File name:

Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe

Full analysis: https://app.any.run/tasks/c370269e-a937-4e0b-9d41-ba9436bedef5
Verdict: Malicious activity
Analysis date: April 24, 2024, 07:59:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

3E0514BF298C9F5F03BD570799BB5DA7

SHA1:

9B5297AA7CEFD32FCCF0C64292068586CC74C735

SHA256:

A8DBC3AEE62133E5735442327351D27A316F5D4BC529973E0120D2E6A500ABF7

SSDEEP:

24576:/aoiBsU57XWUTGmZLS1/2CNxG/mmMfg78wF4WYVlS1Sp:/aFBsi7XWUTdLS1/2CNxG/mmMfg78wFm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)
      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

  • SUSPICIOUS

    • Blank space has been found in the path

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)

    • Application launched itself

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)

    • Executable content was dropped or overwritten

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)
      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • The process creates files with name similar to system file names

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads the date of Windows installation

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads the Internet Settings

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Checks Windows Trust Settings

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads settings of System Certificates

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Adds/modifies Windows certificates

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads security settings of Internet Explorer

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Creates a software uninstall entry

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

  • INFO

    • Create files in a temporary directory

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)
      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Checks supported languages

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)
      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads the computer name

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)
      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Process checks whether UAC notifications are on

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 3768)

    • Reads the software policy settings

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Creates files or folders in the user directory

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Creates files in the program directory

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)
      • expand.exe (PID: 2156)

    • Checks proxy server information

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)

    • Reads the machine GUID from the registry

      • Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe (PID: 2492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:09:20 09:43:28+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 24064
InitializedDataSize: 464384
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 5.1
ImageVersion: 6
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.20.0.0
ProductVersionNumber: 1.20.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (04B0)
CharacterSet: Unicode
CompanyName: Download Studio Project
FileDescription: DS Setup
FileVersion: 1.20.0.0
LegalCopyright: 2023 (c) Download Studio Project
ProductName: DS Setup
ProductVersion: 1.20.0.0 (rv126)
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start deep glow 1.5.7 for ae   註冊金鑰[op6uoa1gm1].exe deep glow 1.5.7 for ae   註冊金鑰[op6uoa1gm1].exe expand.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2156"C:\Windows\System32\expand.exe" -F:* "C:\Program Files\Download Studio\runtime-qt-5.15.10-wlib3.cab" "C:\Program Files\Download Studio"C:\Windows\System32\expand.exeDeep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
LZ Expansion Utility
Version:
6.1.7601.24535 (win7sp1_ldr_escrow.191105-1059)
Modules
Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cabinet.dll
2492"C:\Users\admin\AppData\Local\Temp\Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe" /UAC:1F0254 /NCRC C:\Users\admin\AppData\Local\Temp\Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
User:
admin
Company:
Download Studio Project
Integrity Level:
HIGH
Description:
DS Setup
Version:
1.20.0.0
Modules
Images
c:\users\admin\appdata\local\temp\deep glow 1.5.7 for ae 註冊金鑰[op6uoa1gm1].exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3768"C:\Users\admin\AppData\Local\Temp\Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe" C:\Users\admin\AppData\Local\Temp\Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
explorer.exe
User:
admin
Company:
Download Studio Project
Integrity Level:
MEDIUM
Description:
DS Setup
Version:
1.20.0.0
Modules
Images
c:\users\admin\appdata\local\temp\deep glow 1.5.7 for ae 註冊金鑰[op6uoa1gm1].exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
11 419
Read events
11 357
Write events
51
Delete events
11

Modification events

(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2492) Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
13
Suspicious files
2
Text files
2
Unknown types
1

Dropped files

PID
Process
Filename
Type
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\runtime-qt-5.15.10-wlib3[1].cab
MD5:
SHA256:
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Program Files\Download Studio\runtime-qt-5.15.10-wlib3.cab
MD5:
SHA256:
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:DAB9D86F4BFF31C5C094F9EA2862878C
SHA256:A16610EA1A3621729F55BAA2CE17E60BFEC8F288A65405002063C74F773DBD4F
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Temp\nsxD85D.tmp\nsJSON.dllexecutable
MD5:F4D89D9A2A3E2F164AEA3E93864905C9
SHA256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:21CE3389CE89BC35E48917B7FD6C29C1
SHA256:EB8E11B6FA07863908D362F613072B1C5CDAEEA0B97A87A870AB2A2A1B47D0CB
3768Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Temp\nswD688.tmp\UAC.dllexecutable
MD5:113C5F02686D865BC9E8332350274FD1
SHA256:0D21041A1B5CD9F9968FC1D457C78A802C9C5A23F375327E833501B65BCD095D
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Temp\nsxD85D.tmp\nsDialogs.dllexecutable
MD5:5BFDC8FB2D2BC96D3C6AD3FA5001FB60
SHA256:56DB8561E64C05A5E1978A4320084B239F8C288183A07F674863F6187AE7FFDB
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Temp\nsxD85D.tmp\INetC.dllexecutable
MD5:3BCB32A09D868557568F3E3F2148D371
SHA256:DAB0CB7767E3B764E1E2A67FD19B57F3C8C79C91F9C0C0B4AF6853E297D41E5E
2492Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exeC:\Users\admin\AppData\Local\Temp\nsxD85D.tmp\modern-header.bmpimage
MD5:333FB48ABFF34FA90B58D069CAF326F0
SHA256:905126B967D3ED24CC54234487F99016167C61A9D66C433ACAE24A2B3880D44F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ee7e3eda5dd7f228
unknown
unknown
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
GET
200
23.37.10.90:80
http://x1.c.lencr.org/
unknown
unknown
1080
svchost.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?663a78a3b1d15987
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
18.198.4.253:443
apis.downloadstud.io
AMAZON-02
DE
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
23.37.10.90:80
x1.c.lencr.org
AKAMAI-AS
PH
unknown
2492
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe
162.55.45.66:443
dl.dstudio.app
Hetzner Online GmbH
DE
unknown
1080
svchost.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
apis.downloadstud.io
  • 18.198.4.253
unknown
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
x1.c.lencr.org
  • 23.37.10.90
whitelisted
dl.dstudio.app
  • 162.55.45.66
  • 49.13.6.9
  • 78.46.163.214
  • 128.140.61.214
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Deep Glow 1.5.7 for AE 註冊金鑰[OP6uoA1gM1].exe