analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Soundpad 3.2.1 32-bit [Cracked By Ray_Black].rar

Full analysis: https://app.any.run/tasks/dd7b50bd-2fe7-4ddd-a13c-5071981c478b
Verdict: Malicious activity
Analysis date: April 18, 2021, 07:22:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

B189491DE5811526B5DE2F2A08CC39C1

SHA1:

611E069AF903315539F632ED61B1779169B3C5D4

SHA256:

B84A2C3B90DD92B74BFDDE3EF829B93F6119B1280C21C5396B0A3010D1E4EBB2

SSDEEP:

98304:tfCiSQuVP8Yxm3A1vkYonngQLx5xWBdX2zglWWxolVwGnkTA8TxM:t7uVvxmw1vkYopLx5xWB9GWqliGkTA8u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • SoundpadService.exe (PID: 344)
      • Soundpad.exe (PID: 2356)
      • SoundpadService.exe (PID: 2576)
      • Soundpad.exe (PID: 2432)
      • SoundpadService.exe (PID: 2364)
      • Soundpad.exe (PID: 3608)
      • SoundpadService.exe (PID: 4068)
    • Loads dropped or rewritten executable

      • Soundpad.exe (PID: 2356)
      • Soundpad.exe (PID: 2432)
      • AUDIODG.EXE (PID: 4044)
      • regsvr32.exe (PID: 668)
      • regsvr32.exe (PID: 444)
      • Soundpad.exe (PID: 3608)
    • Registers / Runs the DLL via REGSVR32.EXE

      • Soundpad.exe (PID: 2432)
  • SUSPICIOUS

    • Drops a file that was compiled in debug mode

      • Soundpad.exe (PID: 2432)
      • WinRAR.exe (PID: 1092)
    • Creates files in the Windows directory

      • Soundpad.exe (PID: 2432)
    • Changes default file association

      • Soundpad.exe (PID: 2356)
    • Application launched itself

      • Soundpad.exe (PID: 2356)
    • Executable content was dropped or overwritten

      • Soundpad.exe (PID: 2432)
      • WinRAR.exe (PID: 1092)
    • Creates files in the user directory

      • Soundpad.exe (PID: 2356)
    • Creates/Modifies COM task schedule object

      • Soundpad.exe (PID: 2432)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
11
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe soundpad.exe no specs soundpadservice.exe no specs soundpadservice.exe no specs soundpad.exe regsvr32.exe no specs regsvr32.exe no specs audiodg.exe no specs soundpadservice.exe no specs soundpadservice.exe no specs soundpad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1092"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Soundpad 3.2.1 32-bit [Cracked By Ray_Black].rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2356"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\Soundpad.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\Soundpad.exeWinRAR.exe
User:
admin
Company:
Leppsoft
Integrity Level:
MEDIUM
Description:
Soundpad
Exit code:
0
Version:
3.2.1
344"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exeSoundpad.exe
User:
admin
Company:
Leppsoft
Integrity Level:
MEDIUM
Description:
SoundpadService
Exit code:
3221226540
Version:
3.2.1
2576"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exeSoundpad.exe
User:
admin
Company:
Leppsoft
Integrity Level:
MEDIUM
Description:
SoundpadService
Exit code:
0
Version:
3.2.1
2432"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\Soundpad.exe" -rC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\Soundpad.exe
Soundpad.exe
User:
admin
Company:
Leppsoft
Integrity Level:
HIGH
Description:
Soundpad
Exit code:
0
Version:
3.2.1
444"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\UniteFx.dll"C:\Windows\System32\regsvr32.exeSoundpad.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
668"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\UniteFx.dll"C:\Windows\System32\regsvr32.exeSoundpad.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
4044C:\Windows\system32\AUDIODG.EXE 0x6a4C:\Windows\system32\AUDIODG.EXEsvchost.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Audio Device Graph Isolation
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
4068"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.41943\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.41943\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exeWinRAR.exe
User:
admin
Company:
Leppsoft
Integrity Level:
MEDIUM
Description:
SoundpadService
Exit code:
3221226540
Version:
3.2.1
2364"C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.41943\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb1092.41943\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\SoundpadService.exeWinRAR.exe
User:
admin
Company:
Leppsoft
Integrity Level:
MEDIUM
Description:
SoundpadService
Version:
3.2.1
Total events
2 124
Read events
1 923
Write events
0
Delete events
0

Modification events

No data
Executable files
11
Suspicious files
0
Text files
10
Unknown types
134

Dropped files

PID
Process
Filename
Type
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\el_GR\translation.mogmo
MD5:1BFD4B3EE4DCA4A875CDAE521A610480
SHA256:36850932D9C4F99AA0BBFB0D7805EDBE7901C828B64964FF2D9F53E0B7F4CF02
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\ms_MY\translation.mogmo
MD5:DD05E2221615D75FEAADB00E4BE8EB5A
SHA256:388BC2510D61DBCF930C7D1F17D2942A4BE023E043448090ACDE563C9D214A8E
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\fr\translation.mogmo
MD5:AA9A8580463FF09ABDC1F6C8F6F98EA3
SHA256:07A94424F4E8D4EFC4E177C77E7B3505C2ACBD006773B029050CC1DE44EC239B
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\et_EE\translation.mogmo
MD5:9B8D2F005644472D927DA5250F92CA5A
SHA256:671B5D67BD0CA3BDF6770A855C557554D5494141D5540230F0661EAFF7C21320
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\hr_HR\translation.mogmo
MD5:097D3AD30CB5E876130181D2117156AC
SHA256:E7F5E8A2ACC3AF8C2EEA890CFD8F3C1397DE3F5F5D93D948D9819029707346EC
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\lt_LT\translation.mogmo
MD5:4E580F0DBF2BB55EE0AA6D06A87802D5
SHA256:F58B9A4CBFB75B3F7A1B8E8F10C7B757011710A735100BF75D395E18657A2735
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\bg_BG\translation.mogmo
MD5:C9DC36847168EB37AB4AC0207C9CD95F
SHA256:B36E440664FD01D2D81C7B4B7A423391D2FE06E27C20E91D56D4314B8B031160
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\es_ES\translation.mogmo
MD5:4A1B3ADD8695DBA63A4EE3C33DD12EE9
SHA256:1451498AB0E6FE99E0AF2E2CB2E16A96584E05A35B7D612D6A49541951F2C5B2
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\lv_LV\translation.mogmo
MD5:175B6516FE9E068B32C63EE66F514452
SHA256:23A6E2AB1E6E8C09CFD51067804E127A401AA432E185CD208055CAC12902B286
1092WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1092.38370\Soundpad 3.2.1 32-bit [Cracked By Ray_Black]\languages\fi\translation.mogmo
MD5:0809047DC82E7F969D3E6FA156F443A7
SHA256:F7A36922EA8EE9EDD118025AE093487B1C8215C007D398F640BFBFE7A945D599
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info