbwOre2r/aT6l:vIBUPZNWYZ9KQzEePVQ8V |
MALICIOUS
Drops the executable file immediately after the start
- freemp3cutterjoiner.exe (PID: 3984)
- freemp3cutterjoiner.exe (PID: 864)
- freemp3cutterjoiner.tmp (PID: 1116)
SUSPICIOUS
Executable content was dropped or overwritten
- freemp3cutterjoiner.exe (PID: 3984)
- freemp3cutterjoiner.exe (PID: 864)
- freemp3cutterjoiner.tmp (PID: 1116)
Process drops legitimate windows executable
- freemp3cutterjoiner.tmp (PID: 1116)
Reads the Windows owner or organization settings
- freemp3cutterjoiner.tmp (PID: 1116)
Likely accesses (executes) a file from the Public directory
- vlc.exe (PID: 1592)
Reads the Internet Settings
- Free MP3 Cutter Joiner.exe (PID: 328)
INFO
Checks supported languages
- freemp3cutterjoiner.exe (PID: 3984)
- freemp3cutterjoiner.tmp (PID: 4000)
- freemp3cutterjoiner.exe (PID: 864)
- freemp3cutterjoiner.tmp (PID: 1116)
- Free MP3 Cutter Joiner.exe (PID: 328)
- vlc.exe (PID: 1592)
- wmpnscfg.exe (PID: 2904)
Create files in a temporary directory
- freemp3cutterjoiner.exe (PID: 3984)
- freemp3cutterjoiner.exe (PID: 864)
- freemp3cutterjoiner.tmp (PID: 1116)
Reads the computer name
- freemp3cutterjoiner.tmp (PID: 4000)
- freemp3cutterjoiner.tmp (PID: 1116)
- wmpnscfg.exe (PID: 2904)
- vlc.exe (PID: 1592)
- Free MP3 Cutter Joiner.exe (PID: 328)
Creates files in the program directory
- freemp3cutterjoiner.tmp (PID: 1116)
Creates a software uninstall entry
- freemp3cutterjoiner.tmp (PID: 1116)
Reads the machine GUID from the registry
- Free MP3 Cutter Joiner.exe (PID: 328)
Manual execution by a user
- vlc.exe (PID: 1592)
- wmpnscfg.exe (PID: 2904)
Application launched itself
- msedge.exe (PID: 676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Inno Setup installer (56) |
|---|---|---|
| .exe | | | Win32 EXE PECompact compressed (generic) (21.2) |
| .exe | | | Win32 Executable Delphi generic (7.2) |
| .scr | | | Windows screen saver (6.6) |
| .dll | | | Win32 Dynamic Link Library (generic) (3.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 1992:06:19 22:22:17+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 40448 |
| InitializedDataSize: | 25600 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xa5f8 |
| OSVersion: | 1 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 0.0.0.0 |
| ProductVersionNumber: | 0.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Neutral |
| CharacterSet: | Unicode |
| Comments: | This installation was built with Inno Setup. |
| CompanyName: | DVDVideoMedia, Inc. |
| FileDescription: | Free MP3 Cutter Joiner Setup |
| FileVersion: | |
| LegalCopyright: | |
| ProductName: | Free MP3 Cutter Joiner |
| ProductVersion: | 2024.1 |
Total processes
54
Monitored processes
15
Malicious processes
4
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 328 | "C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\Free MP3 Cutter Joiner.exe" | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\Free MP3 Cutter Joiner.exe | — | freemp3cutterjoiner.tmp | |||||||||||
User: admin Company: DVDVideoMedia Integrity Level: MEDIUM Description: Free MP3 Cutter Joiner Modules
| |||||||||||||||
| 676 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dvdvideomedia.com/how-to-cut-mp3.html | C:\Program Files\Microsoft\Edge\Application\msedge.exe | Free MP3 Cutter Joiner.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 864 | "C:\Users\admin\AppData\Local\Temp\freemp3cutterjoiner.exe" /SPAWNWND=$20134 /NOTIFYWND=$20138 | C:\Users\admin\AppData\Local\Temp\freemp3cutterjoiner.exe | freemp3cutterjoiner.tmp | ||||||||||||
User: admin Company: DVDVideoMedia, Inc. Integrity Level: HIGH Description: Free MP3 Cutter Joiner Setup Exit code: 0 Version: Modules
| |||||||||||||||
| 1116 | "C:\Users\admin\AppData\Local\Temp\is-2D069.tmp\freemp3cutterjoiner.tmp" /SL5="$30130,6515283,67072,C:\Users\admin\AppData\Local\Temp\freemp3cutterjoiner.exe" /SPAWNWND=$20134 /NOTIFYWND=$20138 | C:\Users\admin\AppData\Local\Temp\is-2D069.tmp\freemp3cutterjoiner.tmp | freemp3cutterjoiner.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 Modules
| |||||||||||||||
| 1592 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Music\Sample Music\Kalimba.mp3" | C:\Program Files\VideoLAN\VLC\vlc.exe | explorer.exe | ||||||||||||
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 3.0.11 Modules
| |||||||||||||||
| 2392 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1632 --field-trial-handle=1316,i,18244063600628155548,6072873244616307576,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2420 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1316,i,18244063600628155548,6072873244616307576,131072 /prefetch:2 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2436 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1384 --field-trial-handle=1316,i,18244063600628155548,6072873244616307576,131072 /prefetch:3 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2540 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1316,i,18244063600628155548,6072873244616307576,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 2612 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6b85f598,0x6b85f5a8,0x6b85f5b4 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
18 190
Read events
17 980
Write events
194
Delete events
16
Modification events
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Owner |
Value: 5C040000A6DCD85948B7DA01 | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | SessionHash |
Value: 52CF29E28C4B7530CDDF7EEAB1D079DD61BB51325D2D92C2BC4B6AAB3D7C62E4 | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Sequence |
Value: 1 | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | RegFiles0000 |
Value: C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\Free MP3 Cutter Joiner.exe | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | RegFilesHash |
Value: AFE4CEBB22AA1A86B03DBBF298C014B471D5E51B1336F500238E65FF9B1F97A7 | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF1EF91C-E56B-4CEF-BF3F-3D8EBCFD6B63}}_is1 |
| Operation: | write | Name: | Inno Setup: Setup Version |
Value: 5.5.5 (a) | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF1EF91C-E56B-4CEF-BF3F-3D8EBCFD6B63}}_is1 |
| Operation: | write | Name: | Inno Setup: App Path |
Value: C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF1EF91C-E56B-4CEF-BF3F-3D8EBCFD6B63}}_is1 |
| Operation: | write | Name: | InstallLocation |
Value: C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\ | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF1EF91C-E56B-4CEF-BF3F-3D8EBCFD6B63}}_is1 |
| Operation: | write | Name: | Inno Setup: Icon Group |
Value: DVDVideoMedia | |||
| (PID) Process: | (1116) freemp3cutterjoiner.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF1EF91C-E56B-4CEF-BF3F-3D8EBCFD6B63}}_is1 |
| Operation: | write | Name: | Inno Setup: User |
Value: admin | |||
Executable files
36
Suspicious files
38
Text files
68
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3984 | freemp3cutterjoiner.exe | C:\Users\admin\AppData\Local\Temp\is-BS5GD.tmp\freemp3cutterjoiner.tmp | executable | |
MD5:2E1FFB11D2AEEC7824B6C7BF26B9F617 | SHA256:A537303DB5670662B2DCB5809C3C73FAB1ADF144775DAE793E040BAE664207C0 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Users\admin\AppData\Local\Temp\is-V1ODF.tmp\_isetup\_shfoldr.dll | executable | |
MD5:92DC6EF532FBB4A5C3201469A5B5EB63 | SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\Free MP3 Cutter Joiner.exe | executable | |
MD5:C2B10791AB97ABEBF27C9AE15F591F9E | SHA256:300189C7A994EA320ECBC3A81E4FB3097F30F86C616A2A2F9458CBF97E0F4F90 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\is-PMMML.tmp | executable | |
MD5:C2B10791AB97ABEBF27C9AE15F591F9E | SHA256:300189C7A994EA320ECBC3A81E4FB3097F30F86C616A2A2F9458CBF97E0F4F90 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\avcodec-58.dll | executable | |
MD5:90593C11E9997DD4224CF278D5D66323 | SHA256:82AA37DDE211EE28B366603CC9C74F0584ED46D57DF7C06447060BFCFF886A07 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\is-4EBM9.tmp | executable | |
MD5:1A62E8F1AC0472EB4B8D769490A0C831 | SHA256:83E3C3A148FA700F6359B58BD32FDD455DBFCC521F154B59F2812871278B9A36 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\unins000.exe | executable | |
MD5:1A62E8F1AC0472EB4B8D769490A0C831 | SHA256:83E3C3A148FA700F6359B58BD32FDD455DBFCC521F154B59F2812871278B9A36 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\is-ABATP.tmp | executable | |
MD5:90593C11E9997DD4224CF278D5D66323 | SHA256:82AA37DDE211EE28B366603CC9C74F0584ED46D57DF7C06447060BFCFF886A07 | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\is-JM9RJ.tmp | executable | |
MD5:608FC55E2116CDCB88C3CF98B206017A | SHA256:B39CF5A71B85B2CD233093EF7D55B39DB025DA78E080B38C070ACCF1436A2B4F | |||
| 1116 | freemp3cutterjoiner.tmp | C:\Program Files\DVDVideoMedia\Free MP3 Cutter Joiner\is-F4DU7.tmp | executable | |
MD5:B7DF9B43BF812DDAF60C99732C1AB273 | SHA256:74024FE9B8A1E4F8B9B7561B336B2916A20784699CDEEF2948074F0E820C9BDE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
10
DNS requests
8
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 224.0.0.252:5355 | — | — | — | unknown |
2436 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
676 | msedge.exe | 239.255.255.250:1900 | — | — | — | unknown |
2436 | msedge.exe | 107.180.115.103:443 | www.dvdvideomedia.com | AS-26496-GO-DADDY-COM-LLC | US | unknown |
2436 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.dvdvideomedia.com |
| unknown |
config.edge.skype.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
Threats
Process | Message |
|---|---|
vlc.exe | main libvlc debug: searching plug-in modules
|
vlc.exe | main libvlc debug: revision 3.0.11-0-gdc0c5ced72
|
vlc.exe | main libvlc debug: using multimedia timers as clock source
|
vlc.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
vlc.exe | main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
vlc.exe | main libvlc debug: VLC media player - 3.0.11 Vetinari
|
vlc.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
|
vlc.exe | main libvlc debug: Copyright © 1996-2020 the VideoLAN team
|
vlc.exe | main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
vlc.exe | main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
|