File name:

Studio One Keygen.exe

Full analysis: https://app.any.run/tasks/7e64bfcd-8de2-45e5-bdfa-493c3b17ab12
Verdict: Malicious activity
Analysis date: August 22, 2024, 14:22:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
floxif
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

BC7213F96938380D02A2EC21C0248EF9

SHA1:

2EB0899B53A01C28F3F4060E16A82678F61BBD55

SHA256:

886718069C299DA8FDFB5C3A87D1E1D72B53E9189DF5246A41B73631470B57FF

SSDEEP:

98304:OJ8D8UfPALFBaewkmMwKHcnwvaB0Of0nzZfF83HnOt3ziKlDErB3uymoXxPUVRdK:Ovz2R

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • FLOXIF has been detected (SURICATA)

      • Studio One Keygen.exe (PID: 7044)

    • Connects to the CnC server

      • Studio One Keygen.exe (PID: 7044)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • Studio One Keygen.exe (PID: 7044)

    • Process drops legitimate windows executable

      • Studio One Keygen.exe (PID: 7044)

    • Executable content was dropped or overwritten

      • Studio One Keygen.exe (PID: 7044)

    • Reads security settings of Internet Explorer

      • Studio One Keygen.exe (PID: 7044)

    • Contacting a server suspected of hosting an CnC

      • Studio One Keygen.exe (PID: 7044)

  • INFO

    • Checks supported languages

      • Studio One Keygen.exe (PID: 7044)
      • keygen.exe (PID: 7084)

    • Reads the computer name

      • Studio One Keygen.exe (PID: 7044)
      • keygen.exe (PID: 7084)

    • Create files in a temporary directory

      • Studio One Keygen.exe (PID: 7044)
      • keygen.exe (PID: 7084)

    • Checks proxy server information

      • Studio One Keygen.exe (PID: 7044)

    • UPX packer has been detected

      • Studio One Keygen.exe (PID: 7044)

    • Creates files in the program directory

      • Studio One Keygen.exe (PID: 7044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #FLOXIF studio one keygen.exe keygen.exe no specs studio one keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6996"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe" C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7044"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe" C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7084C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeStudio One Keygen.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
3 958
Read events
3 945
Write events
13
Delete events
0

Modification events

(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.dat
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
11
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7044Studio One Keygen.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeexecutable
MD5:293AD77CAF3160191ED816782C803DB8
SHA256:ED51C043C0032400FC665E4B650C7EDAF9AE9C656CBD28C402047FFF336186B7
7084keygen.exeC:\Users\admin\AppData\Local\Temp\~DFF7794C67CAB21E94.TMPbinary
MD5:A4EC1D4226E08D8DCEE784AE6DBDD954
SHA256:7A84F51A8055F1B1966D8507154793ED5344923DA51A9702740AACB6F8CB5FB7
7044Studio One Keygen.exeC:\Program Files\Common Files\System\symsrv.dllexecutable
MD5:7574CF2C64F35161AB1292E2F532AABF
SHA256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085
7044Studio One Keygen.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.tmpexecutable
MD5:293AD77CAF3160191ED816782C803DB8
SHA256:ED51C043C0032400FC665E4B650C7EDAF9AE9C656CBD28C402047FFF336186B7
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeexecutable
MD5:1B9A74D3CC46F9EE0D453CAFC565EE56
SHA256:495A29F5092924FCB86FD47F2ECE35FAB64F3F9CA20FB12B42B33946C2A053E1
7044Studio One Keygen.exeC:\Program Files\Common Files\System\symsrv.dll.000text
MD5:1130C911BF5DB4B8F7CF9B6F4B457623
SHA256:EBA08CC8182F379392A97F542B350EA0DBBE5E4009472F35AF20E3D857EAFDF1
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RS1KG2.dll.datexecutable
MD5:90F4D27517ACC223D1698E6D189861E9
SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RS1KG2.dllexecutable
MD5:90F4D27517ACC223D1698E6D189861E9
SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RS1KG2.dll.tmpexecutable
MD5:7D4C39C01F9CAF9264566E5A58233A0A
SHA256:E4A141ACAA628252C81898826FD96741052E4780BAF6EAE0F90D14A58A4D0BA7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
31
DNS requests
18
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
6952
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2228
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3412
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2580
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
7044
Studio One Keygen.exe
45.33.23.183:80
www.aieov.com
Linode, LLC
US
unknown
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2228
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2228
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2580
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
5isohu.com
whitelisted
www.aieov.com
  • 45.33.23.183
  • 45.33.20.235
  • 45.56.79.23
  • 72.14.185.43
  • 45.33.18.44
  • 45.79.19.196
  • 198.58.118.167
  • 173.255.194.134
  • 72.14.178.174
  • 45.33.2.79
  • 45.33.30.197
  • 96.126.123.244
unknown
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.68
  • 20.190.159.75
  • 20.190.159.0
  • 20.190.159.2
  • 40.126.31.69
  • 20.190.159.23
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

Found threats are available for the paid subscriptions
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Studio One Keygen.exe