File name:

Studio One Keygen.exe

Full analysis: https://app.any.run/tasks/7e64bfcd-8de2-45e5-bdfa-493c3b17ab12
Verdict: Malicious activity
Analysis date: August 22, 2024, 14:22:27
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
floxif
upx
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

BC7213F96938380D02A2EC21C0248EF9

SHA1:

2EB0899B53A01C28F3F4060E16A82678F61BBD55

SHA256:

886718069C299DA8FDFB5C3A87D1E1D72B53E9189DF5246A41B73631470B57FF

SSDEEP:

98304:OJ8D8UfPALFBaewkmMwKHcnwvaB0Of0nzZfF83HnOt3ziKlDErB3uymoXxPUVRdK:Ovz2R

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • FLOXIF has been detected (SURICATA)

      • Studio One Keygen.exe (PID: 7044)

    • Connects to the CnC server

      • Studio One Keygen.exe (PID: 7044)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Studio One Keygen.exe (PID: 7044)

    • Drops the executable file immediately after the start

      • Studio One Keygen.exe (PID: 7044)

    • Executable content was dropped or overwritten

      • Studio One Keygen.exe (PID: 7044)

    • Reads security settings of Internet Explorer

      • Studio One Keygen.exe (PID: 7044)

    • Contacting a server suspected of hosting an CnC

      • Studio One Keygen.exe (PID: 7044)

  • INFO

    • Creates files in the program directory

      • Studio One Keygen.exe (PID: 7044)

    • Reads the computer name

      • Studio One Keygen.exe (PID: 7044)
      • keygen.exe (PID: 7084)

    • Checks supported languages

      • keygen.exe (PID: 7084)
      • Studio One Keygen.exe (PID: 7044)

    • Create files in a temporary directory

      • keygen.exe (PID: 7084)
      • Studio One Keygen.exe (PID: 7044)

    • Checks proxy server information

      • Studio One Keygen.exe (PID: 7044)

    • UPX packer has been detected

      • Studio One Keygen.exe (PID: 7044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #FLOXIF studio one keygen.exe keygen.exe no specs studio one keygen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6996"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe" C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7044"C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe" C:\Users\admin\AppData\Local\Temp\Studio One Keygen.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\studio one keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7084C:\Users\admin\AppData\Local\Temp\keygen.exeC:\Users\admin\AppData\Local\Temp\keygen.exeStudio One Keygen.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
3 958
Read events
3 945
Write events
13
Delete events
0

Modification events

(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Operation:writeName:PendingFileRenameOperations
Value:
\??\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.dat
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(7044) Studio One Keygen.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
11
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7044Studio One Keygen.exeC:\Program Files\Common Files\System\symsrv.dll.000text
MD5:1130C911BF5DB4B8F7CF9B6F4B457623
SHA256:EBA08CC8182F379392A97F542B350EA0DBBE5E4009472F35AF20E3D857EAFDF1
7084keygen.exeC:\Users\admin\AppData\Local\Temp\~DFF7794C67CAB21E94.TMPbinary
MD5:A4EC1D4226E08D8DCEE784AE6DBDD954
SHA256:7A84F51A8055F1B1966D8507154793ED5344923DA51A9702740AACB6F8CB5FB7
7044Studio One Keygen.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeexecutable
MD5:293AD77CAF3160191ED816782C803DB8
SHA256:ED51C043C0032400FC665E4B650C7EDAF9AE9C656CBD28C402047FFF336186B7
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RS1KG2.dllexecutable
MD5:90F4D27517ACC223D1698E6D189861E9
SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7044Studio One Keygen.exeC:\Program Files\Common Files\System\symsrv.dllexecutable
MD5:7574CF2C64F35161AB1292E2F532AABF
SHA256:DE055A89DE246E629A8694BDE18AF2B1605E4B9B493C7E4AEF669DD67ACF5085
7044Studio One Keygen.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.datexecutable
MD5:620D6B3B34AFCC1B627FC915347DE458
SHA256:03B55D4676586ABDE797586913086BE07D4F93BB4644D6195CEFB213C687E1C6
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\A1D26E2\DC531B9C1B84.tmpexecutable
MD5:1D98A9A9A062AE63E9F88391CAA38319
SHA256:83AC3AA3DDB2B4E61E491FD285964333D0AFF50A48CC2D19648F4B29F2166CF8
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\R2RS1KG2.dll.datexecutable
MD5:90F4D27517ACC223D1698E6D189861E9
SHA256:D53DB9201A4A0BA627F107739398BE8B16E8618D06FA88EED476026A43A4CC6E
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\BASSMOD.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
7044Studio One Keygen.exeC:\Users\admin\AppData\Local\Temp\bgm.xmxm
MD5:6D0A27BFAA520C9CBE3807FAB1F7DCE4
SHA256:44B9FE8532CA48D6E6087BE588EC3CD8CEA15FC93B08192C7FB8D151740326A1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
31
DNS requests
18
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
6952
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
2228
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
7044
Studio One Keygen.exe
GET
403
45.33.23.183:80
http://www.aieov.com/logo.gif
unknown
malicious
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3412
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2580
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
7044
Studio One Keygen.exe
45.33.23.183:80
www.aieov.com
Linode, LLC
US
unknown
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2228
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2228
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2580
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
5isohu.com
whitelisted
www.aieov.com
  • 45.33.23.183
  • 45.33.20.235
  • 45.56.79.23
  • 72.14.185.43
  • 45.33.18.44
  • 45.79.19.196
  • 198.58.118.167
  • 173.255.194.134
  • 72.14.178.174
  • 45.33.2.79
  • 45.33.30.197
  • 96.126.123.244
unknown
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.68
  • 20.190.159.75
  • 20.190.159.0
  • 20.190.159.2
  • 40.126.31.69
  • 20.190.159.23
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
slscr.update.microsoft.com
  • 52.165.165.26
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

Found threats are available for the paid subscriptions
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Studio One Keygen.exe