File name:

spdcfg.exe

Full analysis: https://app.any.run/tasks/88b3de31-3a14-4201-abf5-2ffff5706f71
Verdict: Malicious activity
Analysis date: February 05, 2024, 11:19:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A8BB29EDAD96FF3DD023492A569581A8

SHA1:

01E344345AA2B036550F657B5BC4A6D91B3AC831

SHA256:

AF7B8E60B4B54F5F85E6B207AC51926CB076AA4319B8E4C72E59B98C85818CAE

SSDEEP:

98304:C9h0bMA834/tGqFK0eIYPCwXJWxZYb2z/1o6TqN6Vu:C9h0IA834/tGqiIsxwzNo6TqNsu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • spdcfg.exe (PID: 2448)
      • setup.exe (PID: 2628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • spdcfg.exe (PID: 2448)
      • setup.exe (PID: 2628)

    • Reads Microsoft Outlook installation path

      • setup.exe (PID: 2628)

    • Reads the Internet Settings

      • setup.exe (PID: 2628)

    • Reads Internet Explorer settings

      • setup.exe (PID: 2628)

  • INFO

    • Checks proxy server information

      • setup.exe (PID: 2628)

    • Process checks whether UAC notifications are on

      • setup.exe (PID: 2628)

    • Checks supported languages

      • spdcfg.exe (PID: 2448)
      • setup.exe (PID: 2628)

    • Create files in a temporary directory

      • spdcfg.exe (PID: 2448)

    • Reads the computer name

      • setup.exe (PID: 2628)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 2628)

    • Creates files in the program directory

      • setup.exe (PID: 2628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (43.5)
.exe | Win32 Executable (generic) (29.8)
.exe | Generic Win/DOS Executable (13.2)
.exe | DOS Executable Generic (13.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:11:18 19:41:55+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 22016
InitializedDataSize: 33792
UninitializedDataSize: -
EntryPoint: 0x643f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.1.36.2
ProductVersionNumber: 1.1.36.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: AutoHotkey Setup
FileVersion: 1.1.36.02
ProductName: AutoHotkey
ProductVersion: 1.1.36.02
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start spdcfg.exe setup.exe spdcfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Users\admin\AppData\Local\Temp\spdcfg.exe" C:\Users\admin\AppData\Local\Temp\spdcfg.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AutoHotkey Setup
Exit code:
3221226540
Version:
1.1.36.02
Modules
Images
c:\users\admin\appdata\local\temp\spdcfg.exe
c:\windows\system32\ntdll.dll
2448"C:\Users\admin\AppData\Local\Temp\spdcfg.exe" C:\Users\admin\AppData\Local\Temp\spdcfg.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
AutoHotkey Setup
Exit code:
0
Version:
1.1.36.02
Modules
Images
c:\users\admin\appdata\local\temp\spdcfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2628C:\Users\admin\AppData\Local\Temp\7z603EA990\setup.exe C:\Users\admin\AppData\Local\Temp\7z603EA990\setup.exe
spdcfg.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
1.1.36.02
Modules
Images
c:\users\admin\appdata\local\temp\7z603ea990\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
Total events
648
Read events
637
Write events
11
Delete events
0

Modification events

(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2628) setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2628) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
115
Executable files
17
Suspicious files
8
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\license.txttext
MD5:E3F2AD7733F3166FE770E4DC00AF6C45
SHA256:B27C1A7C92686E47F8740850AD24877A50BE23FD3DBD44EDEE50AC1223135E38
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\AutoHotkey.chmbinary
MD5:B51639A593DEA83408986E181E856888
SHA256:C9459423985DEC7A09D93ED89E5AF285160BC93335DF7706E18B7FC48D66AEA0
2628setup.exeC:\Program Files\AutoHotkey\AutoHotkeyA32.exeexecutable
MD5:87CC812D84E48B1D8528697807BA89B7
SHA256:0267F438033702C5664359A3F28EFBD056A092CAF67106D60F378F6A279EF752
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\AutoHotkeyA32.exeexecutable
MD5:87CC812D84E48B1D8528697807BA89B7
SHA256:0267F438033702C5664359A3F28EFBD056A092CAF67106D60F378F6A279EF752
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\Template.ahktext
MD5:A85EEB1DC6F9A33897C407B4240DC20F
SHA256:23E5115A25E2D539057443B0F0E9740B9AE85D7DE0DA204F1D739C9B2E206058
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\Compiler\Unicode 32-bit.binexecutable
MD5:B02B5288A320CAE687E8CC5A039D5BBA
SHA256:3940BD31EFD8DAC1960E9BE890EF3263918E460680FD2AFE6B9899D2205D85B4
2628setup.exeC:\Program Files\AutoHotkey\AutoHotkeyU32.exeexecutable
MD5:A88DB4D095E6D5A0B43BA59A20E5BF5D
SHA256:993FCB15D8EB9197F71826D7B60BA86AD407C2C3D31801BE2A7E4BAC8E1ABAC3
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\Installer.ahktext
MD5:431996714A2B5AAC720AEE718D8313EA
SHA256:7218A733512E7A808B715B0CE9626361B5DC58AE73972D42A913F2738148464D
2448spdcfg.exeC:\Users\admin\AppData\Local\Temp\7z603EA990\setup.exeexecutable
MD5:590618FCAA5E7577AE989AB094917E8B
SHA256:AA86096BFD7EFBE4BCD9A17D2A8378CB8125826863508449720628E2A19F6175
2628setup.exeC:\Program Files\AutoHotkey\WindowSpy.ahktext
MD5:32020E55548B1E9E7CE22899617D5CD2
SHA256:4688629BE394986C8DBE6517032429E6E8CDD9F5801DDB1AC1F53E6FE86EEE7B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
spdcfg.exe